• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Syslog (syslog-ng) server

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 15.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    prophecy
    last edited by Mar 10, 2007, 6:37 PM

    hello i've installed syslog-ng on this machine and I am having some trouble getting pfsense to send its logs to it. I have setup syslog-ng.conf with this:

    options { long_hostnames(off); sync(0); };
    
    source info_src { 
    #	udp(ip(192.168.0.1) port(514));
    	udp(port(514));
    };
    
    destination info_dst { file(”/var/log/hosts/$HOST.log”); };
    filter info_filter { level(info); };
    log { source(info_src); filter(info_filter); destination(info_dst); };
    
    

    this is in addition to all the default entries in the syslog-ng.conf when it is installed. I'm not sure if I need to use the IP for the udp source (as the line that is commented out shows), but when I uncomment that and comment the udp that just supplies the port 514, i get this error when trying to start syslog-ng:

    Starting system logging: syslog-ngError binding socket; error='Cannot assign requested address (99)', addr='AF_INET(192.168.0.1:514)'

    If someone could possibly post their working syslog.conf that allows pfsense logging, or otherwise point me in the right direction, that would be cool.. thanks

    1 Reply Last reply Reply Quote 0
    • P
      prophecy
      last edited by Mar 12, 2007, 8:12 PM

      copying from various sources, i finally figured out how to do it. I'm pretty sure most of these are not necessary for logging pfsense, but i put them there anyways. the only pfsense log i am not getting is the "system events" which i assume logs the boot messages and everything. Does anyone know which filter line I need to do this? thanks.

      #pfsense logging#
      
      options { sync (0);
                time_reopen (10);
                log_fifo_size (1000);
                long_hostnames (on);
                use_dns (no);
                use_fqdn (no);
                create_dirs (yes);
                keep_hostname (yes);
              };
      
      source pf-s { udp(port(514)); };
      
      destination pf-d_kern { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/kernel"); };
      destination pf-d_mesg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/messages"); };
      destination pf-d_auth { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/secure"); };
      destination pf-d_mail { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/maillog"); };
      destination pf-d_uucp { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/spooler"); };
      destination pf-d_boot { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/boot.log"); };
      destination pf-d_emerg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/emerg.log"); };
      destination pf-d_sshd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/sshd.log"); };
      destination pf-d_pptpd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/pptpd.log"); };
      destination pf-d_daemon { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/daemon.log"); };
      destination pf-d_firewall { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/firewall.log"); };
      
      filter pf-f_kern	{ facility(kern); };
      filter pf-f_mesg 	{ level(info) and not facility(mail,authpriv,kern,local7); };
      filter pf-f_auth	{ facility(authpriv); };
      filter pf-f_mail 	{ facility(mail); };
      filter pf-f_uucp 	{ facility(uucp); };
      filter pf-f_boot        { facility(local7); };
      filter pf-f_emerg     	{ level(emerg); };
      filter pf-f_sshd 	{ program("sshd"); };
      filter pf-f_pptpd       { match("pptpd"); };
      filter pf-f_daemon 	{ facility(daemon); };
      filter pf-f_firewall 	{ level(debug); };
      
      log { source(pf-s); filter(pf-f_kern); destination(pf-d_kern); };
      log { source(pf-s); filter(pf-f_mesg); destination(pf-d_mesg); };
      log { source(pf-s); filter(pf-f_auth); destination(pf-d_auth); };
      log { source(pf-s); filter(pf-f_mail); destination(pf-d_mail); };
      log { source(pf-s); filter(pf-f_uucp); destination(pf-d_uucp); };
      log { source(pf-s); filter(pf-f_boot); destination(pf-d_boot); };
      log { source(pf-s); filter(pf-f_emerg); destination(pf-d_emerg); };
      log { source(pf-s); filter(pf-f_sshd); destination(pf-d_sshd); };
      log { source(pf-s); filter(pf-f_pptpd); destination(pf-d_pptpd); };
      log { source(pf-s); filter(pf-f_daemon); destination(pf-d_daemon); };
      log { source(pf-s); filter(pf-f_firewall); destination(pf-d_firewall); };
      
      1 Reply Last reply Reply Quote 0
      • M
        mastrboy
        last edited by Mar 22, 2007, 9:38 PM

        thanks for this info. very helpful.

        Going to try and use php-syslog-ng upon it :)

        http://sourceforge.net/projects/php-syslog-ng/
        or maybe
        http://8pussy.org/ (not porn :p syslog web interface)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received