Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Syslog (syslog-ng) server

    General pfSense Questions
    2
    3
    15098
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      prophecy last edited by

      hello i've installed syslog-ng on this machine and I am having some trouble getting pfsense to send its logs to it. I have setup syslog-ng.conf with this:

      options { long_hostnames(off); sync(0); };
      
      source info_src { 
      #	udp(ip(192.168.0.1) port(514));
      	udp(port(514));
      };
      
      destination info_dst { file(”/var/log/hosts/$HOST.log”); };
      filter info_filter { level(info); };
      log { source(info_src); filter(info_filter); destination(info_dst); };
      
      

      this is in addition to all the default entries in the syslog-ng.conf when it is installed. I'm not sure if I need to use the IP for the udp source (as the line that is commented out shows), but when I uncomment that and comment the udp that just supplies the port 514, i get this error when trying to start syslog-ng:

      Starting system logging: syslog-ngError binding socket; error='Cannot assign requested address (99)', addr='AF_INET(192.168.0.1:514)'

      If someone could possibly post their working syslog.conf that allows pfsense logging, or otherwise point me in the right direction, that would be cool.. thanks

      1 Reply Last reply Reply Quote 0
      • P
        prophecy last edited by

        copying from various sources, i finally figured out how to do it. I'm pretty sure most of these are not necessary for logging pfsense, but i put them there anyways. the only pfsense log i am not getting is the "system events" which i assume logs the boot messages and everything. Does anyone know which filter line I need to do this? thanks.

        #pfsense logging#
        
        options { sync (0);
                  time_reopen (10);
                  log_fifo_size (1000);
                  long_hostnames (on);
                  use_dns (no);
                  use_fqdn (no);
                  create_dirs (yes);
                  keep_hostname (yes);
                };
        
        source pf-s { udp(port(514)); };
        
        destination pf-d_kern { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/kernel"); };
        destination pf-d_mesg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/messages"); };
        destination pf-d_auth { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/secure"); };
        destination pf-d_mail { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/maillog"); };
        destination pf-d_uucp { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/spooler"); };
        destination pf-d_boot { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/boot.log"); };
        destination pf-d_emerg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/emerg.log"); };
        destination pf-d_sshd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/sshd.log"); };
        destination pf-d_pptpd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/pptpd.log"); };
        destination pf-d_daemon { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/daemon.log"); };
        destination pf-d_firewall { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/firewall.log"); };
        
        filter pf-f_kern	{ facility(kern); };
        filter pf-f_mesg 	{ level(info) and not facility(mail,authpriv,kern,local7); };
        filter pf-f_auth	{ facility(authpriv); };
        filter pf-f_mail 	{ facility(mail); };
        filter pf-f_uucp 	{ facility(uucp); };
        filter pf-f_boot        { facility(local7); };
        filter pf-f_emerg     	{ level(emerg); };
        filter pf-f_sshd 	{ program("sshd"); };
        filter pf-f_pptpd       { match("pptpd"); };
        filter pf-f_daemon 	{ facility(daemon); };
        filter pf-f_firewall 	{ level(debug); };
        
        log { source(pf-s); filter(pf-f_kern); destination(pf-d_kern); };
        log { source(pf-s); filter(pf-f_mesg); destination(pf-d_mesg); };
        log { source(pf-s); filter(pf-f_auth); destination(pf-d_auth); };
        log { source(pf-s); filter(pf-f_mail); destination(pf-d_mail); };
        log { source(pf-s); filter(pf-f_uucp); destination(pf-d_uucp); };
        log { source(pf-s); filter(pf-f_boot); destination(pf-d_boot); };
        log { source(pf-s); filter(pf-f_emerg); destination(pf-d_emerg); };
        log { source(pf-s); filter(pf-f_sshd); destination(pf-d_sshd); };
        log { source(pf-s); filter(pf-f_pptpd); destination(pf-d_pptpd); };
        log { source(pf-s); filter(pf-f_daemon); destination(pf-d_daemon); };
        log { source(pf-s); filter(pf-f_firewall); destination(pf-d_firewall); };
        
        1 Reply Last reply Reply Quote 0
        • M
          mastrboy last edited by

          thanks for this info. very helpful.

          Going to try and use php-syslog-ng upon it :)

          http://sourceforge.net/projects/php-syslog-ng/
          or maybe
          http://8pussy.org/ (not porn :p syslog web interface)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post