Syslog (syslog-ng) server
-
hello i've installed syslog-ng on this machine and I am having some trouble getting pfsense to send its logs to it. I have setup syslog-ng.conf with this:
options { long_hostnames(off); sync(0); }; source info_src { # udp(ip(192.168.0.1) port(514)); udp(port(514)); }; destination info_dst { file(”/var/log/hosts/$HOST.log”); }; filter info_filter { level(info); }; log { source(info_src); filter(info_filter); destination(info_dst); };this is in addition to all the default entries in the syslog-ng.conf when it is installed. I'm not sure if I need to use the IP for the udp source (as the line that is commented out shows), but when I uncomment that and comment the udp that just supplies the port 514, i get this error when trying to start syslog-ng:
Starting system logging: syslog-ngError binding socket; error='Cannot assign requested address (99)', addr='AF_INET(192.168.0.1:514)'
If someone could possibly post their working syslog.conf that allows pfsense logging, or otherwise point me in the right direction, that would be cool.. thanks
-
copying from various sources, i finally figured out how to do it. I'm pretty sure most of these are not necessary for logging pfsense, but i put them there anyways. the only pfsense log i am not getting is the "system events" which i assume logs the boot messages and everything. Does anyone know which filter line I need to do this? thanks.
#pfsense logging# options { sync (0); time_reopen (10); log_fifo_size (1000); long_hostnames (on); use_dns (no); use_fqdn (no); create_dirs (yes); keep_hostname (yes); }; source pf-s { udp(port(514)); }; destination pf-d_kern { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/kernel"); }; destination pf-d_mesg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/messages"); }; destination pf-d_auth { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/secure"); }; destination pf-d_mail { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/maillog"); }; destination pf-d_uucp { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/spooler"); }; destination pf-d_boot { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/boot.log"); }; destination pf-d_emerg { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/emerg.log"); }; destination pf-d_sshd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/sshd.log"); }; destination pf-d_pptpd { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/pptpd.log"); }; destination pf-d_daemon { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/daemon.log"); }; destination pf-d_firewall { file("/var/log/pfsense/$YEAR-$MONTH-$DAY/firewall.log"); }; filter pf-f_kern { facility(kern); }; filter pf-f_mesg { level(info) and not facility(mail,authpriv,kern,local7); }; filter pf-f_auth { facility(authpriv); }; filter pf-f_mail { facility(mail); }; filter pf-f_uucp { facility(uucp); }; filter pf-f_boot { facility(local7); }; filter pf-f_emerg { level(emerg); }; filter pf-f_sshd { program("sshd"); }; filter pf-f_pptpd { match("pptpd"); }; filter pf-f_daemon { facility(daemon); }; filter pf-f_firewall { level(debug); }; log { source(pf-s); filter(pf-f_kern); destination(pf-d_kern); }; log { source(pf-s); filter(pf-f_mesg); destination(pf-d_mesg); }; log { source(pf-s); filter(pf-f_auth); destination(pf-d_auth); }; log { source(pf-s); filter(pf-f_mail); destination(pf-d_mail); }; log { source(pf-s); filter(pf-f_uucp); destination(pf-d_uucp); }; log { source(pf-s); filter(pf-f_boot); destination(pf-d_boot); }; log { source(pf-s); filter(pf-f_emerg); destination(pf-d_emerg); }; log { source(pf-s); filter(pf-f_sshd); destination(pf-d_sshd); }; log { source(pf-s); filter(pf-f_pptpd); destination(pf-d_pptpd); }; log { source(pf-s); filter(pf-f_daemon); destination(pf-d_daemon); }; log { source(pf-s); filter(pf-f_firewall); destination(pf-d_firewall); }; -
thanks for this info. very helpful.
Going to try and use php-syslog-ng upon it :)
http://sourceforge.net/projects/php-syslog-ng/
or maybe
http://8pussy.org/ (not porn :p syslog web interface)