Remote syslog server - changing local syslog client's remote server port



  • Hi all

    i got a syslog server running on a NAS box in my local network. Because the NAS uses port 514 for it's own internal syslog (hell knows why) i had to use another port (tcp 2000) for the "external" syslog-ng server. This works so far (tested with another client that sends the log messages to the NAS syslog).
    Now i would like to get pfsense (1.2.3-RELEASE, an update would be possible) to send its syslog messages to port 2000 of the NAS. If possible, i also would like to change the protocol from UDP to TCP.

    In the pfSense WebGUI there is no option to change these settings. But maybe in the conf files directly? My knowledge of Linux/FreeBSD is very limited, but i surely will be able to change a conf file if some could tell me which file and which changes i have to do.

    Thanks a lot for your suppport
    Frank


  • Rebel Alliance Developer Netgate

    That should be as easy as putting something like "192.168.x.x:2000" in the server box, but it looks like our input validation doesn't allow that. Would be easy to disable that input validation in /usr/local/www/diag_logs_settings.php and try that out.



  • Hi jimp,

    can this fixed in the next release?

    Regards, Valle


  • Rebel Alliance Developer Netgate

    Nobody responded confirming if that worked so I didn't make any changes.



  • @jimp:

    Nobody responded confirming if that worked so I didn't make any changes.

    Would be a nice feature to have, what do you want to have tested in regards to having the feature included in the code?

    Regards,
    Anders


  • Rebel Alliance Developer Netgate

    Make the edit I mentioned before (disable the input validation in /usr/local/www/diag_logs_settings.php for that server box) and see if it works. If it works, then the validation can be re-written to allow the port. The quickest test is just to disable that validation.



  • Hi jimp,

    i have comment out the validation lines for the 3 Server in the diag_logs_settings.php. Setup on setting page for syslog, to remote logging on my splunk server to port 10555 and it works.

    Valle


  • Rebel Alliance Developer Netgate

    I added a fix on master (2.1) so it will work on future versions.

    https://github.com/bsdperimeter/pfsense/commit/4a8a90ffa6b698feed7ecf4ec235ffb1ad853d4b



  • I noticed the code looks for specifically for an IP. I have commented out the code suggested to the OP and I am able to work using both a port and a DNS entry.

    Is there a way to enable it to allow for DNS entries in the future?

    Thanks.

    EDIT

    After posting, I stumbled upon the following Redmine ticket: http://redmine.pfsense.org/issues/1544
    It appears hostnames will be enabled in 2.1


Log in to reply