Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Does anyone have instructions/tips for installing syslog-ng on pfsense 2.0.1?

    General pfSense Questions
    3
    5
    6493
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sdb1031 last edited by

      Hi,
      I'd like to utilize syslog-ng on my pfsense 2.0.1 router in order to achieve encrypted transport of syslog messages to a remote log server.  I was thinking of installing it with the following command (i have an amd64 proc):

      pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/amd64/packages-8.3-release/sysutils/syslog-ng-3.3.4_1.tbz

      and disabling the existing syslog daemon from starting at boot time.

      I'm sure that there has to be some other steps that I've missed, such as how to configure the syslog-ng config file, etc. 
      Has anyone ever installed syslog-ng on pfsense? If so, any tips that can be shared?

      1 Reply Last reply Reply Quote 0
      • L
        laleger last edited by

        I too would like to integrate syslog-ng with pfSense. I've been reading up on the development documents and don't mind building a package. Is there any additional interest in having a package for syslog-ng? Is anyone already working on a package? I certainly don't want to duplicate any effort. Thanks.

        1 Reply Last reply Reply Quote 0
        • stephenw10
          stephenw10 Netgate Administrator last edited by

          There have in the past been some posts about this with regard to local logging as opposed to encryption as the original poster asked about.
          I would be interested in this if local long term logging is what you're hoping to achieve. It's the one thing I miss from my previous router OSes (IPCop, Smoothwall, etc). I am running embedded only though so it makes things a lot more complex.

          Previous posts have been around simply installing syslog-ng locally and then pointing pfSense at it as though it was an external syslog server. This minimises changes in the pfSense base.
          It would be nice to have the ability to search the logs from within the GUI. I believe there is a syslog-ng web front end that you could probably get code from.
          You would probably need to have some functionality to control the log size.

          See:
          http://forum.pfsense.org/index.php/topic,26829.0.html
          and
          http://forum.pfsense.org/index.php/topic,7793.0.html

          Steve

          1 Reply Last reply Reply Quote 0
          • L
            laleger last edited by

            Thanks for the feedback. I've been familiarizing myself with the 3.x generation of syslog-ng and here are my thoughts on an initial package:

            1. Use the latest version of syslog-ng 3.x supported by FreeBSD 8.3 (already confirmed that the latest package works without issues on 2.0.1). This should also make the migration to pfSense 2.1 easier.

            2. Initial GUI would be something like:
              =================================================
              Tab 1 - General:
              Listen on interfaces (Interface selection)
              Listen on port (Input: default 514)
              Default log file (Input: default /var/log/syslog-ng/incoming.log)
              Rotate Frequency (Select: Hourly, Daily, Weekly, Monthly)
              Compress (Checkbox)
              Compression (Select: gzip, bzip)
              Max Archives (Input)
              Tab 2 - Log Processors:  Field groups to manage syslog-ng “log” objects
              Tab 3 - Sources: Field groups to manage syslog-ng “sources” objects
              Tab 4 - Destinations: Field groups to manage syslog-ng “destinations” objects
              Tab 5 - Filters: Field groups to manage syslog-ng “filters” objects
              Tab 6 - Parsers: Field groups to manage syslog-ng “parsers” objects
              Tab 7 - Rewrites: Field groups to manage syslog-ng “rewrites” objects
              Tab 8 - Templates: Field groups to manage syslog-ng “templates” objects
              =================================================

            3. To support the log rotation, I would reintroduce the newsyslog utility into pfSense via the syslog-ng package. As new “destinations” objects are created/removed, the newsyslog.conf file will be updated accordingly so that those log files are rotated in accordance with the settings defined under the General tab.

            4. Allow the existing circular syslog server to continue to handle the pfSense logs. Users who desire the pfSense logs to be sent to the syslog-ng server can do so via the remote syslog settings.
              These are my initial thoughts but I feel this approach should allow a great deal of flexibility for other users interested in having a separate syslog server.

            1 Reply Last reply Reply Quote 0
            • stephenw10
              stephenw10 Netgate Administrator last edited by

              You are clearly more familiar with this than me!  ;)

              Personally I would be using this only for logging pfSense.
              In the embedded install of pfSense the /var is a ram drive that's lost when you reboot. Clearly unsuitable for longterm logging. But as long as this is user selectable it's probably safer to force people to make a decision rather than potentially causing damage to solid state storage.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy