Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Send system logs to remote server

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WhiteX
      last edited by

      I want to send the System Logs to a remote syslog collector server (in same network).
      So in Status -> System Logs -> Settings I ticked the checkbox "enable syslog'ing to remote syslog server" and entered the IP of the server.

      However on my collector server, I don't see any messages comming trough.
      Pinging succeeds between the servers.
      The collector server is able to collect syslog messages because another client sends it syslogs to it and that works.

      How do I check on pfSense if the messages are being sent?

      1 Reply Last reply Reply Quote 0
      • P
        pvoigt
        last edited by

        @WhiteX:

        I want to send the System Logs to a remote syslog collector server (in same network).
        So in Status -> System Logs -> Settings I ticked the checkbox "enable syslog'ing to remote syslog server" and entered the IP of the server.

        However on my collector server, I don't see any messages comming trough.
        Pinging succeeds between the servers.
        The collector server is able to collect syslog messages because another client sends it syslogs to it and that works.

        How do I check on pfSense if the messages are being sent?

        I'm not sure if you can check sent messages on pfSense. I'm using a remote syslog server (rsyslogd) which is working fine. So if your syslog server is in the same network port 514/UDP should already be open. Did you add your pfSense machine to the list of allowed senders?

        1 Reply Last reply Reply Quote 0
        • W
          WhiteX
          last edited by

          I've done a tcpdump on syslog server and the logs are actually received.
          So the problem is the logs cannot get processed/parsed by the server?
          I'm running a McAfee ESM solution and added the pfSense firewall:

          I cannot find any articles if the pfSense fw is supported.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            What happens if you change it to 'logging' instead of 'parsing'? Or both?

            If it's parsing the logs what is it parsing for? Maybe nothing bad enough for it to flag has happened yet.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.