Send system logs to remote server
-
I want to send the System Logs to a remote syslog collector server (in same network).
So in Status -> System Logs -> Settings I ticked the checkbox "enable syslog'ing to remote syslog server" and entered the IP of the server.However on my collector server, I don't see any messages comming trough.
Pinging succeeds between the servers.
The collector server is able to collect syslog messages because another client sends it syslogs to it and that works.How do I check on pfSense if the messages are being sent?
-
I want to send the System Logs to a remote syslog collector server (in same network).
So in Status -> System Logs -> Settings I ticked the checkbox "enable syslog'ing to remote syslog server" and entered the IP of the server.However on my collector server, I don't see any messages comming trough.
Pinging succeeds between the servers.
The collector server is able to collect syslog messages because another client sends it syslogs to it and that works.How do I check on pfSense if the messages are being sent?
I'm not sure if you can check sent messages on pfSense. I'm using a remote syslog server (rsyslogd) which is working fine. So if your syslog server is in the same network port 514/UDP should already be open. Did you add your pfSense machine to the list of allowed senders?
-
I've done a tcpdump on syslog server and the logs are actually received.
So the problem is the logs cannot get processed/parsed by the server?
I'm running a McAfee ESM solution and added the pfSense firewall:
I cannot find any articles if the pfSense fw is supported.
-
What happens if you change it to 'logging' instead of 'parsing'? Or both?
If it's parsing the logs what is it parsing for? Maybe nothing bad enough for it to flag has happened yet.
Steve
