How to redirect "portal auth" logs to another destination?



  • Hi,

    I wish to continuously save all logs in my "Status: System logs: Portal Auth". I need to have a copy of all authentication via captive portal. Is this possible?

    To my understanding, the max 200 auth record is erase once the box is restarted so, I need to save them in a separate HD, away from being erased when restarted.

    Any advice is much appreciated.


  • Rebel Alliance Developer Netgate

    Use a separate syslog server to capture and store the logs.



  • Hi jimp,

    Yeah I have though of that and the thing is I don't know how. Is there a package available for this? I mean a feature that would give an option to separate the auth log?


  • Rebel Alliance Developer Netgate

    Status > System Logs, Settings Tab, check "Enable Remote Logging", enter the IP of your syslog server, check "Portal Auth events", Save.

    That's it.

    The server part is up to you, though.



  • Hi jimp,

    I hope you could help me on this. I did some research and I found this https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog

    I checked with the apps, downloaded the tftp server, installed in my my host (I'm running the pfsense in VM). I thought I can use some space in my hard drive to save the auth logs.

    Following the steps on how to redirect the auth logs, I find myself having trouble on what IP should I input. I tried to run the tftpd server, tried navigating it and I can't get any idea on what IP would I used as target.

    I hope I can still get any idea on how to do it? Thanks in advance jimp.



  • Hi there.

    As instructed here: https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog supply ipSense with the IP of the PC where your log server is running.
    In your case, this IP belongs to the Windows PC where http://tftpd32.jounin.net/ is running on.

    I'm not using tftpd32 myself, but normally it - the tftpd32 log server program - should 'listen' on port 514 UDP (because it's the default value, and if you looked well, pfSense is sending its logs to this IP:port).

    If things don't seem to work, remember one thing: your Windows PC where tftpd32  is running on probably has a firewall.
    So, instruct the firewall to accepts UDP trafic from your pfSense box (his IP !) into the log server and you are ok.

    Btw: this is not a "Captive Portal question", more a General question  :)


Log in to reply