How to redirect "portal auth" logs to another destination?

  • Hi,

    I wish to continuously save all logs in my "Status: System logs: Portal Auth". I need to have a copy of all authentication via captive portal. Is this possible?

    To my understanding, the max 200 auth record is erase once the box is restarted so, I need to save them in a separate HD, away from being erased when restarted.

    Any advice is much appreciated.

  • Rebel Alliance Developer Netgate

    Use a separate syslog server to capture and store the logs.

  • Hi jimp,

    Yeah I have though of that and the thing is I don't know how. Is there a package available for this? I mean a feature that would give an option to separate the auth log?

  • Rebel Alliance Developer Netgate

    Status > System Logs, Settings Tab, check "Enable Remote Logging", enter the IP of your syslog server, check "Portal Auth events", Save.

    That's it.

    The server part is up to you, though.

  • Hi jimp,

    I hope you could help me on this. I did some research and I found this

    I checked with the apps, downloaded the tftp server, installed in my my host (I'm running the pfsense in VM). I thought I can use some space in my hard drive to save the auth logs.

    Following the steps on how to redirect the auth logs, I find myself having trouble on what IP should I input. I tried to run the tftpd server, tried navigating it and I can't get any idea on what IP would I used as target.

    I hope I can still get any idea on how to do it? Thanks in advance jimp.

  • Hi there.

    As instructed here: supply ipSense with the IP of the PC where your log server is running.
    In your case, this IP belongs to the Windows PC where is running on.

    I'm not using tftpd32 myself, but normally it - the tftpd32 log server program - should 'listen' on port 514 UDP (because it's the default value, and if you looked well, pfSense is sending its logs to this IP:port).

    If things don't seem to work, remember one thing: your Windows PC where tftpd32  is running on probably has a firewall.
    So, instruct the firewall to accepts UDP trafic from your pfSense box (his IP !) into the log server and you are ok.

    Btw: this is not a "Captive Portal question", more a General question  :)