How to redirect "portal auth" logs to another destination?
I wish to continuously save all logs in my "Status: System logs: Portal Auth". I need to have a copy of all authentication via captive portal. Is this possible?
To my understanding, the max 200 auth record is erase once the box is restarted so, I need to save them in a separate HD, away from being erased when restarted.
Any advice is much appreciated.
Use a separate syslog server to capture and store the logs.
Yeah I have though of that and the thing is I don't know how. Is there a package available for this? I mean a feature that would give an option to separate the auth log?
Status > System Logs, Settings Tab, check "Enable Remote Logging", enter the IP of your syslog server, check "Portal Auth events", Save.
The server part is up to you, though.
I hope you could help me on this. I did some research and I found this https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog
I checked with the apps, downloaded the tftp server, installed in my my host (I'm running the pfsense in VM). I thought I can use some space in my hard drive to save the auth logs.
Following the steps on how to redirect the auth logs, I find myself having trouble on what IP should I input. I tried to run the tftpd server, tried navigating it and I can't get any idea on what IP would I used as target.
I hope I can still get any idea on how to do it? Thanks in advance jimp.
As instructed here: https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog supply ipSense with the IP of the PC where your log server is running.
In your case, this IP belongs to the Windows PC where http://tftpd32.jounin.net/ is running on.
I'm not using tftpd32 myself, but normally it - the tftpd32 log server program - should 'listen' on port 514 UDP (because it's the default value, and if you looked well, pfSense is sending its logs to this IP:port).
If things don't seem to work, remember one thing: your Windows PC where tftpd32 is running on probably has a firewall.
So, instruct the firewall to accepts UDP trafic from your pfSense box (his IP !) into the log server and you are ok.
Btw: this is not a "Captive Portal question", more a General question :)