Dansguardian Remote Logging?

pfSense Packages
Log in to reply
  • C

    Hi all-

    I'm wondering if there is a way to configure Dansguardian to send its logs to a remote server.  I've successfully configured that setting for squid, and was hoping there was a similar setting for Dan's guardian.  I have a splunk server running so I'd like to get all the logs off my pfsense device to my splunk server for more detailed analysis.

    0
  • T

    You can't explicitly log to a remote server, but you can log to syslog and have that log everything to a remote server (which is good practice in the first place).

    I've modified the DG package files to allow syslogging, go to "Report and log" and make sure "Log to syslog" is highlighted:
    http://sharesend.com/kx2ftlpb - /usr/local/pkg/dansguardian.inc
    http://sharesend.com/3zptnaf2 - /usr/local/pkg/dansguardian.conf.template
    http://sharesend.com/usshpyfv - /usr/local/pkg/dansguardian_log.xml

    I could probably modify the syslog page to allow more control over remote/local logging as well, but if that's not necessary then I won't take the time to do it. Let me know if it works for you!

    Also, make sure you really want to do this. Something weird happens somewhere in DG code that makes it keep logging to syslog even when you turn it off. Or maybe I was just testing weirdly.

    0
  • C

    Great, thanks!.  I will give this a try this weekend.  I have syslog-ng running on my splunk server that will be parsing all the different logs (squid, pf, dansguardian, openvpn, etc…) into separate syslog streams to send to splunk so this should work great.

    Just curious if you've submitted your changes the pfsense package as a proposed change.  Would be nice if this feature was OOB so I won't have to remember to reapply if I upgrade the package.

    Thanks!

    0
  • T

    I haven't submitted the changes yet because of syslogging not actually turning off when you uncheck it. Once I figure out why that's happening, I'll submit them.

    0
  • T

    I think it's something residual and that DG wasn't restarting correctly, because it seems to be working fine now. I've submitted a pull request - whether it actually gets looked at is another story all together.

    0
  • T

    And it got merged, that was much quicker than my last commit!

    0
  • marcelloc

    @timthetortoise:

    And it got merged, that was much quicker than my last commit!

    Thanks for the feedback and the patch  :)

    0
  • T

    Thank you for merging so quickly :)

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy