Dansguardian Remote Logging?
-
Hi all-
I'm wondering if there is a way to configure Dansguardian to send its logs to a remote server. I've successfully configured that setting for squid, and was hoping there was a similar setting for Dan's guardian. I have a splunk server running so I'd like to get all the logs off my pfsense device to my splunk server for more detailed analysis.
-
You can't explicitly log to a remote server, but you can log to syslog and have that log everything to a remote server (which is good practice in the first place).
I've modified the DG package files to allow syslogging, go to "Report and log" and make sure "Log to syslog" is highlighted:
http://sharesend.com/kx2ftlpb - /usr/local/pkg/dansguardian.inc
http://sharesend.com/3zptnaf2 - /usr/local/pkg/dansguardian.conf.template
http://sharesend.com/usshpyfv - /usr/local/pkg/dansguardian_log.xmlI could probably modify the syslog page to allow more control over remote/local logging as well, but if that's not necessary then I won't take the time to do it. Let me know if it works for you!
Also, make sure you really want to do this. Something weird happens somewhere in DG code that makes it keep logging to syslog even when you turn it off. Or maybe I was just testing weirdly.
-
Great, thanks!. I will give this a try this weekend. I have syslog-ng running on my splunk server that will be parsing all the different logs (squid, pf, dansguardian, openvpn, etc…) into separate syslog streams to send to splunk so this should work great.
Just curious if you've submitted your changes the pfsense package as a proposed change. Would be nice if this feature was OOB so I won't have to remember to reapply if I upgrade the package.
Thanks!
-
I haven't submitted the changes yet because of syslogging not actually turning off when you uncheck it. Once I figure out why that's happening, I'll submit them.
-
I think it's something residual and that DG wasn't restarting correctly, because it seems to be working fine now. I've submitted a pull request - whether it actually gets looked at is another story all together.
-
And it got merged, that was much quicker than my last commit!
-
And it got merged, that was much quicker than my last commit!
Thanks for the feedback and the patch :)
-
Thank you for merging so quickly :)
