Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Dansguardian Remote Logging?

    pfSense Packages
    3
    8
    2322
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cpmiller22 last edited by

      Hi all-

      I'm wondering if there is a way to configure Dansguardian to send its logs to a remote server.  I've successfully configured that setting for squid, and was hoping there was a similar setting for Dan's guardian.  I have a splunk server running so I'd like to get all the logs off my pfsense device to my splunk server for more detailed analysis.

      1 Reply Last reply Reply Quote 0
      • T
        timthetortoise last edited by

        You can't explicitly log to a remote server, but you can log to syslog and have that log everything to a remote server (which is good practice in the first place).

        I've modified the DG package files to allow syslogging, go to "Report and log" and make sure "Log to syslog" is highlighted:
        http://sharesend.com/kx2ftlpb - /usr/local/pkg/dansguardian.inc
        http://sharesend.com/3zptnaf2 - /usr/local/pkg/dansguardian.conf.template
        http://sharesend.com/usshpyfv - /usr/local/pkg/dansguardian_log.xml

        I could probably modify the syslog page to allow more control over remote/local logging as well, but if that's not necessary then I won't take the time to do it. Let me know if it works for you!

        Also, make sure you really want to do this. Something weird happens somewhere in DG code that makes it keep logging to syslog even when you turn it off. Or maybe I was just testing weirdly.

        1 Reply Last reply Reply Quote 0
        • C
          cpmiller22 last edited by

          Great, thanks!.  I will give this a try this weekend.  I have syslog-ng running on my splunk server that will be parsing all the different logs (squid, pf, dansguardian, openvpn, etc…) into separate syslog streams to send to splunk so this should work great.

          Just curious if you've submitted your changes the pfsense package as a proposed change.  Would be nice if this feature was OOB so I won't have to remember to reapply if I upgrade the package.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • T
            timthetortoise last edited by

            I haven't submitted the changes yet because of syslogging not actually turning off when you uncheck it. Once I figure out why that's happening, I'll submit them.

            1 Reply Last reply Reply Quote 0
            • T
              timthetortoise last edited by

              I think it's something residual and that DG wasn't restarting correctly, because it seems to be working fine now. I've submitted a pull request - whether it actually gets looked at is another story all together.

              1 Reply Last reply Reply Quote 0
              • T
                timthetortoise last edited by

                And it got merged, that was much quicker than my last commit!

                1 Reply Last reply Reply Quote 0
                • marcelloc
                  marcelloc last edited by

                  @timthetortoise:

                  And it got merged, that was much quicker than my last commit!

                  Thanks for the feedback and the patch  :)

                  Treinamentos de Elite: http://sys-squad.com

                  Help a community developer! ;D

                  1 Reply Last reply Reply Quote 0
                  • T
                    timthetortoise last edited by

                    Thank you for merging so quickly :)

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post