Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Syslog - Report 'customisation'

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 729 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      BenKenobe
      last edited by

      Is there anywhere that I can reconfigure the report/priority level of the syslog messages - if not can it be added as a 'feature' request

      i.e Packets blocked and passed all come back as 'local0.info' - well to my mind a blocked should not be the same level as a pass - the ability to filter my syslog messages logically has been a pain for a long time - given that a blocked packet results in 2 messages, the first is easy to spot as it contains 'block' but the associated message isn't so easy to align. The problem is that the second line is the one containing the IP of the culprit and destination.

      I can filter on the message type easily - i.e. local0.info or local1.info - but pFSense allocates the same priority/type to a pass message (which I don't care overmuch about but want to retain sometimes for diagnostic purposes) - they are all local0.info - for me a block should be higher in the priority order than a pass.

      This is the list defined by Syslog standards - question is can I customise how the messages from pFSense are allocated a priority.

      Numerical            Facility
                  Code

      0            kernel messages
                    1            user-level messages
                    2            mail system
                    3            system daemons
                    4            security/authorization messages
                    5            messages generated internally by syslogd
                    6            line printer subsystem
                    7            network news subsystem
                    8            UUCP subsystem
                    9            clock daemon
                  10            security/authorization messages
                  11            FTP daemon
                  12            NTP subsystem
                  13            log audit
                  14            log alert
                  15            clock daemon (note 2)
                  16            local use 0  (local0)
                  17            local use 1  (local1)
                  18            local use 2  (local2)
                  19            local use 3  (local3)
                  20            local use 4  (local4)
                  21            local use 5  (local5)
                  22            local use 6  (local6)
                  23            local use 7  (local7)

      PPS : I Know about syslog.conf but this seems to indicate that all rule filter reports (local0.*) go to the local /var/log/filter.log .. this is not what I require - I want to prioritise messages and put in different logs based on priority i.e all blocked go to local1.alert or local1.info …

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.