Keep captive portal logs locally



  • hi all

    I am installing hotspots with pfsense, and I am trying to figure out a way to keep captive portal logs in the local hardisk.
    Is installing a second syslogd and send to it logs remotely the right way ?
    What other ways are there?

    thanks

    Giacomo



  • Yes, a remote syslog is the best solution.



  • isn't there any project to store logs locally ?
    in hotspot like install is pretty to have captive portal and firewall rules log near squid logs.

    where can I find info about pfsense logs system work ?

    Giacomo



  • Google freebsd syslog clog.



  • In future don't you think to support a classic syslog in full install (on hd) ?

    thanks

    Giacomo



  • There is a logging subsystem planned that is going to be funded by Centipede networks.  No ETA, however.





  • I call blah on that.



  • call blah all you want.  it is what it is.  there have already been reports from ISPs taken effect by this.



  • I ran the network at a large regional an ISP for several years and I can tell you that this is WAY more bark than bite, and isn't really any different than most other laws, as I understand it.  IF a person has knowledge of a crime then they are obligated to report it. 
    I have not read the entire bill but I'd bet that it doesn't require logging, and the wikipedia article doesn't imply that it does.  I worked with law enforcement on several things and there was never an implied expectation of any logging, flow data or anything.  They can't reasonably expect all connections to be logged (especially for content), there are so many ways to circumvent that that it is a complete waste of time, money and people resources.

    Even thought I log pretty much everything and collect flow data for all links that support it, I still say that if (and that is a HUGE if) they are explicitly requiring content/connection logging then I'd bet hard cash that this will get repealed.  It's pretty unreasonable.



  • In Italy we must keep logs (squid + captive portal auth) for 5 years.

    In little networks I can't istall a second hw to keep logs (I should make redoundant each hardware, it's too expensive)
    I think it's better to keep all locally (in raid1+spare system) and burn data regularly

    ciao

    Giaco


Log in to reply