Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote syslog: Both master and backup logging simultaneously

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 3 Posters 810 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ljorgensen
      last edited by

      Hi,

      I have set up remote syslog and that works fine. We have two pfSense firewalls running in CARP HA. But both of them are logging at the same time, which means that e.g. broadcast traffic hitting both of the firewalls will generate two log entries on the syslog server. Is it possible to limit logging to only the master pfsense?

      Lars

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, and you really don't want to. So long as you give them each a unique hostname (which you should be doing anyhow), you can filter the logs entries to separate files on the syslog server.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by

          What Jim said. And you should put in block rules to block and not log noise like broadcasts so you're not putting a bunch of useless data into your logs.

          1 Reply Last reply Reply Quote 0
          • L
            ljorgensen
            last edited by

            @jimp:

            No, and you really don't want to. So long as you give them each a unique hostname (which you should be doing anyhow), you can filter the logs entries to separate files on the syslog server.

            Thanks - I already did the filtering. I'll just put some non-logging block rules up for broadcast and multicast traffic to limit the noise.

            By the way, for users googling this thread: To separate logging on rsyslog (in case you're on linux), do this:

            
            :FROMHOST-IP, isequal, "192.168.10.3" /var/log/pfsense/pfsense-01.log
            & ~
            
            :FROMHOST-IP, isequal, "192.168.10.4" /var/log/pfsense/pfsense-02.log
            & ~
            
            

            Lars

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.