    Having used pfsense for a while, I had grown accustomed to the logs outputted by pf being split to 2 entries in syslog.

    One of the main reasons I jumped on the 2.2 beta was something I read about this no longer being the case.

    After getting rather familiar with syslog-ng filters, I was a little surprised to find that pf logs are still being split on my box (Tues Dec 02 08:17:30 CST 2014 build).

    Do I need to do something to change this behavior?  I would like pf logs sent to syslog to result in a single line entry.


    They shouldn't be, how are you viewing them? Via the GUI's raw log? clog -f /var/log/filter.log? Something else? Option 10 from the console?

  • I have configured systog on pfsense to send the logs to a remote syslog-ng server.  When I look at them on the remote syslog-ng box they are again split for me.  Am I doing something wrong?

  • Jimp,

    Mea culpa, it was something I was doing wrong- looking at logs from the wrong host.

    All is well on 2.2 beta: pf logs are being tagged as "filterlogs" and being sorted by the remote syslog-ng as such.


    OK. The console was still showing the old format but that has been fixed now too so it's OK all around.

