PF logs still split in syslog?
Having used pfsense for a while, I had grown accustomed to the logs outputted by pf being split to 2 entries in syslog.
One of the main reasons I jumped on the 2.2 beta was something I read about this no longer being the case.
After getting rather familiar with syslog-ng filters, I was a little surprised to find that pf logs are still being split on my box (Tues Dec 02 08:17:30 CST 2014 build).
Do I need to do something to change this behavior? I would like pf logs sent to syslog to result in a single line entry.
They shouldn't be, how are you viewing them? Via the GUI's raw log? clog -f /var/log/filter.log? Something else? Option 10 from the console?
I have configured systog on pfsense to send the logs to a remote syslog-ng server. When I look at them on the remote syslog-ng box they are again split for me. Am I doing something wrong?
Mea culpa, it was something I was doing wrong- looking at logs from the wrong host.
All is well on 2.2 beta: pf logs are being tagged as "filterlogs" and being sorted by the remote syslog-ng as such.
OK. The console was still showing the old format but that has been fixed now too so it's OK all around.