How to copy syslog files off PfSense
-
Hello,
Im running a syslog server on my PfSense 2.1. It collects all the logs from my remote sites PfSense Firewalls. It works great, no issues.
Every 30 days, the logs archive and starts again with a clean file.
What I would like to do is backup that log file.How can I go about copying the log file from the PfSense Firewall to a Ubuntu Server?
Is there a cron command I can run daily at midnight on the PfSense Box, or, my Ubuntu Server, whichever, to copy the syslog file (/var/syslog-ng/default.log) to my Ubuntu Server (/var/backup/syslog)?I would appreciate any help on this matter.
Thank you… -
You can ssh from your Ubuntu box to your pfSense box and then pull the log files down from there. Not too tough to do.
-
You can ssh from your Ubuntu box to your pfSense box and then pull the log files down from there. Not too tough to do.
Is there a way to do this automatically?
Thanks… -
Logrotate?
It can mail you the old log when a new one is created (rotated).
http://www.comptechdoc.org/os/linux/usersguide/linux_ugsysconfig.html
search for logrotate.I know linux, not FreeBSD.
If this is "bad" advice, please tell me to STFU!edit
If you run an SMTP-server that is.
scp or ssh in a cronjob is also an option :-)
/edit -
Why not just syslog straight to Ubuntu?
-
You can ssh from your Ubuntu box to your pfSense box and then pull the log files down from there. Not too tough to do.
Is there a way to do this automatically?
Thanks…Sure, write a shell script in Ubuntu and add it as a cron job. You alluded to this in your initial post, I merely provided one method to connect to the box.
-
You can ssh from your Ubuntu box to your pfSense box and then pull the log files down from there. Not too tough to do.
Is there a way to do this automatically?
Thanks…Sure, write a shell script in Ubuntu and add it as a cron job. You alluded to this in your initial post, I merely provided one method to connect to the box.
Could you possibly either point me to how I can accomplish this, or maybe you know how to create such a script? I cannot use logrotate as others have stated, because im trying to copy syslog files, and how logrotate works does not do the job properly.
Does anyone copy their syslog-ng log files from their PfSense firewall to another server, for safe-keeping, and how do you accomplish such task?
Thanks… -
You can ssh from your Ubuntu box to your pfSense box and then pull the log files down from there. Not too tough to do.
Is there a way to do this automatically?
Thanks…Sure, write a shell script in Ubuntu and add it as a cron job. You alluded to this in your initial post, I merely provided one method to connect to the box.
Could you possibly either point me to how I can accomplish this, or maybe you know how to create such a script? I cannot use logrotate as others have stated, because im trying to copy syslog files, and how logrotate works does not do the job properly.
Does anyone copy their syslog-ng log files from their PfSense firewall to another server, for safe-keeping, and how do you accomplish such task?
Thanks…I'm not going to write a script for you, but I can offer another suggestion: Set up another server as a syslog server and point pfSense's logs at that. They shouldn't rotate and can be kept into perpetuity (disk space pending).
I purposely do not keep any logs longer than I have to because it can be a liability (adjusts tinfoil hat).
