[HOWTO] pfSense logs to remote syslog server respecting RFC5424
koma last edited by
as stated in some post in this forum (for example: https://forum.pfsense.org/index.php?topic=12143.msg66217;topicseen#msg66217 ) the syslogD is not respecting the RFC5424 standard.
So exporting the pfsense syslog directly to another server could be messy (normally you will filter the log by sourceIP but behind a loadbalancer this could be a problem).
The quick and dirty solution:
- Install syslog-ng from packages
- configure syslog-ng to be listening on the DMZ/LAN interface on the port you like most (5140 by default is fine for me).
- Set the Remote syslog server #1 (from "Status: System logs: Settings") to point to the DMZ/LAN address (for me is 192.168.0.1:5140)
- Go to back to Services: Syslog-ng Advanced and add a new item as in the attachment.
Obviously susbstitute the "my-remote-syslog-server" and port with what you actually need
![Schermata 2015-08-14 alle 11.59.49.png](/public/imported_attachments/1/Schermata 2015-08-14 alle 11.59.49.png)
![Schermata 2015-08-14 alle 11.59.49.png_thumb](/public/imported_attachments/1/Schermata 2015-08-14 alle 11.59.49.png_thumb)
firewalluser last edited by
rsyslog is a better bet, besides having all eggs in one basket is risky especially if your fw gets pwnd, so somethings like syslogs are best set to an individual syslog server.