OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: shans22 on August 28, 2019, 06:34:39 pm

Title: Syslog-NG - assign a remote port other than 514
Post by: shans22 on August 28, 2019, 06:34:39 pm

Hello Sense Team.
OPNsense 19.7.2
Faced with such a problem. If you specify a port other than 514 in the field "System/Settings/Logging -> Remote Syslog Servers" logs are not sent to the remote server on the specified port (for example 192.168.1.100:5145).
Line `network("192.168.1.100:5145" transport("udp") port(514) ip-protocol(4) localip(192.168.10));` in file /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf starts to work correctly only after editing the view: `network("192.168.1.100" transport("udp") port(5145) ip-protocol(4) localip(192.168.10));` and restart service syslog-ng. Logs are then successfully sent to the remote server until the next reboot or logging configuration change.
Please tell me how to correctly assign the port.

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: deekdeeker on August 31, 2019, 04:01:11 am

yup i have lost remote logging as well. i am on 19.7.3. although i do not see that path or file. in /usr/local/etc/ there is just a sylog-ng-conf file that seems to just be default with no modifications. Good thing ive tested this version our before mass deployment  :o :P

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: AdSchellevis on August 31, 2019, 10:29:18 am

@shans22 For tracking purposes, please reference to the GitHub issue as well when you create one, it helps others finding possible solutions https://github.com/opnsense/core/issues/3682

Quote

you best use System --> Settings --> Logging / targets, it supersedes "Remote Syslog Servers", which will likely be removed in 20.1

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: deekdeeker on August 31, 2019, 10:34:49 pm

Thanks, im going to start migrating to the new logging output, but seems that the legacy option should be removed? as it does not seem to work on 19.7.3

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: AdSchellevis on September 01, 2019, 11:04:13 am

I've just pushed a patch (in the issue) to fix the legacy version, it's scheduled for removal in this ticket https://github.com/opnsense/core/issues/3540 (We tend to only remove these things in major versions)

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: shans22 on September 03, 2019, 01:27:20 pm

Thanks for reacting AdSchellevis.
Logging/targets/Destinations works fine, but the list "Edit destination/Applications" there are no items "System events", "Mail service events" and "Portal Auth events". For example I need to log administrators coming to the server. How now to do it through Logging/targets?

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: AdSchellevis on September 03, 2019, 01:37:33 pm

If your looking for how the old categories were matched, you best look at the "legacy" remote template
https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf


portal auth for example is application "captiveportal".

Title: Re: Syslog-NG - assign a remote port other than 514
Post by: shans22 on September 03, 2019, 05:22:49 pm

Thanks AdSchellevis.
Fix syslog-ng-legacy-remote.conf and everything worked.