Text only | Text with Images

OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: spetrillo on October 27, 2019, 08:13:38 PM

Title: Logging
Post by: spetrillo on October 27, 2019, 08:13:38 PM
Is there a way to configure logging so only non-informational logs entries get sent to a remote log server? I do not see anything that allows me to do this.
Title: Re: Logging
Post by: mimugmail on October 27, 2019, 08:16:10 PM
With the new logging targets section in 19.7 you should be able to select facility
Title: Re: Logging
Post by: spetrillo on October 27, 2019, 09:53:12 PM
Ahhh I see it now...for standard firewall msgs would I pick dpinger?
Title: Re: Logging
Post by: mimugmail on October 28, 2019, 07:05:24 AM
dpinger is for gateway monitoring
Title: Re: Logging
Post by: spetrillo on October 29, 2019, 12:40:28 AM
OK so then what would be the correct one to select for the firewall.
Title: Re: Logging
Post by: gpb on October 29, 2019, 12:53:14 AM
I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).
Title: Re: Logging
Post by: spetrillo on October 30, 2019, 12:31:33 AM
So here is what I am trying to accomplish. I would like to send logs to a remote log server. I would like to focus on all msgs other than informational. I would like to focus on firewall and Suricata messages. If I use the Logging section and pump them to the remote server I get everything. Should I then use Logging/Targets to filter for what I want?
Title: Re: Logging
Post by: gpb on October 30, 2019, 04:22:44 AM
I route firewall messages to a syslog server.  I still don't know what you mean by informational.  In a firewall rule, I can select to log a rule or not.  That is informational...right?  You can disable all the other firewall notifications like default drop, bogon, etc. in the settings page mentioned above.  I might get a couple messages a day...or none.

I never saw any messages running suricata (I'm referring to the alerts tab on the IPS page)...someone else might have information on that as far as logging goes.
Title: Re: Logging
Post by: spetrillo on October 30, 2019, 08:02:18 PM
If you go to the Logging/Target section you are able to filter out msgs you do not want to see, like informational.
Title: Re: Logging
Post by: spetrillo on October 31, 2019, 05:50:24 PM
Quote from: gpb on October 29, 2019, 12:53:14 AM
I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).

If that is the case how do I filter out informational?
Text only | Text with Images