Hello,
I've just recently set up OPNsense and I'm trying to output syslog to a remote server. I have my firewall box set up as a transparent firewall from WAN to LAN (ports 0 and 1), with a local connection on port 2. Everything is working fine, internet is making it through the firewall to the LAN, the box is getting internet through the local connection, etc, except for syslog output which doesn't seem to be leaving the box.
I've tried multiple internal remote targets, TCP/UDP, a variety of ports, omitting everything in the target options or selecting specific things, and in all cases I don't receive anything on the remote servers (which are actively working for other syslog machines in the network). I've logged in to the OPNSense box and set up tcpdump on the specified destination port, gave suricata a test alert that I can reliably trigger (pinging a specific address), and I get the alerts in suricata but still no syslog/tcpdump output. I also set up tcpdump on the receiving server, and can trigger it by telnetting the port from the opnsense box, so there's no IP/port communication issues.
I see this thread (https://forum.opnsense.org/index.php?topic=18655.msg85604#msg85604) suggesting the latest syslog might be crashing, but I can still see the syslog-ng processes running.
Does anyone have any ideas of what I might be missing, or if this is just a problem with the current version (3.27.1_1)?
Thanks
Can you try to reboot after setting remote target? Usually it should Work out of the box
Bit ashamed that of all the things I tried, that wasn't one. Working now, thanks!