I enabled a remote syslog that is used by many sources on my LAN.
Added a target, selected all in all of the dropdowns, i.e. every application, facility, level, or whatnot is selected.
Still not a single new entry comes to the syslog server from opnsense.
What is required to log to an external syslog server?
			
			
			
				I just tried.
System > Settings > Logging > Remote
Added a destination with transport matching my syslog server (UDP4), all apps/levels/facilities, IP/port of the server, description, then Save
Apply
Entries appeared within seconds of adjustments to FW rules on my primary network (I'm still in experimentation mode). Due to my experiments, the destination is on the WAN side, but I don't expect this to be relevant.
My syslog server is setup to accept new originators automatically, so I didn't have to do anything there (but cleanup afterwards).
			
			
			
				Oh, and System > Log Files > General features entries from syslog-ng when configuration changes were applied. In particular, the destination server is listed.
System > Configuration > History shows the various steps too (change & apply).
			
			
			
				Quote from: EricPerl on November 03, 2024, 10:38:45 PM
I just tried.
You are right! I did not realize that I had to follow a 3-step enablement process for syslog: create target, enable it, apply it.