OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: spetrillo on October 27, 2019, 08:13:38 pm

Title: Logging
Post by: spetrillo on October 27, 2019, 08:13:38 pm

Is there a way to configure logging so only non-informational logs entries get sent to a remote log server? I do not see anything that allows me to do this.

Title: Re: Logging
Post by: mimugmail on October 27, 2019, 08:16:10 pm

With the new logging targets section in 19.7 you should be able to select facility

Title: Re: Logging
Post by: spetrillo on October 27, 2019, 09:53:12 pm

Ahhh I see it now...for standard firewall msgs would I pick dpinger?

Title: Re: Logging
Post by: mimugmail on October 28, 2019, 07:05:24 am

dpinger is for gateway monitoring

Title: Re: Logging
Post by: spetrillo on October 29, 2019, 12:40:28 am

OK so then what would be the correct one to select for the firewall.

Title: Re: Logging
Post by: gpb on October 29, 2019, 12:53:14 am

I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).

Title: Re: Logging
Post by: spetrillo on October 30, 2019, 12:31:33 am

So here is what I am trying to accomplish. I would like to send logs to a remote log server. I would like to focus on all msgs other than informational. I would like to focus on firewall and Suricata messages. If I use the Logging section and pump them to the remote server I get everything. Should I then use Logging/Targets to filter for what I want?

Title: Re: Logging
Post by: gpb on October 30, 2019, 04:22:44 am

I route firewall messages to a syslog server.  I still don't know what you mean by informational.  In a firewall rule, I can select to log a rule or not.  That is informational...right?  You can disable all the other firewall notifications like default drop, bogon, etc. in the settings page mentioned above.  I might get a couple messages a day...or none.

I never saw any messages running suricata (I'm referring to the alerts tab on the IPS page)...someone else might have information on that as far as logging goes.

Title: Re: Logging
Post by: spetrillo on October 30, 2019, 08:02:18 pm

If you go to the Logging/Target section you are able to filter out msgs you do not want to see, like informational.

Title: Re: Logging
Post by: spetrillo on October 31, 2019, 05:50:24 pm

Quote from: gpb on October 29, 2019, 12:53:14 am

I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).

If that is the case how do I filter out informational?