Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - senpai

Pages1
#1
19.7 Legacy Series / Re: Upgraded from 19.1. to 19.7 and firewall rule logging has stopped
August 30, 2019, 03:54:44 AM
[UPDATE] - not resolved by normal means, but I installed a Splunk Forwarder agent and I am currently forwarding /var/log/filter.log to my Splunk servers directly, in real-time. 

A band-aide job for sure, but still very puzzling why /var/log/filter.log is not being sent when others are. 
#2
19.7 Legacy Series / Upgraded from 19.1. to 19.7 and firewall rule logging has stopped
August 29, 2019, 10:49:53 PM
Upgrade went without a hitch except for the logging rules I had set for my LAN and WAN firewall rules are not being set over syslog any more.  I use Splunk as my log aggregator and investigation tool.

The only events being sent over is from System->Settings->Logging->Remote Logging Options->Remote Syslog Content.

I checked: Firewall->Rules->LAN and double checked that Logging is checked off.  I turned it off, saved and turned it back on, but still no events.

I have manually rebooted the box a few time, but no changes there.

Here is a copy/pasta of legacy-remote.conf (syslog-ng-destinations is empty):


Code Select
destination d_legacy_remote {

network("192.168.1.151:514" transport("udp") port(514) ip-protocol(4) );

};



# section filters
filter f_remote_system {
    not facility(daemon, local0, local1, local2, local3, local4, local5, local6, local7, user);
};
filter f_remote_filter {
    program(filterlog);
};
filter f_remote_dhcp {
    program("dhcrelay") or
    program("dhcpd");
};
filter f_remote_dns {
    program("unbound") or
    program("dnsmasq");
};
filter f_remote_mail {
    program("postfix");
};
filter f_remote_portalauth {
    program("captiveportal");
};
filter f_remote_vpn {
    program("l2tps") or
    program("poes") or
    program("pptps") or
    program("charon") or
    program("openvpn") or
    program("tinc*");
};
filter f_remote_ids {
    program("suricata");
};
filter f_remote_apinger {
    program("dpinger");
};
filter f_remote_relayd {
    program("haproxy") or
    program("relayd");
};
filter f_remote_hostapd {
    program("hostapd");
};

### log section system ####
log {
    source(s_all);
    filter(f_remote_system);
    destination(d_legacy_remote);
};
### log section filter ####
log {
    source(s_all);
    filter(f_remote_filter);
    destination(d_legacy_remote);
};
### log section portalauth ####
log {
    source(s_all);
    filter(f_remote_portalauth);
    destination(d_legacy_remote);
};
### log section vpn ####
log {
    source(s_all);
    filter(f_remote_vpn);
    destination(d_legacy_remote);
};
### log section ids ####
log {
    source(s_all);
    filter(f_remote_ids);
    destination(d_legacy_remote);
};
### log section apinger ####
log {
    source(s_all);
    filter(f_remote_apinger);
    destination(d_legacy_remote);
};
Pages1