OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of senpai »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - senpai

Pages: [1]
1
19.7 Legacy Series / Re: Upgraded from 19.1. to 19.7 and firewall rule logging has stopped
« on: August 30, 2019, 03:54:44 am »
[UPDATE] - not resolved by normal means, but I installed a Splunk Forwarder agent and I am currently forwarding /var/log/filter.log to my Splunk servers directly, in real-time. 

A band-aide job for sure, but still very puzzling why /var/log/filter.log is not being sent when others are. 

2
19.7 Legacy Series / Upgraded from 19.1. to 19.7 and firewall rule logging has stopped
« on: August 29, 2019, 10:49:53 pm »
Upgrade went without a hitch except for the logging rules I had set for my LAN and WAN firewall rules are not being set over syslog any more.  I use Splunk as my log aggregator and investigation tool.

The only events being sent over is from System->Settings->Logging->Remote Logging Options->Remote Syslog Content.

I checked: Firewall->Rules->LAN and double checked that Logging is checked off.  I turned it off, saved and turned it back on, but still no events.

I have manually rebooted the box a few time, but no changes there.

Here is a copy/pasta of legacy-remote.conf (syslog-ng-destinations is empty):


Code: [Select]
destination d_legacy_remote {

network("192.168.1.151:514" transport("udp") port(514) ip-protocol(4) );

};



# section filters
filter f_remote_system {
    not facility(daemon, local0, local1, local2, local3, local4, local5, local6, local7, user);
};
filter f_remote_filter {
    program(filterlog);
};
filter f_remote_dhcp {
    program("dhcrelay") or
    program("dhcpd");
};
filter f_remote_dns {
    program("unbound") or
    program("dnsmasq");
};
filter f_remote_mail {
    program("postfix");
};
filter f_remote_portalauth {
    program("captiveportal");
};
filter f_remote_vpn {
    program("l2tps") or
    program("poes") or
    program("pptps") or
    program("charon") or
    program("openvpn") or
    program("tinc*");
};
filter f_remote_ids {
    program("suricata");
};
filter f_remote_apinger {
    program("dpinger");
};
filter f_remote_relayd {
    program("haproxy") or
    program("relayd");
};
filter f_remote_hostapd {
    program("hostapd");
};

### log section system ####
log {
    source(s_all);
    filter(f_remote_system);
    destination(d_legacy_remote);
};
### log section filter ####
log {
    source(s_all);
    filter(f_remote_filter);
    destination(d_legacy_remote);
};
### log section portalauth ####
log {
    source(s_all);
    filter(f_remote_portalauth);
    destination(d_legacy_remote);
};
### log section vpn ####
log {
    source(s_all);
    filter(f_remote_vpn);
    destination(d_legacy_remote);
};
### log section ids ####
log {
    source(s_all);
    filter(f_remote_ids);
    destination(d_legacy_remote);
};
### log section apinger ####
log {
    source(s_all);
    filter(f_remote_apinger);
    destination(d_legacy_remote);
};

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2