Messages

1

General Discussion / Re: OPNsense sshd logs to central logserver (Graylog)

« on: January 22, 2024, 11:03:15 am »

Could please someone confirm that behaviour of audit logs?
Otherwise I will continue trying to troubleshoot this :-)

2

General Discussion / OPNsense sshd logs to central logserver (Graylog)

« on: January 18, 2024, 04:37:56 pm »

Hi Everyone I hope someone can help me.

I'm trying to set up some alerting in Graylog for ssh logins to my OPNsense.
In general it's working since I enabled logging targets for "audit".

But on Graylog I just receive audit logs concerning WebGui (config changes, WebGui Logins etc.)
So I checked on the filesystem and it seems that OPNsense is just pushing /var/log/audit.log entries to central syslog and not the log entries from /var/log/audit/audit*.log. These logs seem also to be the one used in the WebGui (System -> Log Files -> Audit)
Do I understand that correctly? Is there a way to get sshd audit logs sent to a central syslog server?