1
21.1 Legacy Series / Problem with sending logs to graylog
« on: July 22, 2021, 03:15:33 pm »
I have Opnsense 21.1.8_1-amd64 installed on APU2 board. I have also setup working Graylog 4.0.9 server, which I have used to log all messages from different servers and devices.
I tried to get opnsense to send audit and openvpn logs (system ->settings->logging /targets options) to graylog, but it sends only openvpn logs. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but only openvpn logs are coming in.
I also noticed that opnsense sends some of the openvpn logs to the graylog. For example it does not send this openvpn log event "openvpn[37083] USERHERE/IPHERE:PORT SIGTERM[soft,remote-exit] received, client-instance exiting", but this is sent to graylog "openvpn[37083] MANAGEMENT: CMD 'quit'".
The weird part is that it worked yesterday when I setup remote logging, but after I changed graylog ip address (as the server was moved) it stopped to work and opnsense sent only some of the messages (only openvpn logs).
This is what I have tried so far:
-remove logging and recreate the settings-
-reboot
-restart services
I have attached screenshots of the opnsense setup and events from graylog that are sent to graylog.
I tried to get opnsense to send audit and openvpn logs (system ->settings->logging /targets options) to graylog, but it sends only openvpn logs. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but only openvpn logs are coming in.
I also noticed that opnsense sends some of the openvpn logs to the graylog. For example it does not send this openvpn log event "openvpn[37083] USERHERE/IPHERE:PORT SIGTERM[soft,remote-exit] received, client-instance exiting", but this is sent to graylog "openvpn[37083] MANAGEMENT: CMD 'quit'".
The weird part is that it worked yesterday when I setup remote logging, but after I changed graylog ip address (as the server was moved) it stopped to work and opnsense sent only some of the messages (only openvpn logs).
This is what I have tried so far:
-remove logging and recreate the settings-
-reboot
-restart services
I have attached screenshots of the opnsense setup and events from graylog that are sent to graylog.