Syslog receiver/server

Started by maxxer, December 11, 2019, 10:02:51 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 11, 2019, 10:02:51 AM Last Edit: December 11, 2019, 10:04:30 AM by maxxer
Is it possible to enable OPNsense as a syslog receiver for other devices in the LAN? I found everthing for sending logs outside, but not for being a syslog server.

Thanks
YetOpen S.r.l.
December 11, 2019, 05:41:57 PM #1
Not that I am aware.

The local logs are processed using clog and syslog would write many data to disk.
The firewall is not a good place to store this information.

In most configurations the firewall is facing WAN and should not store sensitive data. Logfiles often contain such data.

Beside that the filesystem could be run out of space and could cause problems on the firewall doing its job.

Not a good idea.
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
December 11, 2019, 06:33:56 PM #2
Thanks. This is not really a security endpoint, just a middle firewall, so I don't bother much about security in this specific situation.

You say it's still not possible, right? I'd better turn to a standard distro and setup the services I need there, do I?

Thanks again
YetOpen S.r.l.
December 11, 2019, 07:01:19 PM #3
Only because I do not recommend it, it could still be possible.

If you configure the syslog service manually it should be possible.
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
December 16, 2019, 01:02:55 PM #4
OPNsense is not intended for log collection from other devices mostly because such a possibility would spike the requests for more log parsing beyond the integrated services which we cannot provide for the core system because it's not part of the core mission.


Cheers,
Franco
December 17, 2019, 01:12:10 PM #5
Ok, thank you for the feedback
YetOpen S.r.l.
December 17, 2019, 01:30:15 PM #6
have a look into graylog
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
Print
Go Up Pages1
User actions