OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • Syslog receiver/server
« previous next »
  • Print
Pages: [1]

Author Topic: Syslog receiver/server  (Read 5760 times)

maxxer

  • Newbie
  • *
  • Posts: 28
  • Karma: 1
    • View Profile
Syslog receiver/server
« on: December 11, 2019, 10:02:51 am »
Is it possible to enable OPNsense as a syslog receiver for other devices in the LAN? I found everthing for sending logs outside, but not for being a syslog server.

Thanks
« Last Edit: December 11, 2019, 10:04:30 am by maxxer »
Logged
YetOpen S.r.l.

banym

  • Sr. Member
  • ****
  • Posts: 468
  • Karma: 31
  • Free Human Being, FreeBSD, Linux and Mac nerd
    • View Profile
    • Banym
Re: Syslog receiver/server
« Reply #1 on: December 11, 2019, 05:41:57 pm »
Not that I am aware.

The local logs are processed using clog and syslog would write many data to disk.
The firewall is not a good place to store this information.

In most configurations the firewall is facing WAN and should not store sensitive data. Logfiles often contain such data.

Beside that the filesystem could be run out of space and could cause problems on the firewall doing its job.

Not a good idea.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de

maxxer

  • Newbie
  • *
  • Posts: 28
  • Karma: 1
    • View Profile
Re: Syslog receiver/server
« Reply #2 on: December 11, 2019, 06:33:56 pm »
Thanks. This is not really a security endpoint, just a middle firewall, so I don't bother much about security in this specific situation.

You say it's still not possible, right? I'd better turn to a standard distro and setup the services I need there, do I?

Thanks again
Logged
YetOpen S.r.l.

banym

  • Sr. Member
  • ****
  • Posts: 468
  • Karma: 31
  • Free Human Being, FreeBSD, Linux and Mac nerd
    • View Profile
    • Banym
Re: Syslog receiver/server
« Reply #3 on: December 11, 2019, 07:01:19 pm »
Only because I do not recommend it, it could still be possible.

If you configure the syslog service manually it should be possible.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 17661
  • Karma: 1611
    • View Profile
Re: Syslog receiver/server
« Reply #4 on: December 16, 2019, 01:02:55 pm »
OPNsense is not intended for log collection from other devices mostly because such a possibility would spike the requests for more log parsing beyond the integrated services which we cannot provide for the core system because it's not part of the core mission.


Cheers,
Franco
Logged

maxxer

  • Newbie
  • *
  • Posts: 28
  • Karma: 1
    • View Profile
Re: Syslog receiver/server
« Reply #5 on: December 17, 2019, 01:12:10 pm »
Ok, thank you for the feedback
Logged
YetOpen S.r.l.

banym

  • Sr. Member
  • ****
  • Posts: 468
  • Karma: 31
  • Free Human Being, FreeBSD, Linux and Mac nerd
    • View Profile
    • Banym
Re: Syslog receiver/server
« Reply #6 on: December 17, 2019, 01:30:15 pm »
have a look into graylog
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 19.7 Legacy Series »
  • Syslog receiver/server
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2