Logging

Started by spetrillo, October 27, 2019, 08:13:38 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 27, 2019, 08:13:38 PM
Is there a way to configure logging so only non-informational logs entries get sent to a remote log server? I do not see anything that allows me to do this.
October 27, 2019, 08:16:10 PM #1
With the new logging targets section in 19.7 you should be able to select facility
October 27, 2019, 09:53:12 PM #2
Ahhh I see it now...for standard firewall msgs would I pick dpinger?
October 28, 2019, 07:05:24 AM #3
dpinger is for gateway monitoring
October 29, 2019, 12:40:28 AM #4
OK so then what would be the correct one to select for the firewall.
October 29, 2019, 12:53:14 AM #5
I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
October 30, 2019, 12:31:33 AM #6
So here is what I am trying to accomplish. I would like to send logs to a remote log server. I would like to focus on all msgs other than informational. I would like to focus on firewall and Suricata messages. If I use the Logging section and pump them to the remote server I get everything. Should I then use Logging/Targets to filter for what I want?
October 30, 2019, 04:22:44 AM #7
I route firewall messages to a syslog server.  I still don't know what you mean by informational.  In a firewall rule, I can select to log a rule or not.  That is informational...right?  You can disable all the other firewall notifications like default drop, bogon, etc. in the settings page mentioned above.  I might get a couple messages a day...or none.

I never saw any messages running suricata (I'm referring to the alerts tab on the IPS page)...someone else might have information on that as far as logging goes.
HP T730/AMD  RX-427BB/8GB/500GB SSD
HP NC365T 4-PORT
October 30, 2019, 08:02:18 PM #8
If you go to the Logging/Target section you are able to filter out msgs you do not want to see, like informational.
October 31, 2019, 05:50:24 PM #9
Quote from: gpb on October 29, 2019, 12:53:14 AM
I thought firewall logging was on the logging page in settings, not logging/targets.  There you can disable all sorts of options related to the firewall...assuming that's what you're looking for.  I guess it might help to state what exactly you don't want to see (or do want to see).

If that is the case how do I filter out informational?
Print
Go Up Pages1
User actions