Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Syslog-ng / Journald
« previous
next »
Print
Pages: [
1
]
Author
Topic: Syslog-ng / Journald (Read 1222 times)
PotatoCarl
Full Member
Posts: 134
Karma: 5
Syslog-ng / Journald
«
on:
February 15, 2022, 12:23:28 pm »
Hi,
I asked this question quite a while ago and would like to reopen it (
https://forum.opnsense.org/index.php?topic=16819.msg76586#msg76586
).
My current Servers are all running on systemd. So I do not have a syslog facility anymore, meaning I cannot accept the remote logs from my firewall anymore.
I have installed rsyslog, which is able to open a connection at port 514. Hower, there it stops. The "snipped" given in the post above is unclear where to go. If I creeate an "frule" file with that contents, rsyslog just throws an error message.
Can anybody help me how to configure rsyslog to receive the messages from the firewall correctly?
Thank you.
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Syslog-ng / Journald
«
Reply #1 on:
February 15, 2022, 12:30:07 pm »
Traing to find the "old" and broken configuration I am completely at a loss. Where can I setup the remote logging? I do not find a host address anywhere, neither how to do it in the 22. version.
Totally confused now...
Logged
PotatoCarl
Full Member
Posts: 134
Karma: 5
Re: Syslog-ng / Journald
«
Reply #2 on:
February 15, 2022, 01:28:40 pm »
Okay, I kinda worked through some issues here.
It seems as from the web frontend, the "old" servers would not be accessible after upgrading to 22.1
This is not so good, as the "legacy-remote.conf" in /usr/local/etc/syslog-ng.conf.d/ persists. This means, if I define a new target (tagets are empty after upgrade), I get each message twice.
So here's what I had to do:
Setup the rsyslogd on my remote server to receive UDP packages.
Remove (repspectively put a "#" in front) the desitantion lines in the legacy-remote.conf file.
Configure a new target with the logs I wanted to log remotly.
I would ask the developers if they could kindly either correctly import the legacy files into the new webfrontend, or at last make it possible to remove old hosts, so that the log is not running over with "connection timed out" or with double entries on the logging server.
Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Syslog-ng / Journald