Syslog-NG - assign a remote port other than 514

Started by shans22, August 28, 2019, 06:34:39 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 28, 2019, 06:34:39 PM
Hello Sense Team.
OPNsense 19.7.2
Faced with such a problem. If you specify a port other than 514 in the field "System/Settings/Logging -> Remote Syslog Servers" logs are not sent to the remote server on the specified port (for example 192.168.1.100:5145).
Line `network("192.168.1.100:5145" transport("udp") port(514) ip-protocol(4) localip(192.168.10));` in file /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf starts to work correctly only after editing the view: `network("192.168.1.100" transport("udp") port(5145) ip-protocol(4) localip(192.168.10));` and restart service syslog-ng. Logs are then successfully sent to the remote server until the next reboot or logging configuration change.
Please tell me how to correctly assign the port.
August 31, 2019, 04:01:11 AM #1
yup i have lost remote logging as well. i am on 19.7.3. although i do not see that path or file. in /usr/local/etc/ there is just a sylog-ng-conf file that seems to just be default with no modifications. Good thing ive tested this version our before mass deployment  :o :P
August 31, 2019, 10:29:18 AM #2
@shans22 For tracking purposes, please reference to the GitHub issue as well when you create one, it helps others finding possible solutions https://github.com/opnsense/core/issues/3682

Quote
you best use System --> Settings --> Logging / targets, it supersedes "Remote Syslog Servers", which will likely be removed in 20.1

August 31, 2019, 10:34:49 PM #3
Thanks, im going to start migrating to the new logging output, but seems that the legacy option should be removed? as it does not seem to work on 19.7.3
September 01, 2019, 11:04:13 AM #4
I've just pushed a patch (in the issue) to fix the legacy version, it's scheduled for removal in this ticket https://github.com/opnsense/core/issues/3540 (We tend to only remove these things in major versions)
September 03, 2019, 01:27:20 PM #5
Thanks for reacting AdSchellevis.
Logging/targets/Destinations works fine, but the list "Edit destination/Applications" there are no items "System events", "Mail service events" and "Portal Auth events". For example I need to log administrators coming to the server. How now to do it through Logging/targets?
September 03, 2019, 01:37:33 PM #6
If your looking for how the old categories were matched, you best look at the "legacy" remote template
https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf


portal auth for example is application "captiveportal".
September 03, 2019, 05:22:49 PM #7
Thanks AdSchellevis.
Fix syslog-ng-legacy-remote.conf and everything worked.
Print
Go Up Pages1
User actions