Author Topic: Syslog-NG - assign a remote port other than 514 (Read 4445 times)

shans22 · « **on:** August 28, 2019, 06:34:39 pm »

Hello Sense Team.
OPNsense 19.7.2
Faced with such a problem. If you specify a port other than 514 in the field "System/Settings/Logging -> Remote Syslog Servers" logs are not sent to the remote server on the specified port (for example 192.168.1.100:5145).
Line `network("192.168.1.100:5145" transport("udp") port(514) ip-protocol(4) localip(192.168.10));` in file /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf starts to work correctly only after editing the view: `network("192.168.1.100" transport("udp") port(5145) ip-protocol(4) localip(192.168.10));` and restart service syslog-ng. Logs are then successfully sent to the remote server until the next reboot or logging configuration change.
Please tell me how to correctly assign the port.

deekdeeker · « **Reply #1 on:** August 31, 2019, 04:01:11 am »

yup i have lost remote logging as well. i am on 19.7.3. although i do not see that path or file. in /usr/local/etc/ there is just a sylog-ng-conf file that seems to just be default with no modifications. Good thing ive tested this version our before mass deployment

AdSchellevis · « **Reply #2 on:** August 31, 2019, 10:29:18 am »

@shans22 For tracking purposes, please reference to the GitHub issue as well when you create one, it helps others finding possible solutions https://github.com/opnsense/core/issues/3682

Quote

you best use System --> Settings --> Logging / targets, it supersedes "Remote Syslog Servers", which will likely be removed in 20.1

deekdeeker · « **Reply #3 on:** August 31, 2019, 10:34:49 pm »

Thanks, im going to start migrating to the new logging output, but seems that the legacy option should be removed? as it does not seem to work on 19.7.3

AdSchellevis · « **Reply #4 on:** September 01, 2019, 11:04:13 am »

I've just pushed a patch (in the issue) to fix the legacy version, it's scheduled for removal in this ticket https://github.com/opnsense/core/issues/3540 (We tend to only remove these things in major versions)

shans22 · « **Reply #5 on:** September 03, 2019, 01:27:20 pm »

Thanks for reacting AdSchellevis.
Logging/targets/Destinations works fine, but the list "Edit destination/Applications" there are no items "System events", "Mail service events" and "Portal Auth events". For example I need to log administrators coming to the server. How now to do it through Logging/targets?

AdSchellevis · « **Reply #6 on:** September 03, 2019, 01:37:33 pm »

If your looking for how the old categories were matched, you best look at the "legacy" remote template
https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-legacy-remote.conf

portal auth for example is application "captiveportal".

shans22 · « **Reply #7 on:** September 03, 2019, 05:22:49 pm »

Thanks AdSchellevis.
Fix syslog-ng-legacy-remote.conf and everything worked.

Author Topic: Syslog-NG - assign a remote port other than 514 (Read 4445 times)

shans22

Syslog-NG - assign a remote port other than 514

deekdeeker

Re: Syslog-NG - assign a remote port other than 514

AdSchellevis

Re: Syslog-NG - assign a remote port other than 514

deekdeeker

Re: Syslog-NG - assign a remote port other than 514

AdSchellevis

Re: Syslog-NG - assign a remote port other than 514

shans22

Re: Syslog-NG - assign a remote port other than 514

AdSchellevis

Re: Syslog-NG - assign a remote port other than 514

shans22

Re: Syslog-NG - assign a remote port other than 514