Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Problem with sending logs to graylog
« previous
next »
Print
Pages: [
1
]
Author
Topic: Problem with sending logs to graylog (Read 3549 times)
gizm0
Newbie
Posts: 9
Karma: 0
Problem with sending logs to graylog
«
on:
July 22, 2021, 03:15:33 pm »
I have Opnsense 21.1.8_1-amd64 installed on APU2 board. I have also setup working Graylog 4.0.9 server, which I have used to log all messages from different servers and devices.
I tried to get opnsense to send audit and openvpn logs (system ->settings->logging /targets options) to graylog, but it sends only openvpn logs. All other servers are working as expected and those can send logs to graylog, but opnsense doesn't. I have setup opnsense to send logs to syslog UDP input, but only openvpn logs are coming in.
I also noticed that opnsense sends some of the openvpn logs to the graylog. For example it does not send this openvpn log event "openvpn[37083] USERHERE/IPHERE:PORT SIGTERM[soft,remote-exit] received, client-instance exiting", but this is sent to graylog "openvpn[37083] MANAGEMENT: CMD 'quit'".
The weird part is that it worked yesterday when I setup remote logging, but after I changed graylog ip address (as the server was moved) it stopped to work and opnsense sent only some of the messages (only openvpn logs).
This is what I have tried so far:
-remove logging and recreate the settings-
-reboot
-restart services
I have attached screenshots of the opnsense setup and events from graylog that are sent to graylog.
Logged
mircsicz
Full Member
Posts: 113
Karma: 3
Re: Problem with sending logs to graylog
«
Reply #1 on:
July 24, 2021, 06:09:55 pm »
I'ld suggest checking the ondisk config's maybe they sticked to the old IP somewhere in /usr/local/etc/syslog-ng
Alternative'ly try downloading the config edit out all the modified Syslog target and restore that as backup...
Logged
gizm0
Newbie
Posts: 9
Karma: 0
Re: Problem with sending logs to graylog
«
Reply #2 on:
July 29, 2021, 11:44:48 am »
Actually it started to work on the same day when i wrote original post here. Well at least it is sending the messages to graylog, but there still seems to be one problem. For some of the opnsense events it takes over 1,5hours to send the message. I have checked that the problem is on the opnsense side as the message arrives to graylog 1,5hours later and it has current timestamp from opnsense although event happened 1,5hours before.
Some of the messages are sent right way such as the messages which can be seen on this thread in the screenshot (for example message: "OPNsense.hosts openvpn[37083]: MANAGEMENT....".
For me it looks like the messages that have "MANAGEMENT" text in it are sent right away and everything else takes longer time.
«
Last Edit: July 29, 2021, 11:56:42 am by gizm0
»
Logged
gizm0
Newbie
Posts: 9
Karma: 0
Re: Problem with sending logs to graylog
«
Reply #3 on:
August 05, 2021, 11:58:50 am »
I have now tried to upgrade to latest Opnsense version 21.7, but still it doesn't work as it should.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.1 Legacy Series
»
Problem with sending logs to graylog