Re: [pfSense Support] syslog-ng config to record events from fws

[luismi]

I don't want to discuss about this, for me it is a waste of time.

Here is the details of the syslog-ng thread x-D

I found the solution few days ago in the pfsense boards/forum, before I
sent the email to mailing list.
I modified the code to include the proper configuration for my
environment and it is pending from systems team, they need to configure
the servers.

In the meantime I asked for more templates to have other points of view
and maybe collect some ideas (filters, modifications in the internal
syslog-ng...). Nothing else.
So, that is the reason because my question was no too accurated, and
that is the reason because -IMHO- your answer was out of context.

None of my comments regarding this thread -except this one- are out
context, I asked for something and someone replied me (it was a correct
answer but not as accurated as I needed), and I replied again, as easy
as that. The email I sent saying that I was looking for more specific
was a comment, sorry if that email disturbs you.

Your emails don't have any value for me. No one replied me with a proper
template (as I wanted) and I don't blame anyone because of that, I know
that the people here is replying under best-effort rules. If I don't
obtain any reply it is ok for me too.

So, for the rest of this thread, if there are new messages I would like
to see something related to syslog-ng and my initial question and my
comment. 

Here is the code if you have any technical comments to do, if not, have
a good day :D:

source pf-fw1 { udp(p(10.10.10.242) port(514)); };

destination pf-d_kern
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/kernel"); };
destination pf-d_mesg
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/messages"); };
destination pf-d_auth
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/secure"); };
destination pf-d_mail
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/maillog"); };
destination pf-d_uucp
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/spooler"); };
destination pf-d_boot
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/boot.log"); };
destination pf-d_emerg
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/emerg.log"); };
destination pf-d_sshd
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/sshd.log"); };
destination pf-d_pptpd
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/pptpd.log"); };
destination pf-d_daemon
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/daemon.log"); };
destination pf-d_firewall
{ file("/var/log/network/fw1/$YEAR/$MONTH/$DAY/firewall.log"); };

filter pf-f_kern { facility(kern); };
filter pf-f_mesg { level(info) and not
facility(mail,authpriv,kern,local7); };
filter pf-f_auth { facility(authpriv); };
filter pf-f_mail { facility(mail); };
filter pf-f_uucp { facility(uucp); };
filter pf-f_boot { facility(local7); };
filter pf-f_emerg { level(emerg); };
filter pf-f_sshd { program("sshd"); };
filter pf-f_pptpd { match("pptpd"); };
filter pf-f_daemon { facility(daemon); };
filter pf-f_firewall { level(debug); };

log { source(pf-fw1); filter(pf-f_kern); destination(pf-d_kern); };
log { source(pf-fw1); filter(pf-f_mesg); destination(pf-d_mesg); };
log { source(pf-fw1); filter(pf-f_auth); destination(pf-d_auth); };
log { source(pf-fw1); filter(pf-f_mail); destination(pf-d_mail); };
log { source(pf-fw1); filter(pf-f_uucp); destination(pf-d_uucp); };
log { source(pf-fw1); filter(pf-f_boot); destination(pf-d_boot); };
log { source(pf-fw1); filter(pf-f_emerg); destination(pf-d_emerg); };
log { source(pf-fw1); filter(pf-f_sshd); destination(pf-d_sshd); };
log { source(pf-fw1); filter(pf-f_pptpd); destination(pf-d_pptpd); };
log { source(pf-fw1); filter(pf-f_daemon); destination(pf-d_daemon); };
log { source(pf-fw1); filter(pf-f_firewall);
destination(pf-d_firewall); };


source pf-fw2 { udp(p(10.10.10.243) port(514)); };

destination pf-d_kern
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/kernel"); };
destination pf-d_mesg
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/messages"); };
destination pf-d_auth
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/secure"); };
destination pf-d_mail
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/maillog"); };
destination pf-d_uucp
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/spooler"); };
destination pf-d_boot
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/boot.log"); };
destination pf-d_emerg
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/emerg.log"); };
destination pf-d_sshd
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/sshd.log"); };
destination pf-d_pptpd
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/pptpd.log"); };
destination pf-d_daemon
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/daemon.log"); };
destination pf-d_firewall
{ file("/var/log/network/fw2/$YEAR/$MONTH/$DAY/firewall.log"); };

filter pf-f_kern { facility(kern); };
filter pf-f_mesg { level(info) and not
facility(mail,authpriv,kern,local7); };
filter pf-f_auth { facility(authpriv); };
filter pf-f_mail { facility(mail); };
filter pf-f_uucp { facility(uucp); };
filter pf-f_boot { facility(local7); };
filter pf-f_

Re: [pfSense Support] syslog-ng config to record events from fws

[RB]

On Wed, May 13, 2009 at 03:02, luismi  wrote:
> PF

You do, of course, realize that 99.9% of the people that offer help on
this list are not paid to do so and that by copping an attitude you've
pretty much blown your chances of getting help?

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] syslog-ng config to record events from fws

[luismi]

PF

El mar, 12-05-2009 a las 11:15 -0600, RB escribió:
> On Tue, May 12, 2009 at 10:59, luismi  wrote:
> > Hi, well, I was looking for something more complex.
> 
> http://catb.org/~esr/faqs/smart-questions.html#beprecise
> 
> Ask a nebulous question, you get a nebulous answer.  If you wanted a
> specific configuration, say so.
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] syslog-ng config to record events from fws

[RB]

On Tue, May 12, 2009 at 10:59, luismi  wrote:
> Hi, well, I was looking for something more complex.

http://catb.org/~esr/faqs/smart-questions.html#beprecise

Ask a nebulous question, you get a nebulous answer.  If you wanted a
specific configuration, say so.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] syslog-ng config to record events from fws

[Paul Mansfield]

luismi wrote:

Hi, well, I was looking for something more complex.

El lun, 11-05-2009 a las 18:16 +0100, Michael Schmitt escribió:

luismi schrieb:

Hi all,

Can anyone forward me a template to configure syslog-ng for pfsense

source src_pfsense { udp(ip(0.0.0.0) port(514)); };
destination pfsense { file("/var/log/pfsense");};
log { source(src_pfsense); destination(pfsense); };


could add a filter?

source src_pfsense { udp(ip(0.0.0.0) port(514)); };

filter f_host_firewall { host ("a.b.c.d")
or host("firewall.example.com")
or host("firewall"); };

destination file_firewall { file("/var/log/firewall.log"); };

log { source(src); filter(f_host_firewall); destination(file_firewall); };




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] syslog-ng config to record events from fws

[luismi]

Hi, well, I was looking for something more complex.

El lun, 11-05-2009 a las 18:16 +0100, Michael Schmitt escribió:
> luismi schrieb:
> > Hi all,
> > 
> > Can anyone forward me a template to configure syslog-ng for pfsense
> > logs?
> > 
> > Thanks
> > 
> > 
> > -
> > To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> > For additional commands, e-mail: support-h...@pfsense.com
> > 
> > Commercial support available - https://portal.pfsense.org
> > 
> 
> source src_pfsense { udp(ip(0.0.0.0) port(514)); };
> destination pfsense { file("/var/log/pfsense");};
> log { source(src_pfsense); destination(pfsense); };
> 
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] syslog-ng config to record events from fws

[Michael Schmitt]

luismi schrieb:
> Hi all,
> 
> Can anyone forward me a template to configure syslog-ng for pfsense
> logs?
> 
> Thanks
> 
> 
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
> 
> Commercial support available - https://portal.pfsense.org
> 

source src_pfsense { udp(ip(0.0.0.0) port(514)); };
destination pfsense { file("/var/log/pfsense");};
log { source(src_pfsense); destination(pfsense); };


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org