Ask the Community
Groups
How do I configure syslog remote logging for a pfSense Firewall - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="this-article-will-describe-how-to-configure-the-pfsense-firewall-to-send-firewall-logs-to-the-rocketcyber-firewall-analyzer-syslog-server">This article will describe how to configure the pfSense firewall to send firewall logs to the RocketCyber Firewall Analyzer Syslog server.</h2> <p>1. Logon to the pfSense web configuration dashboard</p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/BN55USQJE4ZH/screen-shot-2020-07-21-at-3-53-21-pm.png" alt="Screen_Shot_2020-07-21_at_3.53.21_PM.png" class="embedImage-img importedEmbed-img"></img>2. Click <strong>Status</strong></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/ACJA897N713Y/screen-shot-2020-07-21-at-3-54-31-pm.png" alt="Screen_Shot_2020-07-21_at_3.54.31_PM.png" class="embedImage-img importedEmbed-img"></img></p> <p>2. Click <strong>System Logs</strong></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/0CHJU6IRJP1Z/screen-shot-2020-07-21-at-3-55-14-pm.png" alt="Screen_Shot_2020-07-21_at_3.55.14_PM.png" class="embedImage-img importedEmbed-img"></img></p> <p>3. Click <strong>Settings</strong></p> <p><img src="https://us.v-cdn.net/6032361/uploads/migrated/AVHUCGL8F4G8/screen-shot-2020-07-21-at-4-03-30-pm.png" alt="Screen_Shot_2020-07-21_at_4.03.30_PM.png" class="embedImage-img importedEmbed-img"></img></p> <p>4. Scroll down to the <strong>Remote Logging Options</strong> section</p> <p>5. Click on <strong>Send log messages to a remote Syslog server</strong></p> <p>6. Configure the following remaining options:</p> <p><strong>Source Address: </strong>Choose LAN</p> <p><strong>IP Protocol:</strong> IPv4</p> <p><strong>Remote Log Servers:</strong> Enter the IP address of the RocketAgent Syslog Server</p> <p><strong>Remote Syslog Contents:</strong> Check the following boxes</p> <ul><li> <ul><li>Firewall Events</li> <li>VPN Events</li> <li>Gateway Monitor Events</li> <li>Routing Daemon Events</li> </ul></li> </ul><p>7. Click <strong>Save</strong></p> <div data-hs-callout-type="note"> <p><strong>Note:</strong> This configuration assumes that the RocketAgent Syslog server is running on the LAN segment and that the Firewall Analyzer Syslog Server configuration is utilizing the default port and protocol of UDP/514. If you have configured a different port, you must add it to the IP address using a : </p> <p>Example: 192.168.3.1:2293</p> </div> </article> </main>