On 4/14/08, Paul M <[EMAIL PROTECTED]> wrote: > RB wrote: > > I've had a request to increase logging duration on systems that have > > no access to an external syslog server, so am making the necessary > > changes to maintain much larger ring-log files. Incredibly larger - > > > what we've done is to make a few tweaks and install syslog-ng.... > > 1/ change the system include file so that it starts syslog with "-b > 127.0.0.1" so that it doesn't bind to an external IP. > > 2/ add some lines to /etc/rc.conf.local to make a restart of syslog also > bind only to localhost: > syslogd_enable="YES" > syslogd_flags=" -s -f /var/etc/syslog.conf -b 127.0.0.1" > > 3/ install syslog-ng and write config so that it does full logging to > local file system as well as copying to a main log server > > 3a/ pkg_add -r syslog-ng > 3b/ config file is /usr/local/etc/syslog-ng/syslog-ng.conf > (if interested, I can provide ours after sanitisation) > 3c/ make syslog-ng listen on, say, the sync interface or lan. > > 4/ add some lines to /etc/rc.conf.local to make sure that syslog-ng > starts up > > 5/ use the pfsense gui to tell it to log to the syslog-ng IP address > > this "works for us", and the key thing is that apart from having to fix > the /etc/inc/system.inc file when upgrading pfsense (I offered the > diffs/patch, I think it might have been accepted), you don't have to > bend the system too far as you don't have to hack any other part of pfsense.
I have commited some code to help with this: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup Scott
