please can /etc/inc/system.inc be changed so that syslogd ONLY binds to
127.0.0.1 rather than *.*.*.*
this makes it much easier to also install syslog-ng so that you can
supplement the local clog stuff with a full log and reflect it to a
remote site (you'd install syslog-ng, make it bind to, say, the LAN port
or sync on a cluster, and then tell pfsense to also log to that local
IP). I do this on all our firewalls so that I can collect the full log
locally and also push to a central log server.
thanks very much
the patch is as follows, my original version distributed with pfsense is
the ".dist"
--- system.inc.dist 2009-09-22 16:41:59.000000000 +0000
+++ system.inc 2009-09-22 16:42:56.000000000 +0000
@@ -436,12 +436,12 @@
// Are we logging to a least one remote server ?
if(strpos($syslogconf, "@") != false)
- $retval = mwexec("/usr/sbin/syslogd -s -f
{$g['varetc_path']}/syslog.conf");
+ $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.l
-s -f {$g['varetc_path']}/syslog.conf");
else
- $retval = mwexec("/usr/sbin/syslogd -ss -f
{$g['varetc_path']}/syslog.conf");
+ $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.l
-ss -f {$g['varetc_path']}/syslog.conf");
} else {
- $retval = mwexec("/usr/sbin/syslogd -ss");
+ $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.l -ss");
}
if ($g['booting'])
@@ -1275,4 +1275,4 @@
mwexec("/sbin/sysctl -n net.link.ether.inet.log_arp_movements=1");
}
-?>
\ No newline at end of file
+?>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
