I tweak /etc/inc/system.inc so that syslogd is bound ONLY to localhost,
and then I can set pfsense to also log to another local IP, then install
syslog-ng on that IP so that I can do interesting things to the logs and
also push them remotely.
Please can you change the default configuration by tweaking
/etc/inc/system.inc as follows, I can't see any downside in pfsense and
not having syslogd listening on all addresses would actually make things
more secure. thanks!
note there's missing EOL in the standard file too
# diff system.inc.old system.inc
451c451
< $retval = mwexec("/usr/sbin/syslogd -c -s -f
{$g['varetc_path']}/syslog.conf");
---
> $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.1
-c -s -f {$g['varetc_path']}/syslog.conf");
453c453
< $retval = mwexec("/usr/sbin/syslogd -c -ss -f
{$g['varetc_path']}/syslog.conf");
---
> $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.1
-c -ss -f {$g['varetc_path']}/syslog.conf");
456c456
< $retval = mwexec("/usr/sbin/syslogd -c -ss");
---
> $retval = mwexec("/usr/sbin/syslogd -b 127.0.0.1 -c -ss");
1285c1285
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
