How do I configure syslog remote logging for a pfSense Firewall

This article will describe how to configure the pfSense firewall to send firewall logs to the RocketCyber Firewall Analyzer syslog server.

Screen Shot 2020-07-21 at 3.53.21 PM

1. Logon to the pfSense web configuration dashboard

2. Click Status

Screen Shot 2020-07-21 at 3.54.31 PM

2. Click System Logs

Screen Shot 2020-07-21 at 3.55.14 PM

3. Click Settings

Screen Shot 2020-07-21 at 4.03.30 PM

4. Scroll down to the Remote Logging Options section

5. Click on Send log messages to remote syslog server

6. Configure the following remaining options:

Source Address: Choose LAN

IP Protocol: IPv4

Remote Log Servers: Enter the IP address of the RocketAgent Syslog Server

Remote Syslog Contents: Check the following boxes

    • Firewall Events
    • VPN Events
    • Gateway Monitor Events
    • Routing Daemon Events

7. Click Save

 

Note: This configuration assumes that the RocketAgent syslog server is running on the LAN segment and that the Firewall Analyzer Syslog Server configuration is utilizing the default port and protocol of UDP/514. If you have configured a different port, you must add it to the ip address using a : 

Example: 192.168.3.1:2293