Log files?

Comments

40 comments

  • Avatar
    Chris Hewitt

    @Scott Copeland

    I think you are being a bit rough on the Firewalla team. This team has been working flat out for a few years at this point. They haven’t just created a startup with a new product and supporting software, they have come up with five new hardware products. They have implemented a lot of our requested features. I am sure they have a backlog they groom daily and prioritize based on market need the what addresses the broadest customer wants.

    Those on this thread are certainly on the long tail.

    Check out our other posts, we’ve been sending to Splunk, and for awhile ELK as well, so as-is it can be done. If you’re using security onion you shouldn’t have any trouble sending Firewalla logs to it. 

    0
    Comment actions Permalink
  • Avatar
    JB

    Agree with everybody here. This is marketed as a prosumer product and should have these features. Thanks for the support! 

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    see if this fit what you need https://help.firewalla.com/hc/en-us/articles/5345330648083-MSP-API-Getting-Started-

     

    0
    Comment actions Permalink
  • Avatar
    Shane Lord

    If you’re trying to lower the associated MSP portal infra costs for AWS, why don’t you use Linode instead. Much less expensive.

    https://www.linode.com/aws-vs-linode/

     

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Unfortunately, we are married to aws, which is a good thing and a bad thing. 

    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    For those who may want to set up syslog with Firewalla this script may be helpful. 

    https://gist.github.com/mbierman/f3d184b65e0f4de6fa75a4a5d5145426

    0
    Comment actions Permalink
  • Avatar
    Sean C. Higgins

    Hello,

    I am new to Firewalla and was looking at the information here and wondered, why not just create a rsyslog configuration file like /etc/rsyslog.d/45-current.conf, which contains:

     module(load="imfile" PollingInterval="10")
    input( type="imfile" File="/log/blog/current/*.log" Tag="current-log" Severity="error" Facility="local7")
    if $syslogtag contains "current-log" then {
    action(type="omfwd" target="192.168.x.x" port="514" protocol="tcp"
                action.resumeRetryCount="100"
                queue.type="linkedList" queue.size="10000")
      stop
    }

    This takes all the log files in /log/blog/current and forwards them to the target host.

    Once you add this file, you run:

    sudo systemctl restart rsyslog

    I do not know if this file will survive an update to Firewalla, but it works on my Firewalla Purple right now.

    0
    Comment actions Permalink
  • Avatar
    Sean C. Higgins

    Ok, after some experimentation, the first line in /etc/rsyslog.d/45-current.conf should be:

    module(load="imfile" Mode="polling" PollingInterval="5")
    0
    Comment actions Permalink
  • Avatar
    Michael Bierman

    Hey Sean, 

    You can make this persistent like so: gist.github.com/mbierman/f3d184b65e0f4de6fa75a4a5d5145426

     

    1
    Comment actions Permalink
  • Avatar
    Sean C. Higgins

    Thanks Michael!

    1
    Comment actions Permalink

Please sign in to leave a comment.