Netgate Store

Author Topic: Help for forwarding Syslog through SSH Tunnel.  (Read 481 times)

0 Members and 1 Guest are viewing this topic.

Offline SandeepAthiyarath

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Help for forwarding Syslog through SSH Tunnel.
« on: March 05, 2017, 10:09:57 am »
Hi Team,

I am trying to configure central syslog server for my 100s of  pfSense boxes.

It is not good Idea to setup openvpn only for sending the syslogs to central server.

So, I thought ssh reverse tunnel might be the ideal solution as less work. But stuck with the
fact that  pfsense is only allowing the syslog to UDB not TCP port which most of the syslog servers have.
Also SSH reverse tunnel won't forward the UDP ports forward. So trying to get a solution for this.
In line with the below link I have setup the  Reverse tunnel as below.

1. Setup the SSH Tunnel with  ssh -L 1514:localhost:1514 syslog-server.

2. On pfSense  ran the following commands:

mkfifo /tmp/udp2tcp
nc -l -u  9100 > /tmp/udp2tcp | nc localhost  1514 < /tmp/udp2tcp 

3. On the pfesense System Logs properties  redirected the logs to  localhost: 9100

4.  On the rsyslog server enabled udp loging on port 514, ( Directly this is working fine without ssh tunnel)

5. on the syslog server ran the following commands.

mkfifo /tmp/tcp2udp

netcat -l -p 1514 < /tmp/tcp2udp | netcat -u localhost 514 > /tmp/tcp2udp.

Syslogs are not appearling on the  syslog server.

Not sure where I am making the mistake . Also please let me know if any other alternatives.