Hello , i have setup my graylog and i can receive logs from pfsense , but how can i querry for configuration changes from graylog ,for example some one created an account on my pfsense how do i query it from the messages. ?
Note :others logs are recived automatically from pfsense for example snort logs,and login logs ,but i cannot find the logs of configuration changes to pfsense.
Hi asekibaala,
Have you tried checking the box System Events in Remote logging settings -> Remote Syslog Contents?
System events show logs like Local User Database: Successfully created user when you create username. I think configuration changes are generally in System logs.
Cheers!
I don’t know if it is still relevant.
Hi facyber
Yes System Events is checked, but i can only see these logs from pfsense and not from graylog ,
Is there a search query that i can perform to see them from graylog.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
