How do I send FW logs to a remote rsyslog server?

[Jonesy]

I am trying to send my FW logs to a remote syslog server on PM V6.1. I added a "*.*" entry at the bottom of rsyslog.conf and that seems to work for most items, including a stop/start of the pve-firewall service itself. The logged FW entries only go into /var/log/pve-firewall.log on the local host so far.

I looked through the /usr/sbin/pvefw-logger binary file and I see "/var/log/pve-firewall.log" hard-coded in the binary file.
Does anyone know a way to log the FW entries to a syslog server without modifying the pvefw-logger code directly?

I could link that file to shared storage somewhere, but I am hoping for a more elegant solution.

Thanks for any help that can be provided.

John

 

[Alwin]

You will need to configure rsyslogd to watch the firewall log as well.
https://wiki.debian.org/Rsyslog

 

[Jonesy]

I forgot about the imfile module.
Adding this to my rsyslog.conf worked:

$ModLoad imfile
$InputFileName /var/log/pve-firewall.log
$InputFileTag pvefw
$InputFileStateFile stat-pvefw
$InputFileSeverity info
$InputFileFacility local3
$InputRunFileMonitor
local3.* @<remotesyslogIP>:<port>

and restart rsyslog.

Thanks @Alwin

John