diff options
| author | jim-p <jimp@pfsense.org> | 2013-10-24 16:32:12 -0400 |
|---|---|---|
| committer | jim-p <jimp@pfsense.org> | 2013-10-24 16:33:56 -0400 |
| commit | cbe12b8de3fa374e535d4478ab84a4a2c5f6e725 (patch) | |
| tree | 741c11985b39b1e6bdc654bb68760a969afff0d7 | |
| parent | b8250344f5f02851259ffde6fed8da40ddeaf0af (diff) | |
| download | pfsense-cbe12b8de3fa374e535d4478ab84a4a2c5f6e725.zip pfsense-cbe12b8de3fa374e535d4478ab84a4a2c5f6e725.tar.gz | |
Add source address selection to syslog settings, so it can work more effectively over a VPN. Fixes #355
| -rw-r--r-- | etc/inc/system.inc | 18 | ||||
| -rwxr-xr-x | usr/local/www/diag_logs_settings.php | 38 |
2 files changed, 55 insertions, 1 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 689dec7..405785d 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -769,7 +769,23 @@ EOD; if (!is_dir("{$g['dhcpd_chroot_path']}/var/run")) exec("/bin/mkdir -p {$g['dhcpd_chroot_path']}/var/run"); - $retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf"); + $sourceip = ""; + if (!empty($syslogcfg['sourceip'])) { + if ($syslogcfg['ipproto'] == "ipv6") { + $ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ipv6($syslogcfg['sourceip']); + if (!is_ipaddr($ifaddr)) + $ifaddr = get_interface_ip($syslogcfg['sourceip']); + } else { + $ifaddr = is_ipaddr($syslogcfg['sourceip']) ? $syslogcfg['sourceip'] : get_interface_ip($syslogcfg['sourceip']); + if (!is_ipaddr($ifaddr)) + $ifaddr = get_interface_ipv6($syslogcfg['sourceip']); + } + if (is_ipaddr($ifaddr)) { + $sourceip = "-b {$ifaddr}"; + } + } + + $retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log -f {$g['varetc_path']}/syslog.conf {$sourceip}"); } else { $retval = mwexec_bg("/usr/sbin/syslogd -s -c -c -l {$g['dhcpd_chroot_path']}/var/run/log"); diff --git a/usr/local/www/diag_logs_settings.php b/usr/local/www/diag_logs_settings.php index 8e7513c..9c84f84 100755 --- a/usr/local/www/diag_logs_settings.php +++ b/usr/local/www/diag_logs_settings.php @@ -52,6 +52,8 @@ $pconfig['nentries'] = $config['syslog']['nentries']; $pconfig['remoteserver'] = $config['syslog']['remoteserver']; $pconfig['remoteserver2'] = $config['syslog']['remoteserver2']; $pconfig['remoteserver3'] = $config['syslog']['remoteserver3']; +$pconfig['sourceip'] = $config['syslog']['sourceip']; +$pconfig['ipproto'] = $config['syslog']['ipproto']; $pconfig['filter'] = isset($config['syslog']['filter']); $pconfig['dhcp'] = isset($config['syslog']['dhcp']); $pconfig['portalauth'] = isset($config['syslog']['portalauth']); @@ -106,6 +108,8 @@ if ($_POST) { $config['syslog']['remoteserver'] = $_POST['remoteserver']; $config['syslog']['remoteserver2'] = $_POST['remoteserver2']; $config['syslog']['remoteserver3'] = $_POST['remoteserver3']; + $config['syslog']['sourceip'] = $_POST['sourceip']; + $config['syslog']['ipproto'] = $_POST['ipproto']; $config['syslog']['filter'] = $_POST['filter'] ? true : false; $config['syslog']['dhcp'] = $_POST['dhcp'] ? true : false; $config['syslog']['portalauth'] = $_POST['portalauth'] ? true : false; @@ -325,6 +329,40 @@ function check_everything() { <td colspan="2" valign="top" class="listtopic"><?=gettext("Remote Logging Options");?></td> </tr> <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("Source Address"); ?></td> + <td width="78%" class="vtable"> + <select name="sourceip" class="formselect"> + <option value="">Default (any)</option> + <?php $sourceips = get_possible_traffic_source_addresses(false); + foreach ($sourceips as $sip): + $selected = ""; + if (!link_interface_to_bridge($sip['value']) && ($sip['value'] == $pconfig['sourceip'])) + $selected = 'selected="selected"'; + ?> + <option value="<?=$sip['value'];?>" <?=$selected;?>> + <?=htmlspecialchars($sip['name']);?> + </option> + <?php endforeach; ?> + </select> + <br/> + <?= gettext("This option will allow the logging daemon to bind to a single IP address, rather than all IP addresses."); ?> + <?= gettext("If you pick a single IP, remote syslog severs must all be of that IP type. If you wish to mix IPv4 and IPv6 remote syslog servers, you must bind to all interfaces."); ?> + <br/><br/> + <?= gettext("NOTE: If an IP address cannot be located on the chosen interface, the daemon will bind to all addresses."); ?> + </td> + </tr> + <tr> + <td width="22%" valign="top" class="vncell"><?=gettext("IP Protocol"); ?></td> + <td width="78%" class="vtable"> + <select name="ipproto" class="formselect"> + <option value="ipv4" <?php if ($ipproto == "ipv4") echo 'selected="selected"' ?>>IPv4</option> + <option value="ipv6" <?php if ($ipproto == "ipv6") echo 'selected="selected"' ?>>IPv6</option> + </select> + <br/> + <?= gettext("This option is only used when a non-default address is chosen as the source above. This option only expresses a preference; If an IP address of the selected type is not found on the chosen interface, the other type will be tried."); ?> + </td> + </tr> + <tr> <td width="22%" valign="top" class="vncell"><?=gettext("Enable Remote Logging");?></td> <td width="78%" class="vtable"> <input name="enable" type="checkbox" id="enable" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)"> <strong><?=gettext("Send log messages to remote syslog server");?></strong></td> |
