# Configure syslogd log to remote server via NAT



## ChuyenGiaSon (Jun 12, 2016)

Hello, we have a FreeBSD remote syslog in WAN network and several FreeBSD servers in LAN. 

FreeBSD servers in LAN will send syslog message to remote server in WAN. Router GW will do the outbound  NAT which translate the source IP address of LAN server to WAN IP address of GW. The problem is, remote syslog only see log messages come from 1 IP, public IP address of GW. So, it detect the messages come from GW, not server in LAN. 

Is there any configuration that can help remote syslog in WAN, detect right messages from right server?


----------



## gentoobob (Jun 12, 2016)

- Buy a block of IP's.  Do 1-to-1 NAT on your router for the server behind it. 
or
- Create a tunnel/VPN to the remote server


----------



## ChuyenGiaSon (Jun 13, 2016)

gentoobob said:


> - Buy a block of IP's.  Do 1-to-1 NAT on your router for the server behind it.
> or
> - Create a tunnel/VPN to the remote server


tks, is there anyway to pass a prefix (ie : hostname) to each log message, so syslog server can detect which log message come from which server?


----------



## SirDice (Jun 13, 2016)

I would suggest using a VPN. You really do not want to send syslog messages over the internet "naked". Syslog is UDP, clear-text and is easily spoofed. So you're setting up the receiving end to get a bunch of fake messages that can easily fill up your /var/log.


----------



## ChuyenGiaSon (Jun 21, 2016)

My gw router using pfsense, and I noticed smt very strange 
- when client in LAN send syslog to remote using UDP, port 514, all syslog packet are NAT via pfsense device. 
- when client in LAN send syslog to remove using different UDP port, source IP of syslog packet are kept after go out of GW. 
Anyone know why ?


----------



## SirDice (Jun 21, 2016)

Questions specific to pfSense should be asked on the pfSense forums.

PC-BSD, FreeNAS, NAS4Free, and all other FreeBSD Derivatives


----------

