Log Server

A signed log server

Collect your firewall's syslog traffic, correlate it with guest sessions, sign it daily and retain it for the required period. With on-premise deployment.

See On-Premise Setup

How it works

1. Forward syslog

Forward your firewall's syslog output to the log server.

2. Sources are auto-detected

The server parses incoming logs and automatically classifies the device type.

3. Daily signing

Logs are signed daily with a SHA-256 chain; a qualified timestamp can be added optionally.

4. Search, verify, download

Search logs from the panel, correlate an IP to a guest, verify the signature in one click and download the archive.

Why Captivo Log Server?

  • Syslog collection from pfSense, OPNsense, MikroTik and FortiGate
  • Automatic parsing and device-type classification
  • IP → guest correlation: matches which session produced which traffic
  • Daily Ed25519 signature + optional qualified timestamp
  • Tamper detection with one-click verification
  • 2-year retention, compliant cleanup and archive download

Frequently Asked Questions

Which devices' logs does it collect?

Syslog output from pfSense, OPNsense, MikroTik and FortiGate is collected and parsed automatically. Unknown sources can be assigned from the panel.

How are logs signed?

Logs are sealed daily with a SHA-256 day chain and an Ed25519 signature. A qualified-timestamp integration is available for those who need official timestamping.

Can tampering be detected?

Yes. You can verify any day in one click from the panel; if the signature chain is broken, tampering is immediately visible.

How long are logs retained?

They are retained for 2 years per legal requirements, then cleaned up in a compliant way. It runs with an on-premise deployment.

Automate legal logging

Collect firewall traffic, sign it and verify in one click.

See On-Premise Setup