Regression #16362
open
syslogd can die if a remote syslog server refuses connection
0%
Description
When a remote syslog server is configured for logging but that host replies to syslog traffic with 'connection refused' it can cause syslogd to be killed in pfSense.
So that requires the remote host to be UP (responds to ARP) and not blocking the connection and not accepting syslog traffic.
Logged locally:
Aug 11 16:05:07 syslogd sendto: Connection refused
After some time syslogd will die without logging anything.
Tested: 25.07, 2.8.0, 2.8.1-RC
Updated by Kristof Provost 25 days ago
I can't reproduce this.
In my test I did see that syslogd noticed the error (ECONNREFUSED) and then marked the destination as UNUSED. It will then no longer attempt to deliver to that destination.
Arguably that's wrong, because this could be a temporary error so I'd argue it should keep trying, but syslogd does not exit.
I'll post a review to upstream freebsd to address that bit.
When you say "After some time" is that after a few seconds, minutes, hours, days, ...?
Updated by Steve Wheeler 25 days ago
In my test setup it was of the order of 10mins.