pfSense

Description:

The pfSense SG-4100 stops sending logs to a Graylog server after the device hosting both the Graylog and NUT (Network UPS Tools) servers (IP: 192.168.255.253) is rebooted.
The issue occurs consistently upon reboot of this device, causing log transmission to cease.
This may be related to the NUT or Service_Watchdog packages, as log cessation coincides with NUT server connectivity issues (e.g., "Connection refused" errors in logs), or potentially due to the Graylog server being temporarily unavailable during the reboot.
To restore logging, I must manually navigate to Status > System Logs > Settings in the pfSense UI and click Save, after which logs resume being sent to the Graylog server.

Environment:
Hardware: Netgate SG-4100
pfSense Version: 25.07
Graylog Server: IP 192.168.255.253, Port 1514, located in LAN subnet
pfSense LAN IP: 192.168.255.249

Packages Installed:
acme
aws-wizard
ipsec-profile-wizard
Netgate_Firmware_Upgrade
Nexus
nmap
nut (client mode, UPS connected to another device)
pfBlockerNG-devel (IP feeds only, DNSBL disabled)
Service_Watchdog (monitoring NUT only)
System_Patches
WireGuard

Log Settings:
System Events
Firewall Events
DNS Events (Resolver/unbound, Forwarder/dnsmasq, filterdns)
DHCP Events (DHCP Daemon, DHCP Relay, DHCP Client)
General Authentication Events
VPN Events (IPsec, OpenVPN, L2TP, PPPoE Server)
Gateway Monitor Events
Routing Daemon Events (RADVD, UPnP, RIP, OSPF, BGP)
Network Time Protocol Events (NTP Daemon, NTP Client)

Source Address: LAN (IPv4)
IP: 192.168.255.253:1514

Logs: As you can see, uptime from the NUT/Graylog server is 10:30 hours and it matches when the logs stopped being sent.

NUT server uptime and date:

pi@rpi5:~ $ uptime
19:47:35 up 10:29, 1 user, load average: 0.12, 0.14, 0.20

pi@rpi5:~ $ date
Mon 11 Aug 19:47:35 -03 2025

Last logs received in Graylog server:

2025-08-11T09:17:19.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: Poll UPS [ups@192.168.255.253] failed - Server disconnected
2025-08-11T09:17:19.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: Communications with UPS ups@192.168.255.253 lost
2025-08-11T09:17:20.000-03:00 filterlog⁵⁶⁵²²: filterlog⁵⁶⁵²²: 248,,,1743618581,igc1.10,match,pass,in,4,0x0,,128,45212,0,DF,6,tcp,52,192.168.10.13,52.12.129.182,56752,443,0,S,2496449912,,65535,,mss;nop;wscale;nop;nop;sackOK
2025-08-11T09:17:24.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused
2025-08-11T09:17:27.000-03:00 filterlog⁵⁶⁵²²: filterlog⁵⁶⁵²²: 248,,,1743618581,igc1.10,match,pass,in,4,0x0,,128,60271,0,DF,6,tcp,52,192.168.10.13,23.96.180.189,56757,443,0,S,1343790073,,65535,,mss;nop;wscale;nop;nop;sackOK
2025-08-11T09:17:28.000-03:00 filterlog⁵⁶⁵²²: filterlog⁵⁶⁵²²: 248,,,1743618581,igc1.10,match,pass,in,4,0x0,,128,34081,0,DF,6,tcp,52,192.168.10.13,13.107.246.34,56758,443,0,S,1741948306,,65535,,mss;nop;wscale;nop;nop;sackOK
2025-08-11T09:17:29.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused
2025-08-11T09:17:34.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused
2025-08-11T09:17:39.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused
2025-08-11T09:17:44.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused
2025-08-11T09:17:48.000-03:00 filterlog⁵⁶⁵²²: filterlog⁵⁶⁵²²: 248,,,1743618581,igc1.10,match,pass,in,4,0x0,,128,28222,0,DF,17,udp,1280,192.168.10.13,35.227.242.200,53555,443,1260
2025-08-11T09:17:49.000-03:00 upsmon¹⁹¹²⁶: upsmon¹⁹¹²⁶: UPS [ups@192.168.255.253]: connect failed: Connection failure: Connection refused