Project

General

Profile

Actions

Bug #16479

closed

syslog-ng 4.8.1 stops processing files after log rotation

Added by Ernesto Naraloni 13 days ago. Updated 11 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
System Logs
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.1
Affected Architecture:
amd64

Description

  1. Environment
    - pfSense Version: 2.8.1-RELEASE
  1. Issue
    Default `/etc/syslog.conf` includes directory `/var/etc/syslog.d` for configuration files, but no default rule exists to write to `/var/log/system.log`. This is the main system log file but it remains empty or contains only manually written entries.
  1. Evidence
  1. File exists but is not written to:
    ```bash
    ls la /var/log/system.log
    -rw------
    1 root wheel 89 Oct 10 12:33 /var/log/system.log
    ```
  1. Not in syslogd's open file descriptors:
    ```bash
    lsof -p $(pgrep syslogd | head -1) | grep system.log
    (no output)
    ```
  1. Default syslog.conf structure:
    ```bash
    cat /etc/syslog.conf
  1. Automatically generated, do not edit!
  2. Place configuration files in /var/etc/syslog.d
    !*
    include /var/etc/syslog.d
  3. /* Manually added files with non-conflicting names will not be automatically removed */
    ```
  1. No default file in syslog.d:
    ```bash
    ls /var/etc/syslog.d/
  1. No system.conf file present by default
    ```
  1. Impact
    - Main system log unavailable for troubleshooting
    - Loss of general system messages not captured by specialized logs
    - Administrators expect system.log to contain comprehensive system messages
    - Difficult to diagnose issues without central system log
  1. Expected Behavior
    `/var/log/system.log` should receive all or most system messages by default, as is standard practice in BSD and most Unix-like systems.
  1. Workaround
    Manual configuration required:
    ```bash
    echo "*.* /var/log/system.log" > /var/etc/syslog.d/system.conf
    service syslogd restart
    ```

Verify it works:
```bash
logger -t TEST "test message"
tail /var/log/system.log
```

  1. Suggested Fix
    Include a default `/var/etc/syslog.d/system.conf` file with appropriate rules for system.log, such as:
    ```
    *.* /var/log/system.log
    ```

Or ensure pfSense's automatic syslog.conf generation includes system.log configuration by default.

  1. Additional Information
    - This affects system observability and troubleshooting capabilities
    - Other specialized logs (auth.log, dhcpd.log, etc.) are properly configured
    - Only the main system.log is missing from default configuration
    - Issue may go unnoticed until administrators need to troubleshoot system-wide issues
Actions #1

Updated by Jim Pingle 11 days ago

  • Status changed from New to Rejected

I'm not sure what might be happening here but it's not clear what this bug report is for either. The subject says syslog-ng but is talking about base system syslogd files.

The base system has a line for system.log unless the user has chosen to disable local logging.

: grep system.log /var/etc/syslog.d/pfSense.conf
*.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info  /var/log/system.log

That is there before and after rotation.

Actions #2

Updated by Ernesto Naraloni 11 days ago

Jim Pingle wrote in #note-1:

I'm not sure what might be happening here but it's not clear what this bug report is for either. The subject says syslog-ng but is talking about base system syslogd files.

The base system has a line for system.log unless the user has chosen to disable local logging.

[...]

That is there before and after rotation.

Hi Jim,
You're absolutely right, and I apologize for the erroneous bug report.
I've now verified on my system:

/var/etc/syslog.d/pfSense.conf exists and contains the correct rule for system.log
The file is being written to properly
Everything is working as expected

I clearly made an error in my initial investigation when I reported that no files existed in /var/etc/syslog.d/. I should have been more thorough before filing the report.
I also apologize for the confusion in the title (mentioning syslog-ng instead of syslogd).
Thank you for your time, and sorry for the noise.
Best regards,
Ernesto

Actions

Also available in: Atom PDF