Bug #16479
closed
syslog-ng 4.8.1 stops processing files after log rotation
0%
Description
- Environment
- pfSense Version: 2.8.1-RELEASE
- Issue
Default `/etc/syslog.conf` includes directory `/var/etc/syslog.d` for configuration files, but no default rule exists to write to `/var/log/system.log`. This is the main system log file but it remains empty or contains only manually written entries.
- Evidence
- File exists but is not written to:
```bash
lsla /var/log/system.log1 root wheel 89 Oct 10 12:33 /var/log/system.log
-rw------
```
- Not in syslogd's open file descriptors:
```bash
lsof -p $(pgrep syslogd | head -1) | grep system.log
(no output)
```
- Default syslog.conf structure:
```bash
cat /etc/syslog.conf
- Automatically generated, do not edit!
- Place configuration files in /var/etc/syslog.d
!*
include /var/etc/syslog.d - /* Manually added files with non-conflicting names will not be automatically removed */
```
- No default file in syslog.d:
```bash
ls /var/etc/syslog.d/
- No system.conf file present by default
```
- Impact
- Main system log unavailable for troubleshooting
- Loss of general system messages not captured by specialized logs
- Administrators expect system.log to contain comprehensive system messages
- Difficult to diagnose issues without central system log
- Expected Behavior
`/var/log/system.log` should receive all or most system messages by default, as is standard practice in BSD and most Unix-like systems.
- Workaround
Manual configuration required:
```bash
echo "*.* /var/log/system.log" > /var/etc/syslog.d/system.conf
service syslogd restart
```
Verify it works:
```bash
logger -t TEST "test message"
tail /var/log/system.log
```
- Suggested Fix
Include a default `/var/etc/syslog.d/system.conf` file with appropriate rules for system.log, such as:
```
*.* /var/log/system.log
```
Or ensure pfSense's automatic syslog.conf generation includes system.log configuration by default.
- Additional Information
- This affects system observability and troubleshooting capabilities
- Other specialized logs (auth.log, dhcpd.log, etc.) are properly configured
- Only the main system.log is missing from default configuration
- Issue may go unnoticed until administrators need to troubleshoot system-wide issues
Updated by Jim Pingle 11 days ago
- Status changed from New to Rejected
I'm not sure what might be happening here but it's not clear what this bug report is for either. The subject says syslog-ng but is talking about base system syslogd files.
The base system has a line for system.log unless the user has chosen to disable local logging.
: grep system.log /var/etc/syslog.d/pfSense.conf *.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info /var/log/system.log
That is there before and after rotation.
Updated by Ernesto Naraloni 11 days ago
Jim Pingle wrote in #note-1:
I'm not sure what might be happening here but it's not clear what this bug report is for either. The subject says syslog-ng but is talking about base system syslogd files.
The base system has a line for system.log unless the user has chosen to disable local logging.
[...]
That is there before and after rotation.
Hi Jim,
You're absolutely right, and I apologize for the erroneous bug report.
I've now verified on my system:
/var/etc/syslog.d/pfSense.conf exists and contains the correct rule for system.log
The file is being written to properly
Everything is working as expected
I clearly made an error in my initial investigation when I reported that no files existed in /var/etc/syslog.d/. I should have been more thorough before filing the report.
I also apologize for the confusion in the title (mentioning syslog-ng instead of syslogd).
Thank you for your time, and sorry for the noise.
Best regards,
Ernesto