Actions
Bug #16479
closed
syslog-ng 4.8.1 stops processing files after log rotation
Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
System Logs
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.8.1
Affected Architecture:
amd64
Description
- Environment
- pfSense Version: 2.8.1-RELEASE
- Issue
Default `/etc/syslog.conf` includes directory `/var/etc/syslog.d` for configuration files, but no default rule exists to write to `/var/log/system.log`. This is the main system log file but it remains empty or contains only manually written entries.
- Evidence
- File exists but is not written to:
```bash
lsla /var/log/system.log1 root wheel 89 Oct 10 12:33 /var/log/system.log
-rw------
```
- Not in syslogd's open file descriptors:
```bash
lsof -p $(pgrep syslogd | head -1) | grep system.log
(no output)
```
- Default syslog.conf structure:
```bash
cat /etc/syslog.conf
- Automatically generated, do not edit!
- Place configuration files in /var/etc/syslog.d
!*
include /var/etc/syslog.d - /* Manually added files with non-conflicting names will not be automatically removed */
```
- No default file in syslog.d:
```bash
ls /var/etc/syslog.d/
- No system.conf file present by default
```
- Impact
- Main system log unavailable for troubleshooting
- Loss of general system messages not captured by specialized logs
- Administrators expect system.log to contain comprehensive system messages
- Difficult to diagnose issues without central system log
- Expected Behavior
`/var/log/system.log` should receive all or most system messages by default, as is standard practice in BSD and most Unix-like systems.
- Workaround
Manual configuration required:
```bash
echo "*.* /var/log/system.log" > /var/etc/syslog.d/system.conf
service syslogd restart
```
Verify it works:
```bash
logger -t TEST "test message"
tail /var/log/system.log
```
- Suggested Fix
Include a default `/var/etc/syslog.d/system.conf` file with appropriate rules for system.log, such as:
```
*.* /var/log/system.log
```
Or ensure pfSense's automatic syslog.conf generation includes system.log configuration by default.
- Additional Information
- This affects system observability and troubleshooting capabilities
- Other specialized logs (auth.log, dhcpd.log, etc.) are properly configured
- Only the main system.log is missing from default configuration
- Issue may go unnoticed until administrators need to troubleshoot system-wide issues
Updated by 
Updated by
Actions