pfSense

Unfortunately it appears that syslogd can only send to IPv6 when using a hostname that resolves to a quad A. I have tried with and without brackets and syslogd simply never sends the frames out when specifying an IPv6 address.

It's still an open issue on FreeBSD, so nothing we can really do here.
http://www.freebsd.org/cgi/query-pr.cgi?pr=150530&cat=misc

I'll commit a fix to place the address in brackets before writing the config, so that whenever that does get patched, it will work.

IPv6 IP fixed up in bd29bb7baa068cb92828461207ea35f74b6c2383

Looking at the patch in the FreeBSD PR to see if we can use it somehow...

Included the patch from the PR in snapshots to test it, and it doesn't seem to work. Like the other guy who posted on the PR, I receive an error:

syslogd: servname not supported for ai_socktype: Bad file descriptor

No error here, it's working for me. I couldn't test it with an actual IPv6 capable syslog server but I captured the packets on the router itself. I'm using the nanobsd snapshot dated "Tue Apr 10 21:44:04 EDT 2012" where I manually applied the configuration patch and replaced the syslogd binary with one I just built using the usual pfsense.ova way.

What platform are you using?

Using a full install on the latest snapshot.

I thought perhaps the formatting was throwing it off, so I tried it with a short IPv6 IP, an uncompressed IP, and then one fully expanded, and then each variation using the literal syntax with a port number. All generated the same error:

syslogd: servname not supported for ai_socktype: Bad file descriptor

And with tcpdump I get no data leaving on the syslog port.

It would be interesting to see if you still see success with the latest snapshot instead of with things manually applied.

Yours is larger because the binary is not stripped. I inspected the source and found that the patch was applied even on mine that does not work.

So there must be something else going on that's making it work for you and not me. Out of curiosity, do you mind sharing what exact IPv6 IP you used as the target?

It's not the configured IPv6 IP as one binary is working and the other one is not. But I noticed that I may have used the "wrong" binary, e.g. not the one which is shipped in the image.

I'm not yet too familiar how pfSense is built but the working binary that I manually copied was located in "/usr/obj.pfSense/i386/usr/pfSensesrc/src/usr.sbin/syslogd". A comparison showed that its source code (/usr/pfSensesrc/src/usr.sbin/syslogd) is newer than the one in pfPorts (syslogd-r222550).

Does that information help?

That may be the difference, as I don't remember it being pfPorts before. Somewhere along the way we may have switched to that one, and it doesn't include the right patches yet. I'll poke at that when I get some time (probably not today)

I added a patch to the pfPort and rebuilt it on the snapshot servers, we'll see how it goes.

Copied one of the resulting binaries to a VM and that does seem to have done the trick, I'm getting messages to my server (now to sort out reverse DNS there so it actually goes to the right file...)

The binary is correct now but for whatever reason at bootup it does not send logs over IPv6. If you save the syslog settings or restart syslogd, it works. If I enable syslogd's debug mode (-d) in system.inc to see why, it sends them, but leaving debug enabled isn't viable long-term. No errors are produced that I can see.

IPv4 remote logging works at bootup, so who knows what the real difference is there.

I added a cheap fix, if we have an ipv6 forwarding IP for syslog, it restarts syslog at the end of the boot cycle, which makes forwarding work.