Project

General

Profile

Actions

Bug #929

closed

Remote syslog not working

Added by orangepeel beef about 11 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Logging
Target version:
Start date:
09/29/2010
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.0
Affected Architecture:

Description

I have configured syslog to send to a remote host but it is not sending any traffic. Doing a tcpdump shows no syslog packets going anywhere.

running the command logger -h myhostip TESTING

results in a syslog message going to my loghost as expected, but the pfsense generated logs are never even attempting.

The syslog.conf file has no references to an external IP or host.

Actions #1

Updated by Chris Buechler about 11 years ago

  • Category set to Logging
  • Priority changed from Normal to High
  • Target version set to 2.0

this regressed somewhat recently

Actions #2

Updated by orangepeel beef about 11 years ago

I was previously running the Aug 28 build, and it existed there. Updated to latest build today and still there.

Actions #3

Updated by Tahar GUEBLI about 11 years ago

I'm using the version 2.0-Beta4 Wed. sep 29 12:15:10 EDT 2010

The logging on remote server work fine.

May be your setting in system log configuration is wrong !!

Actions #4

Updated by Pierre POMES about 11 years ago

I also confirm this is working in recent snapshots.

Can you give the syslog part of your /cf/conf/config.xml file ?

Actions #5

Updated by Chris Buechler about 11 years ago

Mine looks like this.

        <syslog>
                <nentries>1000</nentries>
                <remoteserver>10.0.0.20</remoteserver>
                <logall/>
                <enable/>
                <remoteserver2/>
                <remoteserver3/>
        </syslog>

But...

# grep 10.0.0.20 /var/etc/syslog.conf
#

Actions #6

Updated by orangepeel beef about 11 years ago

<syslog>
<reverse/>
<nentries>100</nentries>
<logall/>
<remoteserver>10.195.2.147</remoteserver>
<remoteserver2/>
<remoteserver3/>
<enable/>
</syslog>

  1. grep 10.195.2.147 /var/etc/syslog.conf #
  1. grep 10.195.2.147 /etc/syslog.conf #
Actions #7

Updated by Pierre POMES about 11 years ago

Mine is :

        <syslog>
                <nentries>50</nentries>
                <remoteserver>192.168.2.2</remoteserver>
                <remoteserver2/>
                <remoteserver3/>
                <filter/>
                <dhcp/>
                <portalauth/>
                <vpn/>
                <logall/>
                <system/>
                <enable/>
        </syslog>

So more (empty) stuff in it...

Can you try to save again in the screen ? Just to be sure this is not due a (bad) config upgrade ?

Actions #8

Updated by orangepeel beef about 11 years ago

Have unchecked and rechecked enable remote syslog multiple times, have removed the syslog server and put in a different one, have tried on 4 different pfsense hosts running on vmware. All have the same issue.

Actions #9

Updated by orangepeel beef about 11 years ago

they are all clustered though, Chris are your pfsense's clustered as well?

Actions #10

Updated by Pierre POMES about 11 years ago

Can you also send me your syslog.conf ?

Thanks,
Pierre

Actions #11

Updated by orangepeel beef about 11 years ago

# vi /var/etc/syslog.conf
!ntpdate,!ntpd
*.*                                      %/var/log/ntpd.log
!ppp
*.*                                      %/var/log/ppp.log
!pptp
*.*                                      %/var/log/pptp.log
!pppoe
*.*                                      %/var/log/pppoe.log
!l2tp
*.*                                      %/var/log/l2tp.log
!racoon
*.*                                      %/var/log/ipsec.log
!openvpn
*.*                                      %/var/log/openvpn.log
!apinger
*.*                                      %/var/log/apinger.log
!relayd
*.*                                             %/var/log/relayd.log
!-ntpd,racoon,openvpn
local0.*                                                                                 %/var/log/filte
r.log
local3.*                                                                                 %/var/log/vpn.l
og
local4.*                                                                                 %/var/log/porta
lauth.log
local7.*                                                                                 %/var/log/dhcpd
.log
*.notice;kern.debug;lpr.info;mail.crit;                  %/var/log/system.log
news.err;local0.none;local3.none;local4.none;    %/var/log/system.log
local7.none                                                                              %/var/log/syste
m.log
security.*                                                                               %/var/log/syste
m.log
auth.info;authpriv.info;daemon.info                              %/var/log/system.log
auth.info;authpriv.info                                                  |exec /usr/local/sbin/sshlockou
t_pf
*.emerg                                                                                  *

Actions #12

Updated by orangepeel beef about 11 years ago

problem seems to be when only ticking the checkbox for "Everything"

if i check all the checkboxes I get:

# cat /etc/syslog.conf
!ntpdate,!ntpd
*.*                                      %/var/log/ntpd.log
!ppp
*.*                                      %/var/log/ppp.log
!pptp
*.*                                      %/var/log/pptp.log
!pppoe
*.*                                      %/var/log/pppoe.log
!l2tp
*.*                                      %/var/log/l2tp.log
!racoon
*.*                                      %/var/log/ipsec.log
*.*                                      @10.195.2.147
!openvpn
*.*                                      %/var/log/openvpn.log
*.*                                      @10.195.2.147
!apinger
*.*                                      %/var/log/apinger.log
!relayd
*.*                                             %/var/log/relayd.log
!-ntpd,racoon,openvpn
local0.*                                                                                 %/var/log/filter.log
local3.*                                                                                 %/var/log/vpn.log
local4.*                                                                                 %/var/log/portalauth.log
local7.*                                                                                 %/var/log/dhcpd.log
*.notice;kern.debug;lpr.info;mail.crit;                  %/var/log/system.log
news.err;local0.none;local3.none;local4.none;    %/var/log/system.log
local7.none                                                                              %/var/log/system.log
security.*                                                                               %/var/log/system.log
auth.info;authpriv.info;daemon.info                              %/var/log/system.log
auth.info;authpriv.info                                                  |exec /usr/local/sbin/sshlockout_pf
*.emerg                                                                                  *
local0.*                         @10.195.2.147
local3.*                         @10.195.2.147
local4.*                         @10.195.2.147
local7.*                         @10.195.2.147
*.notice;kern.debug;lpr.info;mail.crit;                  @10.195.2.147
news.err;local0.none;local3.none;local7.none     @10.195.2.147
security.*                                                                               @10.195.2.147
auth.info;authpriv.info;daemon.info                              @10.195.2.147
*.emerg                                                                                  @10.195.2.147
*.*                                                             @10.195.2.147

Actions #13

Updated by Pierre POMES about 11 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Ok, thanks for this last report.

I just commited a fix, issue should be fixed now, it is working on my box.

Chris may you also try it ?

Pierre

Actions #14

Updated by orangepeel beef about 11 years ago

Looks like it is fixed. Thanks :)

Actions #15

Updated by Chris Buechler about 11 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF