Project

General

Profile

Bug #929

Remote syslog not working

Added by orangepeel beef over 8 years ago. Updated over 8 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Logging
Target version:
Start date:
09/29/2010
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.0
Affected Architecture:

Description

I have configured syslog to send to a remote host but it is not sending any traffic. Doing a tcpdump shows no syslog packets going anywhere.

running the command logger -h myhostip TESTING

results in a syslog message going to my loghost as expected, but the pfsense generated logs are never even attempting.

The syslog.conf file has no references to an external IP or host.

Associated revisions

Revision 07bdaacd (diff)
Added by Pierre POMES over 8 years ago

Fix syslog.conf generation. Ticket #929

History

#1 Updated by Chris Buechler over 8 years ago

  • Category set to Logging
  • Priority changed from Normal to High
  • Target version set to 2.0

this regressed somewhat recently

#2 Updated by orangepeel beef over 8 years ago

I was previously running the Aug 28 build, and it existed there. Updated to latest build today and still there.

#3 Updated by Tahar GUEBLI over 8 years ago

I'm using the version 2.0-Beta4 Wed. sep 29 12:15:10 EDT 2010

The logging on remote server work fine.

May be your setting in system log configuration is wrong !!

#4 Updated by Pierre POMES over 8 years ago

I also confirm this is working in recent snapshots.

Can you give the syslog part of your /cf/conf/config.xml file ?

#5 Updated by Chris Buechler over 8 years ago

Mine looks like this.

        <syslog>
                <nentries>1000</nentries>
                <remoteserver>10.0.0.20</remoteserver>
                <logall/>
                <enable/>
                <remoteserver2/>
                <remoteserver3/>
        </syslog>

But...

# grep 10.0.0.20 /var/etc/syslog.conf
#

#6 Updated by orangepeel beef over 8 years ago

<syslog>
<reverse/>
<nentries>100</nentries>
<logall/>
<remoteserver>10.195.2.147</remoteserver>
<remoteserver2/>
<remoteserver3/>
<enable/>
</syslog>

  1. grep 10.195.2.147 /var/etc/syslog.conf #
  1. grep 10.195.2.147 /etc/syslog.conf #

#7 Updated by Pierre POMES over 8 years ago

Mine is :

        <syslog>
                <nentries>50</nentries>
                <remoteserver>192.168.2.2</remoteserver>
                <remoteserver2/>
                <remoteserver3/>
                <filter/>
                <dhcp/>
                <portalauth/>
                <vpn/>
                <logall/>
                <system/>
                <enable/>
        </syslog>

So more (empty) stuff in it...

Can you try to save again in the screen ? Just to be sure this is not due a (bad) config upgrade ?

#8 Updated by orangepeel beef over 8 years ago

Have unchecked and rechecked enable remote syslog multiple times, have removed the syslog server and put in a different one, have tried on 4 different pfsense hosts running on vmware. All have the same issue.

#9 Updated by orangepeel beef over 8 years ago

they are all clustered though, Chris are your pfsense's clustered as well?

#10 Updated by Pierre POMES over 8 years ago

Can you also send me your syslog.conf ?

Thanks,
Pierre

#11 Updated by orangepeel beef over 8 years ago

# vi /var/etc/syslog.conf
!ntpdate,!ntpd
*.*                                      %/var/log/ntpd.log
!ppp
*.*                                      %/var/log/ppp.log
!pptp
*.*                                      %/var/log/pptp.log
!pppoe
*.*                                      %/var/log/pppoe.log
!l2tp
*.*                                      %/var/log/l2tp.log
!racoon
*.*                                      %/var/log/ipsec.log
!openvpn
*.*                                      %/var/log/openvpn.log
!apinger
*.*                                      %/var/log/apinger.log
!relayd
*.*                                             %/var/log/relayd.log
!-ntpd,racoon,openvpn
local0.*                                                                                 %/var/log/filte
r.log
local3.*                                                                                 %/var/log/vpn.l
og
local4.*                                                                                 %/var/log/porta
lauth.log
local7.*                                                                                 %/var/log/dhcpd
.log
*.notice;kern.debug;lpr.info;mail.crit;                  %/var/log/system.log
news.err;local0.none;local3.none;local4.none;    %/var/log/system.log
local7.none                                                                              %/var/log/syste
m.log
security.*                                                                               %/var/log/syste
m.log
auth.info;authpriv.info;daemon.info                              %/var/log/system.log
auth.info;authpriv.info                                                  |exec /usr/local/sbin/sshlockou
t_pf
*.emerg                                                                                  *

#12 Updated by orangepeel beef over 8 years ago

problem seems to be when only ticking the checkbox for "Everything"

if i check all the checkboxes I get:

# cat /etc/syslog.conf
!ntpdate,!ntpd
*.*                                      %/var/log/ntpd.log
!ppp
*.*                                      %/var/log/ppp.log
!pptp
*.*                                      %/var/log/pptp.log
!pppoe
*.*                                      %/var/log/pppoe.log
!l2tp
*.*                                      %/var/log/l2tp.log
!racoon
*.*                                      %/var/log/ipsec.log
*.*                                      @10.195.2.147
!openvpn
*.*                                      %/var/log/openvpn.log
*.*                                      @10.195.2.147
!apinger
*.*                                      %/var/log/apinger.log
!relayd
*.*                                             %/var/log/relayd.log
!-ntpd,racoon,openvpn
local0.*                                                                                 %/var/log/filter.log
local3.*                                                                                 %/var/log/vpn.log
local4.*                                                                                 %/var/log/portalauth.log
local7.*                                                                                 %/var/log/dhcpd.log
*.notice;kern.debug;lpr.info;mail.crit;                  %/var/log/system.log
news.err;local0.none;local3.none;local4.none;    %/var/log/system.log
local7.none                                                                              %/var/log/system.log
security.*                                                                               %/var/log/system.log
auth.info;authpriv.info;daemon.info                              %/var/log/system.log
auth.info;authpriv.info                                                  |exec /usr/local/sbin/sshlockout_pf
*.emerg                                                                                  *
local0.*                         @10.195.2.147
local3.*                         @10.195.2.147
local4.*                         @10.195.2.147
local7.*                         @10.195.2.147
*.notice;kern.debug;lpr.info;mail.crit;                  @10.195.2.147
news.err;local0.none;local3.none;local7.none     @10.195.2.147
security.*                                                                               @10.195.2.147
auth.info;authpriv.info;daemon.info                              @10.195.2.147
*.emerg                                                                                  @10.195.2.147
*.*                                                             @10.195.2.147

#13 Updated by Pierre POMES over 8 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

Ok, thanks for this last report.

I just commited a fix, issue should be fixed now, it is working on my box.

Chris may you also try it ?

Pierre

#14 Updated by orangepeel beef over 8 years ago

Looks like it is fixed. Thanks :)

#15 Updated by Chris Buechler over 8 years ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF