Bug #929
closed
Remote syslog not working
Added by orangepeel beef over 13 years ago. Updated over 13 years ago.
100%
Description
I have configured syslog to send to a remote host but it is not sending any traffic. Doing a tcpdump shows no syslog packets going anywhere.
running the command logger -h myhostip TESTING
results in a syslog message going to my loghost as expected, but the pfsense generated logs are never even attempting.
The syslog.conf file has no references to an external IP or host.
Updated by Chris Buechler over 13 years ago
- Category set to Logging
- Priority changed from Normal to High
- Target version set to 2.0
this regressed somewhat recently
Updated by orangepeel beef over 13 years ago
I was previously running the Aug 28 build, and it existed there. Updated to latest build today and still there.
Updated by Tahar GUEBLI over 13 years ago
I'm using the version 2.0-Beta4 Wed. sep 29 12:15:10 EDT 2010
The logging on remote server work fine.
May be your setting in system log configuration is wrong !!
Updated by Pierre POMES over 13 years ago
I also confirm this is working in recent snapshots.
Can you give the syslog part of your /cf/conf/config.xml file ?
Updated by Chris Buechler over 13 years ago
Mine looks like this.
<syslog>
<nentries>1000</nentries>
<remoteserver>10.0.0.20</remoteserver>
<logall/>
<enable/>
<remoteserver2/>
<remoteserver3/>
</syslog>
But...
# grep 10.0.0.20 /var/etc/syslog.conf #
Updated by orangepeel beef over 13 years ago
<syslog>
<reverse/>
<nentries>100</nentries>
<logall/>
<remoteserver>10.195.2.147</remoteserver>
<remoteserver2/>
<remoteserver3/>
<enable/>
</syslog>
- grep 10.195.2.147 /var/etc/syslog.conf #
- grep 10.195.2.147 /etc/syslog.conf #
Updated by Pierre POMES over 13 years ago
Mine is :
<syslog>
<nentries>50</nentries>
<remoteserver>192.168.2.2</remoteserver>
<remoteserver2/>
<remoteserver3/>
<filter/>
<dhcp/>
<portalauth/>
<vpn/>
<logall/>
<system/>
<enable/>
</syslog>
So more (empty) stuff in it...
Can you try to save again in the screen ? Just to be sure this is not due a (bad) config upgrade ?
Updated by orangepeel beef over 13 years ago
Have unchecked and rechecked enable remote syslog multiple times, have removed the syslog server and put in a different one, have tried on 4 different pfsense hosts running on vmware. All have the same issue.
Updated by orangepeel beef over 13 years ago
they are all clustered though, Chris are your pfsense's clustered as well?
Updated by Pierre POMES over 13 years ago
Can you also send me your syslog.conf ?
Thanks,
Pierre
Updated by orangepeel beef over 13 years ago
# vi /var/etc/syslog.conf !ntpdate,!ntpd *.* %/var/log/ntpd.log !ppp *.* %/var/log/ppp.log !pptp *.* %/var/log/pptp.log !pppoe *.* %/var/log/pppoe.log !l2tp *.* %/var/log/l2tp.log !racoon *.* %/var/log/ipsec.log !openvpn *.* %/var/log/openvpn.log !apinger *.* %/var/log/apinger.log !relayd *.* %/var/log/relayd.log !-ntpd,racoon,openvpn local0.* %/var/log/filte r.log local3.* %/var/log/vpn.l og local4.* %/var/log/porta lauth.log local7.* %/var/log/dhcpd .log *.notice;kern.debug;lpr.info;mail.crit; %/var/log/system.log news.err;local0.none;local3.none;local4.none; %/var/log/system.log local7.none %/var/log/syste m.log security.* %/var/log/syste m.log auth.info;authpriv.info;daemon.info %/var/log/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockou t_pf *.emerg *
Updated by orangepeel beef over 13 years ago
problem seems to be when only ticking the checkbox for "Everything"
if i check all the checkboxes I get:
# cat /etc/syslog.conf !ntpdate,!ntpd *.* %/var/log/ntpd.log !ppp *.* %/var/log/ppp.log !pptp *.* %/var/log/pptp.log !pppoe *.* %/var/log/pppoe.log !l2tp *.* %/var/log/l2tp.log !racoon *.* %/var/log/ipsec.log *.* @10.195.2.147 !openvpn *.* %/var/log/openvpn.log *.* @10.195.2.147 !apinger *.* %/var/log/apinger.log !relayd *.* %/var/log/relayd.log !-ntpd,racoon,openvpn local0.* %/var/log/filter.log local3.* %/var/log/vpn.log local4.* %/var/log/portalauth.log local7.* %/var/log/dhcpd.log *.notice;kern.debug;lpr.info;mail.crit; %/var/log/system.log news.err;local0.none;local3.none;local4.none; %/var/log/system.log local7.none %/var/log/system.log security.* %/var/log/system.log auth.info;authpriv.info;daemon.info %/var/log/system.log auth.info;authpriv.info |exec /usr/local/sbin/sshlockout_pf *.emerg * local0.* @10.195.2.147 local3.* @10.195.2.147 local4.* @10.195.2.147 local7.* @10.195.2.147 *.notice;kern.debug;lpr.info;mail.crit; @10.195.2.147 news.err;local0.none;local3.none;local7.none @10.195.2.147 security.* @10.195.2.147 auth.info;authpriv.info;daemon.info @10.195.2.147 *.emerg @10.195.2.147 *.* @10.195.2.147
Updated by Pierre POMES over 13 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Ok, thanks for this last report.
I just commited a fix, issue should be fixed now, it is working on my box.
Chris may you also try it ?
Pierre
Updated by Chris Buechler over 13 years ago
- Status changed from Feedback to Resolved