Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Syslog service in pfSense v2.8.1 often stop itself

    Scheduled Pinned Locked Moved General pfSense Questions
    73 Posts 21 Posters 11.6k Views 21 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      geovaneg
      last edited by geovaneg

      Hi,

      Same problem here:

      "Nov 2 22:00:02 pfsense syslogd: sendto: Connection refused" (system.log)

      PfSense CE 2.8.1, remote logging enabled.

      Anothers instances 2.8 running OK.

      Workaround: whatchdog

      Thanks.

      Geovane

      1 Reply Last reply Reply Quote 0
      • T Offline
        tyros
        last edited by

        Same problem here on 2.8.1

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          Applying the workaround firewall rules will prevent it seeing the refusals so will not stop.

          1 Reply Last reply Reply Quote 0
          • G Offline
            geovaneg
            last edited by

            Hi,

            Apparently the rule isn't working because the traffic counters aren't incrementing. There's a "let out anything IPv4 from firewall host itself" rule with higher precedence that seems to be capturing UDP traffic to the remote syslog server, even though the new rule is of the "floating" type.

            @28 pass out inet all flags S/SA keep state (if-bound) allow-opts label "let out anything IPv4 from firewall host itself" ridentifier 1000003613
@46 pass quick inet proto udp from (self:3) to 10.0.1.19 no state label "USER_RULE: rule to avoid syslog stop bug" label "id:1762800608" ridentifier 1762800608

            Geovane

            M 1 Reply Last reply Reply Quote 0
            • M Offline
              mcury Rebel Alliance @geovaneg
              last edited by

              @geovaneg said in Syslog service in pfSense v2.8.1 often stop itself:

              Apparently the rule isn't working because the traffic counters aren't incrementing.

              Yeap, they should increment.

              82800c5e-e2fa-443d-966f-daf60c958949-image.png

              dead on arrival, nowhere to be found.

              1 Reply Last reply Reply Quote 0
              • G Offline
                geovaneg
                last edited by

                This is a VPN server located in the DMZ... It has no LAN interface, only a WAN and IPSEC interface, and the counters are not incrementing despite continuous traffic to the log server.

                be345213-0d0e-407e-b226-9fdece1e5073-image.png

                I might be forgetting something obvious, but I reviewed the settings and tested it more than twice.

                Geovane

                1 Reply Last reply Reply Quote 0
                • G Offline
                  geovaneg
                  last edited by

                  In any case, the watchdog isn't the perfect solution, but it did the job.

                  thanks

                  Geovane

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    Looks like you might have the source port set to 514 instead of the destination.

                    In your first screenshot it's not shown as an OUT rule also but it looks like you corrected that.

                    1 Reply Last reply Reply Quote 0
                    • T Offline
                      taz3146
                      last edited by

                      Same ongoing issue, remote syslog enabled, it seems rather random, but mostly when the logging machine is down, which is a linux vm on proxmox host.

                      1 Reply Last reply Reply Quote 0
                      • B Offline
                        Bria1972 @stephenw10
                        last edited by

                        @slu said in Syslog service in pfSense v2.8.1 often stop itself:

                        @jrey years ago there was a p1 release:
                        https://docs.netgate.com/pfsense/en/latest/releases/2-3-5-p1.html

                        Thanks for the source

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.