2.0.3 spamming logfile with nsswitch warning
-
Is that showing in the system log, or otherwise which one?
-
@cmb:
Is that showing in the system log, or otherwise which one?
On my pfsense machine all logfiles under /var/log do not show this nsswitch warning. I only obtain this in the messages which are sent to my remote syslog server.
Remote syslog messages appear to be sent with SyslogLevel ".". I've select "Everything" under "System logs -> Settings -> Remote syslog servers". I conclude from this that those warning messages originate from local SyslogLevels "*.info", e.g. from "auth.info, authpriv.info, daemon.info" in /etc/syslog.conf.
-
I changed the remote syslog line of /etc/syslog.conf (-> /var/etc/syslog.conf) as recommended
from
*.* @to
*.info @but a subsequent change of the configuration of System logs from GUI undo the change to the file "syslog.conf" restoring the initial situation
-
@duke:
I changed the remote syslog line of /etc/syslog.conf (-> /var/etc/syslog.conf) as recommended
from
*.* @to
*.info @but a subsequent change of the configuration of System logs from GUI undo the change to the file "syslog.conf" restoring the initial situation
Well, this could only solved, if the SyslogLevel of remotely sent messages could be adjusted via the webGUI. May be, this would be nice to have, independently of the purpose of suppressing unwanted warnings :). Does anybody know if this feature is implemented in 2.1?
-
@cmb:
Is that showing in the system log, or otherwise which one?
No, not showing up in system logs. I'm not familiar with FreeBSD's syslog configuration, but I think that no rule will write "*.debug" messages to any file there.
OTOH the default remote rule "." sends ALL messages (including "*.debug") to the syslog host.
Bye
Sven
-
@cmb:
Is that showing in the system log, or otherwise which one?
No, not showing up in system logs. I'm not familiar with FreeBSD's syslog configuration, but I think that no rule will write "*.debug" messages to any file there.
OTOH the default remote rule "." sends ALL messages (including "*.debug") to the syslog host.
Bye
Sven
OK, that's consistent with my observation: May be there is no feedback from others, because pfSense (local) syslog looks the same as before the upgrade to 2.0.3. Only the messages sent to a remote syslog server do show this warning. Could anybody confirm or falsify this observation?
-
Googled "NSSWITCH(_nsdispatch): nis, passwd_compat, setpwent, not found, and no fallback provided" as I too am getting this since upgrade and found this page.
-
I'm on nanoBSD i386. upgrade from 2.0.2 to 2.0.3 was a disaster. Bootup would hang at Starting Firewall.
Turned on verbose logging, eventually bootup finishes but packages did not reinstall.
Getting message in syslog and console: kernel: t_delta 15.fd984de3455432fc too short etc.
Will try installing from scratch, maybe upgrade process just crapped out. Otherwise I'll go back to 2.0.2Well, these issues are looking even more serious than those nsswitch warnings. Maybe I missed it but are you getting the nsswitch warning besides your other problems? If yes, could you please give feedback I they do disappear after a clean install? I'm runing a NanoBSD image and it is a real pain to exchange CF card for re-imaging.
-
Googled "NSSWITCH(_nsdispatch): nis, passwd_compat, setpwent, not found, and no fallback provided" as I too am getting this since upgrade and found this page.
Inspired by your reply I've re-googled and found some hints that the nsswitch warning might disappear if /etc/nsswitch.conf is changed:
http://www.ivorde.ro/FreeBSD_Cron__NSSWITCH_nss_method_lookup_errors-44.html. The reference made the cron related nsswitch warnings disappear by changing "compat" to "files".I've too little experience with /etc/nsswitch.conf but would at least like to compare my current settings with a.) pfSense 2.0.1/2.0.2 and with b.) other pfSense 2.0.3 installations. My current 2.0.3 settings are:
group: compat group_compat: nis hosts: files dns networks: files passwd: compat passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: filesAre these settings as expected?
-
Did a install from scratch of 2.0.3 x86
Restore the configuration from 2.0.1
Packages: Backup, Cron, File Manager, pfBlocker, snort, System Patches, widescreenI get these 2013-04-25 18:30:00 Cron.Info 172.24.42.254 /usr/sbin/cron[57493]: (root) CMD (/usr/bin/nice -n20 /usr/local/bin/php -f /usr/local/pkg/snort/snort_check_cron_misc.inc)
2013-04-25 18:30:00 Cron.Debug 172.24.42.254 cron[57198]: NSSWITCH(_nsdispatch): nis, passwd_compat, endpwent, not found, and no fallback provided
2013-04-25 18:30:00 Cron.Debug 172.24.42.254 cron[57493]: NSSWITCH(_nsdispatch): nis, passwd_compat, endpwent, not found, and no fallback providedThese are every minutes:
2013-04-25 18:30:28 User.Debug 172.24.42.254 ps: NSSWITCH(_nsdispatch): nis, passwd_compat, setpwent, not found, and no fallback providedThe are only on the remote syslog server, not in the Status/System Logs
-
edit /etc/nsswitch.conf and see if setting things to "files" and commenting out the nis bits helps, such as:
group: files #group_compat: nis hosts: files dns networks: files passwd: files #passwd_compat: nis shells: files services: files #services_compat: nis protocols: files rpc: files -
edit /etc/nsswitch.conf and see if setting things to "files" and commenting out the nis bits helps, such as:
group: files #group_compat: nis hosts: files dns networks: files passwd: files #passwd_compat: nis shells: files services: files #services_compat: nis protocols: files rpc: filesDid that and now the messages are gone ;o)
Thanks :) -
edit /etc/nsswitch.conf and see if setting things to "files" and commenting out the nis bits helps, such as:
group: files #group_compat: nis hosts: files dns networks: files passwd: files #passwd_compat: nis shells: files services: files #services_compat: nis protocols: files rpc: filesNsswitch warnings immediately disappeared after having applied your changes. Thanks, Jim :).
Although I have some rough ideas about the success of your proposed changes, I would like to understand things a bit more in detail:
1.) Were the original nsswitch.conf settings wrong?
2.) Were the nsswitch warnings serious or could the have been ignored and what did the warnings mean?
3.) Why did pfSense 2.0.1 not show those warnings? I suppose 2.0.1 had the same e.g. original nsswitch.conf settings but cannot verify anymore.Could you please drop some lines on this?
-
1.) Were the original nsswitch.conf settings wrong?
Probably, but the way 2.0.1 was built the problem was masked/hidden.
2.) Were the nsswitch warnings serious or could the have been ignored and what did the warnings mean?
Harmless log spam.
3.) Why did pfSense 2.0.1 not show those warnings? I suppose 2.0.1 had the same e.g. original nsswitch.conf settings but cannot verify anymore.
There was a problem with the way the system was being built up until a week or two before 2.0.3 was released, so options in the build system to disable unneeded components of the base OS were being ignored in some cases. As a side effect of this, OpenSSL wasn't updating/working properly until we fixed it on 2.0.3 and 2.1.
The default nsswitch.conf on FreeBSD 8.1 apparently had the compat & nis bits in it. The default one on 8.3 (used for pfSense 2.1) just had 'files' there. We don't include nor need nis, so leaving it out is OK.
We just didn't catch that error on 2.0.3 in remote syslog before the release. It's a fairly easy fix for those who need it though, manually edit the file or gitsync to RELENG_2_0 to pick it up.
-
Thank you, Jim, for your explanations making me at least feel a bit wiser :)
-
Would a system patch be created?
-
-
See the last line of my last post.
I didn't know what gitsync meant :-[
I did the gitsync that also fix the ntp server timeout … great tool ;D
Thanks for all
