Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System Logs Format (rsyslog)

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 4 Posters 2.5k Views 4 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • arrmoA Offline
      arrmo
      last edited by

      No worries, understand the caveats, legal-ize, etc. ... LOL.

      Thanks! I may go this way - then of course need to see if I can tweak the output format (i.e. need to modify the syslogd options a bit, to output the needed format).

      Thanks again.

      1 Reply Last reply Reply Quote 0
      • arrmoA Offline
        arrmo
        last edited by

        OK, shifted to v2.5, seem to have the new and improved version of syslogd ... :-). Meaning, the -O format option exists. Perfect!

        Now, how to modify the execution script to have this added to the command? I just need to find that.

        1 Reply Last reply Reply Quote 0
        • arrmoA Offline
          arrmo
          last edited by

          Checked the output, working great now - thanks for all the help!

          Need to figure out the next step - would be nice to have this as a (GUI) option ... it's pretty simple. Just need to figure out how / where to suggest it.

          Thanks again.

          1 Reply Last reply Reply Quote 0
          • kiokomanK Offline
            kiokoman LAYER 8
            last edited by

            i still see syslogd on my 2.5.0
            you can place additional configuration files in /var/etc/syslog.d
            best place to ask for new features is https://redmine.pfsense.org/

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              Yup or pull-requests directly in github: https://github.com/pfsense

              Steve

              1 Reply Last reply Reply Quote 0
              • jimpJ Offline
                jimp Rebel Alliance Developer Netgate
                last edited by

                I made an issue for it here: https://redmine.pfsense.org/issues/9808

                Should be simple enough to code, I'll get to it before long, assuming someone doesn't send in a PR first.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 2
                • arrmoA Offline
                  arrmo
                  last edited by

                  Thanks! I was going to do that - just hadn't had a chance to yet.

                  1 Reply Last reply Reply Quote 0
                  • kiokomanK Offline
                    kiokoman LAYER 8
                    last edited by kiokoman

                    yes ... it was easy to add the gui fuction

                    Immagine.jpg

                    the problem is that if i set rfc5424
                    remote syslog still work

                    [2.5.0-DEVELOPMENT][root@pfSense.localdomain]/usr/local/www: ps aux | grep syslogd
                    root  76833   0.0  0.1  11376   2836  -  Ss   23:18       0:00.03 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -O rfc5424
                    root  62262   0.0  0.1  11144   2636  0  S+   23:19       0:00.00 grep syslogd
                    [2.5.0-DEVELOPMENT][root@pfSense.localdomain]/usr/local/www: ps aux | grep syslogd
                    root  74853   0.0  0.1  11376   2836  -  Ss   23:20       0:00.07 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -O rfc3164
                    root   3527   0.0  0.1  11144   2636  0  S+   23:30       0:00.00 grep syslogd
                    

                    this are just example
                    on my rsyslog server, there is only the hostname instead of the ip, it is able to filter the incoming log

                    Oct  3 23:19:39 pfSense.localdomain radvd[28029] resuming normal operation
                    Oct  3 23:19:55 pfSense.localdomain radvd[28029] IPv6 forwarding on interface seems to be disabled, but continuing anyway
                    Oct  3 23:19:55 pfSense.localdomain radvd[28029] message repeated 2 times: [IPv6 forwarding on interface seems to be disabled, but continuing anyway]
                    Oct  3 23:20:09 172.17.0.254 radvd[28029]: attempting to reread config file
                    Oct  3 23:20:09 172.17.0.254 radvd[28029]: IPv6 forwarding on interface seems to be disabled, but continuing anyway
                    Oct  3 23:20:09 172.17.0.254 radvd[28029]: message repeated 5 times: [ IPv6 forwarding on interface seems to be disabled, but continuing anyway]
                    

                    anyway this is what is written inside pfsense

                    <190>1 2019-10-03T23:19:39.586931+02:00 pfSense.localdomain dhcpd 57488 - - Listening on Socket/6/ix0/2001:470:26:5dc::/64
                    <190>1 2019-10-03T23:19:39.586942+02:00 pfSense.localdomain dhcpd 57488 - - Sending on   Socket/6/ix0/2001:470:26:5dc::/64
                    <190>1 2019-10-03T23:19:39.586942+02:00 pfSense.localdomain dhcpd 57488 - - Sending on   Socket/6/ix0/2001:470:26:5dc::/64
                    <190>1 2019-10-03T23:19:39.587172+02:00 pfSense.localdomain dhcpd 57488 - - Server starting service.
                    <190>1 2019-10-03T23:19:39.587172+02:00 pfSense.localdomain dhcpd 57488 - - Server starting service.
                    Oct  3 23:20:08 pfSense dhcpd[85579]: Internet Systems Consortium DHCP Server 4.4.1
                    Oct  3 23:20:08 pfSense dhcpd[85579]: Internet Systems Consortium DHCP Server 4.4.1
                    Oct  3 23:20:08 pfSense dhcpd[85579]: Copyright 2004-2018 Internet Systems Consortium.
                    Oct  3 23:20:08 pfSense dhcpd[85579]: Copyright 2004-2018 Internet Systems Consortium.
                    Oct  3 23:20:08 pfSense dhcpd[85579]: All rights reserved.
                    Oct  3 23:20:08 pfSense dhcpd[85579]: All rights reserved.
                    

                    but from the gui i'm unable to see any log (i see only rfc3164) , i think that log filters also need to be adjusted based on rfc selected. and ... well ... that it's not easy for me 😂

                    ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
                    Please do not use chat/PM to ask for help
                    we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
                    Don't forget to Upvote with the 👍 button for any post you find to be helpful.

                    1 Reply Last reply Reply Quote 0
                    • jimpJ Offline
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      Finally had time to pivot back to this one. I pushed a fix that seems to do a decent job of parsing dynamically, even when the logs contain a mix of entries in different formats.

                      It should show up in snapshots soon.

                      https://redmine.pfsense.org/issues/9808
                      https://github.com/pfsense/pfsense/commit/b16c3a12c61c117e9c8140b115efc7f9acea96c5

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      arrmoA 2 Replies Last reply Reply Quote 4
                      • arrmoA Offline
                        arrmo @jimp
                        last edited by

                        @jimp Awesome, thanks! Will give it a try once it's in a snapshot. Much appreciated!

                        1 Reply Last reply Reply Quote 0
                        • arrmoA Offline
                          arrmo @jimp
                          last edited by

                          @jimp Seems to be working - thanks so much! Will keep an eye on it, let you know if I come across any issues. Much appreciated!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.