Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    syslogd broken when exporting logs to remote syslog server (just system events)

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 502 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      timboau 0
      last edited by

      If I select 'everything' in the syslog remote contents it doesnt appear to crash, spews data continiously - but i dont want everything.

      If I select just system events - it crashes.

      I'm continually having syslogd: exiting on signal 15 (then stopping logs)

      If I make a change to the setting/source address for example it will fire up for a while then stop.

      03-05-2020 13:27:09 Kernel.Info 192.168.1.249 Mar 5 13:27:09 syslogd: kernel boot file is /boot/kernel/kernel
      03-05-2020 13:27:09 Syslog.Error 192.168.1.249 Mar 5 13:27:09 syslogd: exiting on signal 15
      03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
      03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 check_reload_status: Syncing firewall
      03-05-2020 13:26:53 Local5.Error 192.168.1.249 Mar 5 13:26:53 pfsense.localdomain nginx: 2020/03/05 13:26:53 [error] 57700#100419: send() failed (54: Connection reset by peer)
      03-05-2020 13:24:05 Kernel.Info 192.168.1.249 Mar 5 13:24:04 syslogd: kernel boot file is /boot/kernel/kernel
      03-05-2020 13:24:04 Syslog.Error 192.168.1.249 Mar 5 13:24:04 syslogd: exiting on signal 15
      03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
      03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 check_reload_status: Syncing firewall
      03-05-2020 13:23:22 Local5.Error 192.168.1.249 Mar 5 13:23:22 pfsense.localdomain nginx: 2020/03/05 13:23:22 [error] 57884#100401: send() failed (54: Connection reset by peer)

      I have two units doing the same thing - they can log locally ok however thats not going to solve the problem with one I have thats crashing at 12:30 everyday. (nothing in cron I can see) - the other unit doesnt complain about the UUID

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        do you have suricata installed?
        12:30 it's the Update Start Time for it
        if you have it you need to -> Enable "Live Swap" reload of rules after downloading an update. Default is Not Checked
        and this will probably solve your problem

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        T 1 Reply Last reply Reply Quote 0
        • T
          timboau 0 @kiokoman
          last edited by

          @kiokoman thanks yes this might have started since suricata (since uninstalled) was installed.

          (Original problem) this thread is now related to syslogd crashing with individual selections are made rather than everything.

          1 Reply Last reply Reply Quote 0
          • T
            timboau 0
            last edited by

            This is still in cron

            30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables

            without suricata installed

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.