syslogd broken when exporting logs to remote syslog server (just system events)
-
If I select 'everything' in the syslog remote contents it doesnt appear to crash, spews data continiously - but i dont want everything.
If I select just system events - it crashes.
I'm continually having syslogd: exiting on signal 15 (then stopping logs)
If I make a change to the setting/source address for example it will fire up for a while then stop.
03-05-2020 13:27:09 Kernel.Info 192.168.1.249 Mar 5 13:27:09 syslogd: kernel boot file is /boot/kernel/kernel
03-05-2020 13:27:09 Syslog.Error 192.168.1.249 Mar 5 13:27:09 syslogd: exiting on signal 15
03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 check_reload_status: Syncing firewall
03-05-2020 13:26:53 Local5.Error 192.168.1.249 Mar 5 13:26:53 pfsense.localdomain nginx: 2020/03/05 13:26:53 [error] 57700#100419: send() failed (54: Connection reset by peer)
03-05-2020 13:24:05 Kernel.Info 192.168.1.249 Mar 5 13:24:04 syslogd: kernel boot file is /boot/kernel/kernel
03-05-2020 13:24:04 Syslog.Error 192.168.1.249 Mar 5 13:24:04 syslogd: exiting on signal 15
03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 check_reload_status: Syncing firewall
03-05-2020 13:23:22 Local5.Error 192.168.1.249 Mar 5 13:23:22 pfsense.localdomain nginx: 2020/03/05 13:23:22 [error] 57884#100401: send() failed (54: Connection reset by peer)I have two units doing the same thing - they can log locally ok however thats not going to solve the problem with one I have thats crashing at 12:30 everyday. (nothing in cron I can see) - the other unit doesnt complain about the UUID
-
do you have suricata installed?
12:30 it's the Update Start Time for it
if you have it you need to -> Enable "Live Swap" reload of rules after downloading an update. Default is Not Checked
and this will probably solve your problem -
@kiokoman thanks yes this might have started since suricata (since uninstalled) was installed.
(Original problem) this thread is now related to syslogd crashing with individual selections are made rather than everything.
-
This is still in cron
30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables
without suricata installed