[Solved] Strange behavior on Syslog. Needs restart for remote logging.

trekkiebr

Hi ! I would appreciate if someone have suggestions on this. I tried to search but I found just old threads.
Thank you and best regards.

I'm using PfSense 2.3.1 and configured it to send VPN logs to the remote host on the local subnet (same switch). Well, it works but i noticed this strange behavior:

1. Start the server (PfSense).
2. Logs are sent to remote host for about 10 seconds and stop.
3. I confirmed that tcpdump won't show packets leaving the firewall to the remote host (tcpdump -i re1 dst 192.168.0.200)
4. I confirmed that the syslog service is still running:

service syslogd status      = syslogd is running as pid 79364
    ps -aux | grep syslogd      = root 79364  0.0  0.1  14516  2316  -  Ss    1:34PM  0:00.04 /usr/sbin/syslogd
    pfctl -s states | grep :514 = re1 udp 1.2.3.4:514 -> 192.168.0.200:514      SINGLE:NO_TRAFFIC

*1.2.3.4 as my WAN addr.

4. If I restart the syslog service with "service syslogd restart" it starts sending logs to the remote host again, and doesn't stop anymore.

From the boot process, I noticed 3 related entries on system log:

syslogd exiting on signal 15
kernel boot file is /boot/kernel/kernel
syslogd sendto: No route to host

No route to host ? It's in the same subnet/switch.

trekkiebr

After two days I just found out that I should select LAN on Remote Logging Options / Source Address, to bind the correct interface. Now is working as expected.

Thanks.