[Solved] Strange behavior on Syslog. Needs restart for remote logging.
Hi ! I would appreciate if someone have suggestions on this. I tried to search but I found just old threads.
Thank you and best regards.
I'm using PfSense 2.3.1 and configured it to send VPN logs to the remote host on the local subnet (same switch). Well, it works but i noticed this strange behavior:
- Start the server (PfSense).
- Logs are sent to remote host for about 10 seconds and stop.
- I confirmed that tcpdump won't show packets leaving the firewall to the remote host (tcpdump -i re1 dst 192.168.0.200)
- I confirmed that the syslog service is still running:
service syslogd status = syslogd is running as pid 79364
ps -aux | grep syslogd = root 79364 0.0 0.1 14516 2316 - Ss 1:34PM 0:00.04 /usr/sbin/syslogd
pfctl -s states | grep :514 = re1 udp 22.214.171.124:514 -> 192.168.0.200:514 SINGLE:NO_TRAFFIC
*126.96.36.199 as my WAN addr.
- If I restart the syslog service with "service syslogd restart" it starts sending logs to the remote host again, and doesn't stop anymore.
From the boot process, I noticed 3 related entries on system log:
syslogd exiting on signal 15
kernel boot file is /boot/kernel/kernel
syslogd sendto: No route to host
No route to host ? It's in the same subnet/switch.
After two days I just found out that I should select LAN on Remote Logging Options / Source Address, to bind the correct interface. Now is working as expected.