[RESOLVED] Syslog Bug

zekicker · Jun 2, 2017, 5:24 PM

Hello,

I think I found a bug with the process of sending log to a remote server.

Filter logs are sent like this :
Jun 2 19:14:18 filterlog: 86,16777216,,1491408988,em0,match,pass,in,4,0x0,,125,30221,0,DF,6,tcp,52,<ipsrc>,<ipdst>,51403,443,0,S,320298021,,65535,,mss;nop;wscale;nop;nop;sackOK

The hostname is missing between the date and the word "filterlog".
I did a capture on the pfsense and the logs are sent like this for filterlog. No problem with nginx logs.

I m using the last 2.3.4 version.
Regards,</ipdst></ipsrc>

jimp · Jun 6, 2017, 2:39 PM

Not a bug. syslogd on FreeBSD does not send the hostname. The remote log server usually adds the hostname itself based on the source of the log entries.

You could maybe setup the syslog-ng package if it's more to your liking.

zekicker · Jun 7, 2017, 8:50 AM

OK but why is there a difference with a nginx log ?

Jun 2 13:28:30 <hostname></hostname><fqdn>nginx: <ip>- - [02/Jun/2017:13:28:30 +0200] "GET /status_logs_filter_dynamic.php?&logfile=/var/log/filter.log&nentries=50&lastsawtime=1496402757 HTTP/1.1" 200 31 "https://<ip>/status_logs_filter_dynamic.php?logfile=filter&view=dynamic" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:50.0) Gecko/20100101 Firefox/5CLOG</ip></ip></fqdn>

kpa · Jun 7, 2017, 9:54 AM

Nginx as far as I know writes its logs directly using its own log formatting that has nothing to do with syslog(3).

zekicker · Jun 7, 2017, 11:59 AM

Hello,

Thanks for your answer.

Regards,