syslog-ng rotates TLS key



  • I noticed recently a pfSense device stopped logging to our remote TLS syslog server. After investigating, I found the TLS key had been automatically configured to be archived and rotated like a log file.

    syslog-ng config:

    Object name: D_TLSSYSLOG
    Object type: Destination
    Object parameters:

    {
      network("syslog.example.com" port(6514)
        transport("tls")
        tls(
          ca-dir("/home/user/syslog")
          key-file("/home/user/syslog/syslog-client.key")
          cert-file("/home/user/syslog/syslog-client.crt")
          peer_verify(required-untrusted)
        )
      );
    };
    

    Resulting /usr/local/etc/logrotate.conf

    # This file is automatically generated by pfSense
    # Do not edit manually !
    /home/user/syslog/syslog-client.key /var/syslog-ng/default.log {
        rotate 30
        daily
        compress
        postrotate
            kill -s HUP `cat /var/run/syslog-ng.pid`
        endscript
    }
    


  • I have also opened a bug report for this: https://redmine.pfsense.org/issues/8631