syslog-ng rotates TLS key

aamorris

I noticed recently a pfSense device stopped logging to our remote TLS syslog server. After investigating, I found the TLS key had been automatically configured to be archived and rotated like a log file.

syslog-ng config:

Object name: D_TLSSYSLOG
Object type: Destination
Object parameters:

{
  network("syslog.example.com" port(6514)
    transport("tls")
    tls(
      ca-dir("/home/user/syslog")
      key-file("/home/user/syslog/syslog-client.key")
      cert-file("/home/user/syslog/syslog-client.crt")
      peer_verify(required-untrusted)
    )
  );
};

Resulting /usr/local/etc/logrotate.conf

# This file is automatically generated by pfSense
# Do not edit manually !
/home/user/syslog/syslog-client.key /var/syslog-ng/default.log {
    rotate 30
    daily
    compress
    postrotate
        kill -s HUP `cat /var/run/syslog-ng.pid`
    endscript
}

aamorris

I have also opened a bug report for this: https://redmine.pfsense.org/issues/8631