syslogd broken when exporting logs to remote syslog server (just system events)



  • If I select 'everything' in the syslog remote contents it doesnt appear to crash, spews data continiously - but i dont want everything.

    If I select just system events - it crashes.

    I'm continually having syslogd: exiting on signal 15 (then stopping logs)

    If I make a change to the setting/source address for example it will fire up for a while then stop.

    03-05-2020 13:27:09 Kernel.Info 192.168.1.249 Mar 5 13:27:09 syslogd: kernel boot file is /boot/kernel/kernel
    03-05-2020 13:27:09 Syslog.Error 192.168.1.249 Mar 5 13:27:09 syslogd: exiting on signal 15
    03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
    03-05-2020 13:27:07 User.Notice 192.168.1.249 Mar 5 13:27:07 check_reload_status: Syncing firewall
    03-05-2020 13:26:53 Local5.Error 192.168.1.249 Mar 5 13:26:53 pfsense.localdomain nginx: 2020/03/05 13:26:53 [error] 57700#100419: send() failed (54: Connection reset by peer)
    03-05-2020 13:24:05 Kernel.Info 192.168.1.249 Mar 5 13:24:04 syslogd: kernel boot file is /boot/kernel/kernel
    03-05-2020 13:24:04 Syslog.Error 192.168.1.249 Mar 5 13:24:04 syslogd: exiting on signal 15
    03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 root: /etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one
    03-05-2020 13:24:02 User.Notice 192.168.1.249 Mar 5 13:24:02 check_reload_status: Syncing firewall
    03-05-2020 13:23:22 Local5.Error 192.168.1.249 Mar 5 13:23:22 pfsense.localdomain nginx: 2020/03/05 13:23:22 [error] 57884#100401: send() failed (54: Connection reset by peer)

    I have two units doing the same thing - they can log locally ok however thats not going to solve the problem with one I have thats crashing at 12:30 everyday. (nothing in cron I can see) - the other unit doesnt complain about the UUID


  • LAYER 8

    do you have suricata installed?
    12:30 it's the Update Start Time for it
    if you have it you need to -> Enable "Live Swap" reload of rules after downloading an update. Default is Not Checked
    and this will probably solve your problem



  • @kiokoman thanks yes this might have started since suricata (since uninstalled) was installed.

    (Original problem) this thread is now related to syslogd crashing with individual selections are made rather than everything.



  • This is still in cron

    30 12 * * * root /usr/bin/nice -n20 /etc/rc.update_urltables

    without suricata installed


Log in to reply