Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Remote Syslog Issues

    General pfSense Questions
    4
    6
    193
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • arrmo
      arrmo last edited by

      Hi,

      I seem to be having issues very similar to as reported earlier,
      https://forum.netgate.com/topic/66734/remote-logging-issues/11

      I see pull requests, and assume this is fixed ... but my issue is almost identical => in remote syslog I don't have Everything selected, and don't have DHCP enabled either ... but my remote syslog is receiving DHCP (syslog) messages. Anyone else seeing this? And any workarounds?

      Thanks!

      Gertjan viktor_g 2 Replies Last reply Reply Quote 0
      • Gertjan
        Gertjan @arrmo last edited by

        @arrmo said in Remote Syslog Issues:

        and don't have DHCP enabled either ...

        What do you mean with no DHCP enabled ? No DHCP server on pfSens ?
        No DHCP client (for WAN ) ?

        @arrmo said in Remote Syslog Issues:

        ... but my remote syslog is receiving DHCP (syslog) messages

        From who / where, what process ?

        1 Reply Last reply Reply Quote 0
        • viktor_g
          viktor_g Netgate @arrmo last edited by

          @arrmo please post sample DHCP syslog messages

          1 Reply Last reply Reply Quote 0
          • arrmo
            arrmo last edited by

            Sorry, I wasn't completely clear - my bad. I meant that in the web interface I don't have DHCP logs enabled, but I do see dhcpd messages sent across. I did some digging, found the issue (and reported it to the bug tracker). It's as follows,

            From /var/etc/syslog.d/pfSense.conf, right at the top of the file,

            # Automatically generated, do not edit!
            !*
            auth.*;authpriv.*                                               /var/log/auth.log
            *.*                                                             @remote-server
            

            So the first line above !* says to apply the following rows to all applications. That's fine, and auth makes sense (to the auth log). But ... *.* for all apps sends all records across! And I don't have Everything enabled in the web interface. Make sense so far? ๐Ÿ˜„

            I disabled that *.* line, manually killed and started syslog ... and it works! No dhcpd syslog traffic, as desired.

            Thanks!

            NogBadTheBad 1 Reply Last reply Reply Quote 0
            • NogBadTheBad
              NogBadTheBad Galactic Empire @arrmo last edited by NogBadTheBad

              Automatically generated, do not edit!

              arrmo 1 Reply Last reply Reply Quote 0
              • arrmo
                arrmo @NogBadTheBad last edited by

                @NogBadTheBad Yes, understood - I just tweaked it a bit to confirm the root cause of the issue ๐Ÿ˜†

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy