Remote Syslog Issues
-
Hi,
I seem to be having issues very similar to as reported earlier,
https://forum.netgate.com/topic/66734/remote-logging-issues/11I see pull requests, and assume this is fixed ... but my issue is almost identical => in remote syslog I don't have Everything selected, and don't have DHCP enabled either ... but my remote syslog is receiving DHCP (syslog) messages. Anyone else seeing this? And any workarounds?
Thanks!
-
@arrmo said in Remote Syslog Issues:
and don't have DHCP enabled either ...
What do you mean with no DHCP enabled ? No DHCP server on pfSens ?
No DHCP client (for WAN ) ?@arrmo said in Remote Syslog Issues:
... but my remote syslog is receiving DHCP (syslog) messages
From who / where, what process ?
-
@arrmo please post sample DHCP syslog messages
-
Sorry, I wasn't completely clear - my bad. I meant that in the web interface I don't have DHCP logs enabled, but I do see dhcpd messages sent across. I did some digging, found the issue (and reported it to the bug tracker). It's as follows,
From /var/etc/syslog.d/pfSense.conf, right at the top of the file,
# Automatically generated, do not edit! !* auth.*;authpriv.* /var/log/auth.log *.* @remote-server
So the first line above !* says to apply the following rows to all applications. That's fine, and auth makes sense (to the auth log). But ... *.* for all apps sends all records across! And I don't have Everything enabled in the web interface. Make sense so far?
I disabled that *.* line, manually killed and started syslog ... and it works! No dhcpd syslog traffic, as desired.
Thanks!
-
Automatically generated, do not edit!
-
@NogBadTheBad Yes, understood - I just tweaked it a bit to confirm the root cause of the issue