Remote Syslog Issues
I seem to be having issues very similar to as reported earlier,
I see pull requests, and assume this is fixed ... but my issue is almost identical => in remote syslog I don't have Everything selected, and don't have DHCP enabled either ... but my remote syslog is receiving DHCP (syslog) messages. Anyone else seeing this? And any workarounds?
Gertjan last edited by
and don't have DHCP enabled either ...
What do you mean with no DHCP enabled ? No DHCP server on pfSens ?
No DHCP client (for WAN ) ?
... but my remote syslog is receiving DHCP (syslog) messages
From who / where, what process ?
@arrmo please post sample DHCP syslog messages
Sorry, I wasn't completely clear - my bad. I meant that in the web interface I don't have DHCP logs enabled, but I do see dhcpd messages sent across. I did some digging, found the issue (and reported it to the bug tracker). It's as follows,
From /var/etc/syslog.d/pfSense.conf, right at the top of the file,
# Automatically generated, do not edit! !* auth.*;authpriv.* /var/log/auth.log *.* @remote-server
So the first line above !* says to apply the following rows to all applications. That's fine, and auth makes sense (to the auth log). But ... *.* for all apps sends all records across! And I don't have Everything enabled in the web interface. Make sense so far?
I disabled that *.* line, manually killed and started syslog ... and it works! No dhcpd syslog traffic, as desired.
Automatically generated, do not edit!
@NogBadTheBad Yes, understood - I just tweaked it a bit to confirm the root cause of the issue