Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Remote Syslog Issues

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 791 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • arrmoA
      arrmo
      last edited by

      Hi,

      I seem to be having issues very similar to as reported earlier,
      https://forum.netgate.com/topic/66734/remote-logging-issues/11

      I see pull requests, and assume this is fixed ... but my issue is almost identical => in remote syslog I don't have Everything selected, and don't have DHCP enabled either ... but my remote syslog is receiving DHCP (syslog) messages. Anyone else seeing this? And any workarounds?

      Thanks!

      GertjanG viktor_gV 2 Replies Last reply Reply Quote 0
      • GertjanG
        Gertjan @arrmo
        last edited by

        @arrmo said in Remote Syslog Issues:

        and don't have DHCP enabled either ...

        What do you mean with no DHCP enabled ? No DHCP server on pfSens ?
        No DHCP client (for WAN ) ?

        @arrmo said in Remote Syslog Issues:

        ... but my remote syslog is receiving DHCP (syslog) messages

        From who / where, what process ?

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • viktor_gV
          viktor_g Netgate @arrmo
          last edited by

          @arrmo please post sample DHCP syslog messages

          1 Reply Last reply Reply Quote 0
          • arrmoA
            arrmo
            last edited by

            Sorry, I wasn't completely clear - my bad. I meant that in the web interface I don't have DHCP logs enabled, but I do see dhcpd messages sent across. I did some digging, found the issue (and reported it to the bug tracker). It's as follows,

            From /var/etc/syslog.d/pfSense.conf, right at the top of the file,

            # Automatically generated, do not edit!
            !*
            auth.*;authpriv.*                                               /var/log/auth.log
            *.*                                                             @remote-server
            

            So the first line above !* says to apply the following rows to all applications. That's fine, and auth makes sense (to the auth log). But ... *.* for all apps sends all records across! And I don't have Everything enabled in the web interface. Make sense so far? ๐Ÿ˜„

            I disabled that *.* line, manually killed and started syslog ... and it works! No dhcpd syslog traffic, as desired.

            Thanks!

            NogBadTheBadN 1 Reply Last reply Reply Quote 0
            • NogBadTheBadN
              NogBadTheBad @arrmo
              last edited by NogBadTheBad

              Automatically generated, do not edit!

              Andy

              1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

              arrmoA 1 Reply Last reply Reply Quote 0
              • arrmoA
                arrmo @NogBadTheBad
                last edited by

                @NogBadTheBad Yes, understood - I just tweaked it a bit to confirm the root cause of the issue ๐Ÿ˜†

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.