Crash Remote Syslog (Signal 15)

  • Re: syslogd broken when exporting logs to remote syslog server (just system events)

    I seem to have a similar issue. Two week old SG-2100 w/ 32Gb m2 SATA running latest prod versions. (as received and no updates needed)

    I initially did install Suricata but never configured it. Then uninstalled it and went with pfBlockerNG (Devel) as that fit my needs better.

    All seems to run well but can't get remote syslog to work. Every time I save the settings the following in the log.

    Can't find anything recent that touches on the situation as I experience. I could start from factory reset/default but would rather try to identify the problem.

    Any suggestions?

    Sep 29 21:35:30	syslogd		kernel boot file is /boot/kernel/kernel
    Sep 29 21:35:30	syslogd		exiting on signal 15
    Sep 29 21:35:28	root		/etc/rc.d/hostid: WARNING: hostid: unable to figure out a UUID from DMI data, generating a new one

  • Hi,

    syslogd uses the kernel on one side, and the file system on the other.

    Presume the kernel is fine, check the file system : see the very recent Youtube > Netgate > file system check video.

  • Rebel Alliance Developer Netgate

    That is not a crash. It just means syslogd restarted. That's what it typically logs when something changes log settings or resets a lot file, for example.

  • Rebel Alliance Developer Netgate

    From signal(3):

    15 SIGTERM terminate process software termination signal

    So it's a normal shutdown.

  • Thanks for the info folks.

    The reference to the above video about running 'fsck' in single user mode helped. That solved the problem! Now the data streams nicely to the syslog server.

    Didn't see much error correcting but apparently it was enough.

    @jimp Normal shutdown... yes. The question was why though and why no logs were flowing.

Log in to reply