Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    CARP-related messages do not sent in syslog

    Scheduled Pinned Locked Moved
    HA/CARP/VIPs
    2
    3
    296
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Evgeniy S
      last edited by

      Good day

      We have two pfSense v2.5.2 with configured CARP on all interfaces. Also there configured remote syslog with content "Everything".
      After any CARP VIP migration event we see in local logs System Logs/System/General message sequences like:
      -kernel carp: 2@vmx1: BACKUP -> MASTER (master timed out)
      -check_reload_status 374 Carp master event
      -check_reload_status 374 Carp backup event
      -kernel carp: 2@vmx1: MASTER -> BACKUP (more frequent advertisement received)
      -php-fpm 73763 /rc.carpbackup: HA cluster member "(x.x.x.x@vmx1): (LAN)" has resumed CARP state "BACKUP" for vhid 2

      But on our syslog server we can find only message "php-fpm 73763 /rc.carpbackup: HA cluster member "(x.x.x.x@vmx1): (LAN)" has resumed CARP state "BACKUP" for vhid 2"

      How to add in syslog all the CARP-related messages?

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        If they are in the local logs, they would have also been sent via syslog, but consider that for the log messages to reach the remote server it must have connectivity to the syslog server.

        If there is a network failure that triggered the CARP transition, it may have also interrupted communications between the firewall and the syslog server, either directly (the link to it is down or runs over a CARP VIP) or indirectly (maybe there is an improper outbound NAT rule making the syslog traffic use the CARP VIP).

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        E 1 Reply Last reply Reply Quote 1
        • E
          Evgeniy S @jimp
          last edited by Evgeniy S

          @jimp

          These two pfSenses are in the middle of network, the issue didn't affect interfaces faced to syslog server, syslog source set as local pfSense interface, not as CARP VIP. We see in syslog other messages like FW rules actions during the issue period, but not CARP-related ones.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post