System logging bug?
-
I want to log my pfsense gateway to my central linux server. So I went to Status => System logs => Settings and put the IP of the linux server. Works fine. Until and unless I reboot the pfsense, then no more syslog. I go to the settings page and it is still shown as enabled. I click on the Save button and see this appear on the remote syslog server:
Nov 29 14:14:10 gateway syslogd: restart
Nov 29 14:14:10 gateway syslogd: kernel boot file is /boot/kernel/kernelAnd from that point on, messages flow like they should. There are no messages in /var/log/system.log that are enlightening. I tried rebooting the gateway and fired up tcpdump, matching on syslog. No packets. I then did the 'click on the save button' deal and saw syslog messages in the remote log, and seen by tcpdump. I am port forwarding UDP/514 from a specific host to the same syslog server, but that doesn't seem to be relevant, since restarting the syslogd is what "fixes" this. Any ideas?
-
It would be interesting to see the contents of /var/etc/syslog.conf in both the broken and working states.
-
okay, i'll get that asap.
-
okay, good news, bad news. there is no difference in the config file, but i think i know what is going wrong. since my home office is currently wireless to the pfsense, i can't see the console when this happens, so i tried an experiment: i created a virtualbox VM and installed a 1.2.3RC3 on it, and then set it to syslog to the same linux box. see messages. reboot the VM. no messages. look at the virtualbox console while this is happening. we are starting syslog too early, before even the LAN has been configured, as i then see a message from syslog (not in the console, but in the pfsense syslog) that says "network unreachable". it seems as if once this has happened, syslog is borked, and needs to be bounced. should i open a ticket?
-
yeah, that would be the best thing to do at this point. Be sure to include all of that detail.
-
Ticket 196 opened.
-
Chris has reproduced this and is investigating.
-
So I saw. He posted a message to the developer's list asking for input.
-
Ah, okay. Something is clearly wrong, since if the subnet is not visible, you should get ENETDOWN, which syslogd treats as transitory, rather than ENETUNREACH, which is fatal. I even tried booting a VM and taking all the interfaces offline and pinging the same host, and I do in fact get ENETDOWN, so this is odd, to put it mildly :)
-
That is odd. I wonder if it comes to life if you just kill -HUP it rather than restarting.
-
No idea, probably, if HUP entails rereading the config file.