Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    25.11.r.20251118.1708: duplicated DHCP syslog messages sent to external syslog server

    Scheduled Pinned Locked Moved Plus 25.11 Snapshots
    3 Posts 2 Posters 101 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pst
      last edited by

      I noticed a duplication of DHCP messages in the log on my pfSense-external syslog server.

      The pfSense syslog shows, for example:

      2025-11-24 14:41:44.150006+01:00	dhclient	73487	RENEW	
2025-11-24 14:41:44.171620+01:00	dhclient	74187	Creating resolv.conf

      The corresponding entries on the external server log are:

      2025-11-24T14:41:44.150006+01:00 temperance.local.lan dhclient[73487] RENEW
2025-11-24T14:41:44.150006+01:00 temperance.local.lan dhclient[73487] RENEW
2025-11-24T14:41:44.171620+01:00 temperance.local.lan dhclient[74187] Creating resolv.conf
2025-11-24T14:41:44.171620+01:00 temperance.local.lan dhclient[74187] Creating resolv.conf

      A tcpdump on the external server shows duplicated log packages is received from pfSense (ignore: timestamps are 1h off for some reason):

      13:41:44.152123 IP (tos 0x0, ttl 64, id 57716, offset 0, flags [none], proto UDP (17), length 112)
    192.168.111.254.syslog > 192.168.111.111.syslog: SYSLOG, length: 84
	Facility user (1), Severity notice (5)
	Msg: 1 2025-11-24T14:41:44.150006+01:00 temperance.local.lan dhclient 73487 - - RENEW
13:41:44.152167 IP (tos 0x0, ttl 64, id 48966, offset 0, flags [none], proto UDP (17), length 112)
    192.168.111.254.syslog > 192.168.111.111.syslog: SYSLOG, length: 84
	Facility user (1), Severity notice (5)
	Msg: 1 2025-11-24T14:41:44.150006+01:00 temperance.local.lan dhclient 73487 - - RENEW
13:41:44.173708 IP (tos 0x0, ttl 64, id 52323, offset 0, flags [none], proto UDP (17), length 127)
    192.168.111.254.syslog > 192.168.111.111.syslog: SYSLOG, length: 99
	Facility user (1), Severity notice (5)
	Msg: 1 2025-11-24T14:41:44.171620+01:00 temperance.local.lan dhclient 74187 - - Creating resolv.conf
13:41:44.173752 IP (tos 0x0, ttl 64, id 18962, offset 0, flags [none], proto UDP (17), length 127)
    192.168.111.254.syslog > 192.168.111.111.syslog: SYSLOG, length: 99
	Facility user (1), Severity notice (5)
	Msg: 1 2025-11-24T14:41:44.171620+01:00 temperance.local.lan dhclient 74187 - - Creating resolv.conf
      1 Reply Last reply Reply Quote 0
      • M Offline
        marcosm Netgate
        last edited by

        IIRC that happens when selecting specific logs to send instead of sending all logs.

        P 1 Reply Last reply Reply Quote 0
        • P Offline
          pst @marcosm
          last edited by

          @marcosm But it is only the DHCP entries that are duplicated, none of the other entries are which suggests it's something specific to DHCP

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.