systemd problems

JonH

After upgrading v24.0 to 25.11 I'm trying to troubleshoot problems with logging. In pfSense logging System I see:

Dec 13 20:44:40	php-fpm	61000	/rc.filter_configure_sync: config warning: invalid path "interfaces/" at /etc/inc/interfaces.inc:7114
Dec 13 20:44:39	check_reload_status	646	Reloading filter

Seems like maybe there is a problem with interfaces.inc?

Currently systemd logging to my local disk seems to be working. I'd prefer sending my log to my NAS which is what I was doing prior to my upgrade. When I toggle on syslog-ng my system log starts filling up with refused connections:

Dec 13 21:22:28	syslogd		sendto: Connection refused
Dec 13 21:22:02	syslogd		sendto: Connection refused
Dec 13 21:21:36	sshguard	59095	Now monitoring attacks.
Dec 13 21:21:36	syslogd		kernel boot file is /boot/kernel/kernel

I presume this means the connection is refused at the NAS, but that connection is working and data is flowing to it as shown below from the logs on the NAS during the same block of time:

2025-12-13 21:22:30 Info 192.168.48.1 local0 filterlog
1,98,,1770009698,igb0,match,block,in,4,0x0,,39,56981,0,none,17,udp,81,162.142.125.245,69.235.237.244,14483,49198,61

2025-12-13 21:22:28 Info 192.168.48.1 local0 filterlog
1,98,,1770009698,igb0,match,block,in,4,0x0,,241,54321,0,none,6,tcp,40,176.65.132.40,69.235.237.244,49030,5555,0,S,3366285728,,65535,,

2025-12-13 21:22:09 Notice 192.168.48.1 user 1

{many entries trimmed out here}

2025-12-13  21:21:43 Notice 192.168.48.1 user 1

2025-12-13T21:21:43-08:00 pfSense - - - [meta sequenceId="8805"] DNS-reply,Dec 13 21:21:43,cache,A,A,0,alerts1.envisacor.com,192.168.10.30,198.61.170.85,US

2025-12-13 21:21:30 Notice 192.168.48.1 user 1

2025-12-13T21:21:30-08:00 pfSense - - - [meta sequenceId="8804"] DNS-reply,Dec 13 21:21:29,local,PTR,PTR,Unk,1.48.168.192.in-addr.arpa,192.168.48.29,NXDOMAIN,unk

I am also sending pfBlocker-NG logs to the same NAS, they seem to be correct. Syslog-ng is using port 5140 on interfaces WAN, LAN, & OPT1. The NAS is configured as UDP on port 5140.

Again, this wasn't happening before 25.11 and any help would be appreciated

stephenw10

@JonH said in systemd problems:

When I toggle on syslog-ng my system log starts filling up with refused connections

The syslog-ng package in pfSense? Do you have that configured to do something specific that syslogd can't?

JonH

@stephenw10 I'm using the one from Package Manager, 1.16.2. I do not know if I have it configured to do something that syslogd can't do, that is way over my head. I do have it pushing pfblockerng logging from pfSense to my NAS. I've been using it for a few years. During that time I updated it once. Also during that time I used it w/o writing to pfSense local disk. After upgrading to 25.11 I turned on the disk writing and find the system log filling with the connection failure errors.

I'll research the syslog-ng advanced settings and see if that is my problem.

thanks

JonH

@stephenw10 Thank you for your comment. Looking again at the syslog-ng interface selection I found the selection was changed from loopback to wan. Musta been a stray mouse click. Change back to loopback solved my issue. I appreciate your help.