Firewall (pf) logs duplicated?

  • I have pfSense configured for remote syslogging to a Linux box where I use logwatch to parse the logs.

    I recently upgraded from pfSense 1.2.3 to 2.0, and have noticed that the format of pf logs to syslog has changed.

    While trying to update my logwatch scripts to accommodate this, I noticed that every log from pf seems to appear in the syslog twice. I'm not sure whether this is new since 2.0 or not, as I no longer have saved logs from prior to the upgrade.

    Is this a known issue, or am I just misunderstanding something?


  • Figured it out myself, see,43223.0.html for solution

  • Hi,

    Sorry to tag on the end but you mentioned updated logwatch scripts, I'm trying to find some. Are you able to share yours?