1. Home
  2. pfSense® Software
  3. General pfSense Questions
  4. Duplicate logs in remote syslog

Duplicate logs in remote syslog

  • M

    I have pfSense configured for remote syslogging to a Linux box where I use logwatch to parse the logs.

    I recently upgraded from 1.2.3 to 2.0 and noticed that the format of some firewall (pf) logs had changed.

    While trying to update my logwatch scripts to accommodate this, I noticed that a lot of entries in the syslog
    are duplicated. I originally thought it was a pf-only problem and so created this post: http://forum.pfsense.org/index.php/topic,43222.0.html

    But, upon closer examination, I find that almost every log entry is duplicated (present in the log twice in succession). Since it's not all of them (e.g., logs from /usr/sbin/cron are not duplicated), I suspect this is due to some issue on the pfSense box rather than on the Linux box.

    Any suggestions what to look for/where to look?
    MV

    0
  • M

    OK, figured out my own problem…

    In Status: System logs: Settings, I had selected all the individual categories of events as well as the category "Everything", which I had misinterpreted as meaning "everything else".

    This resulted in a syslog.conf file that forwarded some types of logs twice.

    Unselected all but "Everything" and all is well now.
    MV

    0
  • jimp
    Rebel Alliance Developer Netgate

    In 2.0.1 and 2.1 I made it so that when you select "everything" it deselects (and greys out) the other checkboxes.

    0
  • B

    Is it possible that there is a similar hidden setting for the pfSense web GUI?

    I am seeing a lot of log entries being duplicated, but not all.

    Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
    0
  • jimp
    Rebel Alliance Developer Netgate

    No, that would be a separate issue and doesn't belong in this thread.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy