4. Duplicate logs in remote syslog

Duplicate logs in remote syslog

  • M

    I have pfSense configured for remote syslogging to a Linux box where I use logwatch to parse the logs.

    I recently upgraded from 1.2.3 to 2.0 and noticed that the format of some firewall (pf) logs had changed.

    While trying to update my logwatch scripts to accommodate this, I noticed that a lot of entries in the syslog
    are duplicated. I originally thought it was a pf-only problem and so created this post: http://forum.pfsense.org/index.php/topic,43222.0.html

    But, upon closer examination, I find that almost every log entry is duplicated (present in the log twice in succession). Since it's not all of them (e.g., logs from /usr/sbin/cron are not duplicated), I suspect this is due to some issue on the pfSense box rather than on the Linux box.

    Any suggestions what to look for/where to look?
    MV

    0
  • M

    OK, figured out my own problem…

    In Status: System logs: Settings, I had selected all the individual categories of events as well as the category "Everything", which I had misinterpreted as meaning "everything else".

    This resulted in a syslog.conf file that forwarded some types of logs twice.

    Unselected all but "Everything" and all is well now.
    MV

    0
  • Rebel Alliance Developer Netgate

    In 2.0.1 and 2.1 I made it so that when you select "everything" it deselects (and greys out) the other checkboxes.

    0
  • B

    Is it possible that there is a similar hidden setting for the pfSense web GUI?

    I am seeing a lot of log entries being duplicated, but not all.

    Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
    0
  • Rebel Alliance Developer Netgate

    No, that would be a separate issue and doesn't belong in this thread.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy