Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Duplicate logs in remote syslog

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mvuille
      last edited by

      I have pfSense configured for remote syslogging to a Linux box where I use logwatch to parse the logs.

      I recently upgraded from 1.2.3 to 2.0 and noticed that the format of some firewall (pf) logs had changed.

      While trying to update my logwatch scripts to accommodate this, I noticed that a lot of entries in the syslog
      are duplicated. I originally thought it was a pf-only problem and so created this post: http://forum.pfsense.org/index.php/topic,43222.0.html

      But, upon closer examination, I find that almost every log entry is duplicated (present in the log twice in succession). Since it's not all of them (e.g., logs from /usr/sbin/cron are not duplicated), I suspect this is due to some issue on the pfSense box rather than on the Linux box.

      Any suggestions what to look for/where to look?
      MV

      1 Reply Last reply Reply Quote 0
      • M
        mvuille
        last edited by

        OK, figured out my own problem…

        In Status: System logs: Settings, I had selected all the individual categories of events as well as the category "Everything", which I had misinterpreted as meaning "everything else".

        This resulted in a syslog.conf file that forwarded some types of logs twice.

        Unselected all but "Everything" and all is well now.
        MV

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          In 2.0.1 and 2.1 I made it so that when you select "everything" it deselects (and greys out) the other checkboxes.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • B
            bkraptor
            last edited by

            Is it possible that there is a similar hidden setting for the pfSense web GUI?

            I am seeing a lot of log entries being duplicated, but not all.

            Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Gateways status could not be determined, considering all as up/active.
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 04:45:27 	php: : Could not find IPv6 gateway for interface(opt2).
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 07:54:30 	miniupnpd[25738]: upnp_event_recv: recv(): Connection reset by peer
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
Nov 12 13:07:20 	php: /index.php: Successful login for user 'admin' from: 192.168.x.y
            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              No, that would be a separate issue and doesn't belong in this thread.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.