Syslogd exiting randomly without restart



  • Is anyone else seeing a problem over the past few days with syslogd doing an exit and not restarting?

    I'm using pfSense 2.1 BETA0 (i386) built on Wed Jul 25 10:15:57 EDT 2012.  I had loaded this particular version because last night I noticed that my syslogd had stopped at approximately 5-5:30pm yesterday afternoon, while running the previous build.  I didn't think much about it at the time, guessing that it might have been a random occurrence.  However after logging in a few minutes ago to check my DHCP logs after a friend tried to connect to the network with his iPhone, I switched back over to the Firewall log view and noticed that I wasn't seeing much activity.  Usually I see more traffic from all of my iOS devices during the 8pm-3am timeframe, as I usually have at least 2-3 in use at a time (iPhone, iPad, Macbook Pro, iTouch, …iGiveUpJustBuryMeWithMyAppleStuff, etc).  In fact, it wasn't showing ANY additional firewall entries accruing in the logs.  After flipping over to the "System" log screen, I noticed the last entry (at the top) was this:

    Jul 27 00:05:56 syslogd: exiting on signal 15
    Jul 27 00:05:56 check_reload_status: Syncing firewall
    Jul 27 00:04:54 php: /diag_logs.php: Successful login for user 'admin' from: 10.0.1.101
    Jul 27 00:04:54 php: /diag_logs.php: Successful login for user 'admin' from: 10.0.1.101

    This is the same thing that I saw last night.  I usually see this, followed immediately by the other message (I forget...something about kernel blah blah) initializing the logging service again.  So my original question still stands:  Is anyone else seeing this behavior?  Is there anything I need to check to find the cause and correct it?

    Thanks,
    Treffin (David)



  • By the way…

    Hardware here is a Supermicro 1u with 3.0GHz P4 processor, 4gb DDR RAM, 256Gb SATA w/RAID controller and 2 x 1gig Intel Pro1000 ports onboard.

    Packages I'm running include Snort (the 2.5.1 pkg) in AC-BANDED mode with all ET & Snort rules selected except policy related, darkstat, lcdproc-dev, pfBlocker & Strikeback.  The only service available on the WAN IP is IPSEC VPN for getting back into my home office while on the road (me=road warrior/engineer)...no web, ftp, etc.

    I have been offloading system logs to another server, but it was up and running fine when I noticed the problem.  I did shortly thereafter change the config to stop sending syslog traffic to the other server, as I'm about to turn all of it off and add that third network interface to the pf box.  But as I said, this happened last night as well with no apparent cause.  Any ideas would be appreciated.

    Thanks!
    Treffin


Log in to reply