Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SYSLOG

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 7.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SMuD
      last edited by

      Using pfSense 2.0.1.  Attempting to send my logs to a syslog server.    When I configure through the web configurator, the log shows the following messages:

      Nov 20 14:42:26 syslogd: exiting on signal 15
      Nov 20 14:42:26 syslogd: kernel boot file is /boot/kernel/kernel

      If I go into the shell and issue a /etc/rc.d/syslogd restart, syslog still dies and I am - of course - not getting any log entires on my syslog server.

      Anyone have any ideas?  Thanks!

      1 Reply Last reply Reply Quote 0
      • S
        SMuD
        last edited by

        Just tried starting syslog on another firewall, this one running 1.2.3, and get the same results.

        1 Reply Last reply Reply Quote 0
        • W
          wallabybob
          last edited by

          When you change the pfSense syslog configuration pfSense will probably restart its syslog to get it to take account of the changed configuration.

          Have you modified the target syslog server configuration to accept logging from your pfSense? Have you restarted the target syslog server so it notices the configuration change? Have you waited a few minutes for any syslog entries from pfSense to be written to the target syslog file?

          1 Reply Last reply Reply Quote 0
          • S
            SMuD
            last edited by

            Using WhatsUpGold Syslog server, listening at UDP 514 on all IP addresses.

            On pfSense, used "logger" command, get test string in log, not in syslog server.  Test from a Ubuntu and a Windows box, syslog works.

            Going home for the night.  Will provide more dtails tomorrow.

            Thanks!

            1 Reply Last reply Reply Quote 0
            • C
              cmb
              last edited by

              It's not dying, it's normal for a sig 15 to be logged when syslogd restarts, which it has to do when you setup remote logging. If you're not getting logs, there's a problem on your syslog server. You can confirm that via packet capture on the NIC where your syslog server resides, filtering on port 514.

              1 Reply Last reply Reply Quote 0
              • S
                SMuD
                last edited by

                Yep, it wasn't dying.  Went in today and saw the syslog service running on the firewalls, so went to try and figure out why the Cisco switches were talking to syslog server but not the production and test firewall.

                Turns out the network that the firewalls is on is considered public by the Winows Firewall on the Syslog Server.  Changed the setttings to allow the public network through to the syslog service and the meassges started flowing in.

                Thanks for the input.  It did make troubleshooting easier.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.