• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SYSLOG

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 3 Posters 7.9k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    SMuD
    last edited by Nov 20, 2012, 7:55 PM

    Using pfSense 2.0.1.  Attempting to send my logs to a syslog server.    When I configure through the web configurator, the log shows the following messages:

    Nov 20 14:42:26 syslogd: exiting on signal 15
    Nov 20 14:42:26 syslogd: kernel boot file is /boot/kernel/kernel

    If I go into the shell and issue a /etc/rc.d/syslogd restart, syslog still dies and I am - of course - not getting any log entires on my syslog server.

    Anyone have any ideas?  Thanks!

    1 Reply Last reply Reply Quote 0
    • S
      SMuD
      last edited by Nov 20, 2012, 8:17 PM

      Just tried starting syslog on another firewall, this one running 1.2.3, and get the same results.

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by Nov 20, 2012, 9:02 PM

        When you change the pfSense syslog configuration pfSense will probably restart its syslog to get it to take account of the changed configuration.

        Have you modified the target syslog server configuration to accept logging from your pfSense? Have you restarted the target syslog server so it notices the configuration change? Have you waited a few minutes for any syslog entries from pfSense to be written to the target syslog file?

        1 Reply Last reply Reply Quote 0
        • S
          SMuD
          last edited by Nov 20, 2012, 10:16 PM

          Using WhatsUpGold Syslog server, listening at UDP 514 on all IP addresses.

          On pfSense, used "logger" command, get test string in log, not in syslog server.  Test from a Ubuntu and a Windows box, syslog works.

          Going home for the night.  Will provide more dtails tomorrow.

          Thanks!

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by Nov 20, 2012, 11:43 PM

            It's not dying, it's normal for a sig 15 to be logged when syslogd restarts, which it has to do when you setup remote logging. If you're not getting logs, there's a problem on your syslog server. You can confirm that via packet capture on the NIC where your syslog server resides, filtering on port 514.

            1 Reply Last reply Reply Quote 0
            • S
              SMuD
              last edited by Nov 21, 2012, 7:47 PM

              Yep, it wasn't dying.  Went in today and saw the syslog service running on the firewalls, so went to try and figure out why the Cisco switches were talking to syslog server but not the production and test firewall.

              Turns out the network that the firewalls is on is considered public by the Winows Firewall on the Syslog Server.  Changed the setttings to allow the public network through to the syslog service and the meassges started flowing in.

              Thanks for the input.  It did make troubleshooting easier.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received