Syslog-ng doesn't start properly

  • Syslog-ng must be started manually (run "syslog-ng" at terminal). Works fine, just doesn't start. 2.1 beta, so I don't know if this belongs here (a 2.1 specific issue) or in packages (a general package issue)

  • Correction, when started from an SSH terminal it ran fine for awhile, then shut itself down.

  • I have the same problem on pfSense 2.1 RC1. The version of the installed package is 3.3.6_2.
    However, sometimes the service is started from the web gui by its button "Start Service" after saving the configuration again

    from the logs only becomes apparent following error:
    php: / status_services.php: The command '/ usr / local / etc / rc.d / stop' returned exit code '1 ', the output was''

    If it worked it would be great because setting the remote syslog server with the IP address of the local service syslog-ng I find the logs directly into the filesystem of pfSense in /var/syslog-ng and not on a remote server

    This is a solution for all those who do not want to install a remote log server and want a log format used for the service of Captive Portal, with the frequency of archive (rotate) configurable and easy to backup

    Tested configuration:

    –Service Syslog-ng --

    Selection Interface: LAN (in my case the ip address of the LAN interface is
    other options are unchanged in the various sections

    -- System logs Settings (Remote Logging Options) --

    Enable Remote Logging:   selected
    Server 1:
    Remote Syslog Contents:   select Everything

  • I installed the package Syslog-ng on pfSense 2.1 RELEASE and still have the same problem…. doesn't start.

    The cause is to be found in the startup script ( that is generated automatically by the configuration contained in the file /usr/local/pkg/

    In the file, I believe there is an error on the if condition which gives the impression that the service is already started.
    To correct the error, edit the file and find the following two lines to add another grep -v


    if [ -z "`ps auxw | grep "syslog-ng" | grep -v ""`" ]; then


    if [ -z "`ps auxw | grep "syslog-ng" | grep -v "" | grep -v "grep"`" ]; then

    Save the file and restart the pfSense from web interface Diagnistic menu -> Reboot, or via console (5) Reboot system

    After rebooting check the Status menu -> Services, the service status of "Syslog-ng" that must be Running, while in the menu Services -> Syslog-ng -> Log Viewer tab, you will see the last lines of log.

    Optionally, to send all logs pfSense or only part of them to the Syslog-ng you must enable and configure remote logging:
    From Status menu -> System Logs> Settings tab in the section "Remote Logging Options":
    Enable Remote Logging: check the box
    Remote Syslog Servers (Server 1): Enter the IP address of the local network (LAN) with the default port of syslog-ng for example (in my case Interface Selection of syslog-ng is set to LAN)
    Remote Syslog Contents: put a check on "Everything" or on individual services to be logged
    save your changes by clicking the "Save" button

    Syslog-ng logs are located in /val/syslog-ng/default.log and rotate according to the configuration in Services menu > Syslog-ng > General tab
    I can also be taken via WinSCP for rescuing and displayed with the command: tail-f /var/syslog-ng/default.log

  • Does anyone know if syslog-ng does more than log to disk?  Does it filter text strings and send notifications via SMTP like most basic syslog servers do, i.e. Kiwi?

  • I fixed the problem noted here in this package (was brought to my attention by a support customer), so the above manual edit is no longer necessary.

Log in to reply