Syslog-ng doesn't start properly



  • Syslog-ng must be started manually (run "syslog-ng" at terminal). Works fine, just doesn't start. 2.1 beta, so I don't know if this belongs here (a 2.1 specific issue) or in packages (a general package issue)



  • Correction, when started from an SSH terminal it ran fine for awhile, then shut itself down.



  • I have the same problem on pfSense 2.1 RC1. The version of the installed package is 3.3.6_2.
    However, sometimes the service is started from the web gui by its button "Start Service" after saving the configuration again

    from the logs only becomes apparent following error:
    php: / status_services.php: The command '/ usr / local / etc / rc.d / syslog-ng.sh stop' returned exit code '1 ', the output was''

    If it worked it would be great because setting the remote syslog server with the IP address of the local service syslog-ng I find the logs directly into the filesystem of pfSense in /var/syslog-ng and not on a remote server

    This is a solution for all those who do not want to install a remote log server and want a log format used for the service of Captive Portal, with the frequency of archive (rotate) configurable and easy to backup

    Tested configuration:

    –Service Syslog-ng --

    Selection Interface: LAN (in my case the ip address of the LAN interface is 192.168.1.1)
    ...
    other options are unchanged in the various sections

    -- System logs Settings (Remote Logging Options) --

    Enable Remote Logging:   selected
    Server 1:    192.168.1.1:5140
    Remote Syslog Contents:   select Everything



  • I installed the package Syslog-ng on pfSense 2.1 RELEASE and still have the same problem…. doesn't start.

    The cause is to be found in the startup script (syslog-ng.sh) that is generated automatically by the configuration contained in the file /usr/local/pkg/syslog-ng.inc

    In the file syslog-ng.sh, I believe there is an error on the if condition which gives the impression that the service is already started.
    To correct the error, edit the file syslog-ng.inc and find the following two lines to add another grep -v

    before:

    if [ -z "`ps auxw | grep "syslog-ng" | grep -v "syslog-ng.sh"`" ]; then
    
    

    after:

    if [ -z "`ps auxw | grep "syslog-ng" | grep -v "syslog-ng.sh" | grep -v "grep"`" ]; then
    
    

    Save the file and restart the pfSense from web interface Diagnistic menu -> Reboot, or via console (5) Reboot system

    After rebooting check the Status menu -> Services, the service status of "Syslog-ng" that must be Running, while in the menu Services -> Syslog-ng -> Log Viewer tab, you will see the last lines of log.

    Optionally, to send all logs pfSense or only part of them to the Syslog-ng you must enable and configure remote logging:
    From Status menu -> System Logs> Settings tab in the section "Remote Logging Options":
    Enable Remote Logging: check the box
    Remote Syslog Servers (Server 1): Enter the IP address of the local network (LAN) with the default port of syslog-ng for example 192.168.1.1:5140 (in my case Interface Selection of syslog-ng is set to LAN)
    Remote Syslog Contents: put a check on "Everything" or on individual services to be logged
    save your changes by clicking the "Save" button

    Syslog-ng logs are located in /val/syslog-ng/default.log and rotate according to the configuration in Services menu > Syslog-ng > General tab
    I can also be taken via WinSCP for rescuing and displayed with the command: tail-f /var/syslog-ng/default.log



  • Does anyone know if syslog-ng does more than log to disk?  Does it filter text strings and send notifications via SMTP like most basic syslog servers do, i.e. Kiwi?



  • I fixed the problem noted here in this package (was brought to my attention by a support customer), so the above manual edit is no longer necessary.


Log in to reply