Syslog-ng doesn't start properly
-
Syslog-ng must be started manually (run "syslog-ng" at terminal). Works fine, just doesn't start. 2.1 beta, so I don't know if this belongs here (a 2.1 specific issue) or in packages (a general package issue)
-
Correction, when started from an SSH terminal it ran fine for awhile, then shut itself down.
-
I have the same problem on pfSense 2.1 RC1. The version of the installed package is 3.3.6_2.
However, sometimes the service is started from the web gui by its button "Start Service" after saving the configuration againfrom the logs only becomes apparent following error:
php: / status_services.php: The command '/ usr / local / etc / rc.d / syslog-ng.sh stop' returned exit code '1 ', the output was''If it worked it would be great because setting the remote syslog server with the IP address of the local service syslog-ng I find the logs directly into the filesystem of pfSense in /var/syslog-ng and not on a remote server
This is a solution for all those who do not want to install a remote log server and want a log format used for the service of Captive Portal, with the frequency of archive (rotate) configurable and easy to backup
Tested configuration:
–Service Syslog-ng --
Selection Interface: LAN (in my case the ip address of the LAN interface is 192.168.1.1)
...
other options are unchanged in the various sections-- System logs Settings (Remote Logging Options) --
Enable Remote Logging: selected
Server 1: 192.168.1.1:5140
Remote Syslog Contents: select Everything -
I installed the package Syslog-ng on pfSense 2.1 RELEASE and still have the same problem…. doesn't start.
The cause is to be found in the startup script (syslog-ng.sh) that is generated automatically by the configuration contained in the file /usr/local/pkg/syslog-ng.inc
In the file syslog-ng.sh, I believe there is an error on the if condition which gives the impression that the service is already started.
To correct the error, edit the file syslog-ng.inc and find the following two lines to add another grep -vbefore:
if [ -z "`ps auxw | grep "syslog-ng" | grep -v "syslog-ng.sh"`" ]; thenafter:
if [ -z "`ps auxw | grep "syslog-ng" | grep -v "syslog-ng.sh" | grep -v "grep"`" ]; thenSave the file and restart the pfSense from web interface Diagnistic menu -> Reboot, or via console (5) Reboot system
After rebooting check the Status menu -> Services, the service status of "Syslog-ng" that must be Running, while in the menu Services -> Syslog-ng -> Log Viewer tab, you will see the last lines of log.
Optionally, to send all logs pfSense or only part of them to the Syslog-ng you must enable and configure remote logging:
From Status menu -> System Logs> Settings tab in the section "Remote Logging Options":
Enable Remote Logging: check the box
Remote Syslog Servers (Server 1): Enter the IP address of the local network (LAN) with the default port of syslog-ng for example 192.168.1.1:5140 (in my case Interface Selection of syslog-ng is set to LAN)
Remote Syslog Contents: put a check on "Everything" or on individual services to be logged
save your changes by clicking the "Save" buttonSyslog-ng logs are located in /val/syslog-ng/default.log and rotate according to the configuration in Services menu > Syslog-ng > General tab
I can also be taken via WinSCP for rescuing and displayed with the command: tail-f /var/syslog-ng/default.log -
Does anyone know if syslog-ng does more than log to disk? Does it filter text strings and send notifications via SMTP like most basic syslog servers do, i.e. Kiwi?
-
I fixed the problem noted here in this package (was brought to my attention by a support customer), so the above manual edit is no longer necessary.