Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense 2.0.3 and syslog: not seeing full syslog message

    General pfSense Questions
    2
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gravyface
      last edited by

      Running rsyslog 4.6.4 on an Ubuntu server and while I'm receiving firewall alerts (I enabled Firewall only on the WebGUI > System Logs > Settings page), I'm not getting the full syslog message:

      Jun 26 12:08:54 10.0.0.1 pf: 00:01:26.628535 rule 1/0(match): block in on em0: (tos 0x0, ttl 128, id 13922, offset 0, flags [none], proto UDP (17), length 229)

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • B
        biggsy
        last edited by

        What do you think is missing from that record?  Do you mean no second line?  Like this:

        Mar 24 11:10:59 pf: 07:33:17.598178 rule 90/0(match): block in on em0: (tos 0x0, ttl 108, id 16331, offset 0, flags [DF], proto TCP (6), length 48)
Mar 24 11:10:59 pf:     111.111.111.111.4488 > 123.123.123.123.25: Flags [s], cksum 0xa97d (correct), seq 1948242106, win 65535, options [mss 1460,nop,nop,sackOK], length 0

EDIT:  only half a post - hit the wrong button  ::)[/s]
        1 Reply Last reply Reply Quote 0
        • G
          gravyface
          last edited by

          Right. No second line.

          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            You probably need to do a packet capture to be sure, but rsyslog would have to be the suspect.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.