• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Remote Logging -> Everything not working properly

Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
11 Posts 2 Posters 3.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cmcdonald Netgate Developer
    last edited by Jul 21, 2013, 2:55 AM

    Just today I setup a VPS that will be acting as a receiver for my syslog events.  I am logging all of my PASS traffic through my guest interface so it should be spitting out hundreds of "pf" events per second. When I manually tick, "Firewall Events" and any other events that I wish, my remote server picks them up just fine. However, when I choose "Everything", I am not receiving anything from "pf" in my remote syslogs.

    Need help fast? https://www.netgate.com/support

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jul 21, 2013, 3:28 AM

      Check /var/etc/syslog.conf with the various options selected.

      Post what it looks like in each state.

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • C
        cmcdonald Netgate Developer
        last edited by Jul 22, 2013, 9:50 PM Jul 22, 2013, 9:43 PM

        @jimp:

        Check /var/etc/syslog.conf with the various options selected.

        Post what it looks like in each state.

        The following conf is with these options checked: System, Firewall, DHCP, Portal, VPN, & Gateway

        !radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        !ntp,ntpd,ntpdate
        !ppp
        !pptps
        !poes
        !l2tps
        !racoon
        *.* 								@199.15.x.x
        !openvpn
        *.* 								@199.15.x.x
        !apinger
        *.* 								@199.15.x.x
        !dnsmasq,filterdns,unbound
        *.* 								@199.15.x.x
        !dhcpd,dhcrelay,dhclient
        *.* 								@199.15.x.x
        !relayd
        !hostapd
        !-ntp,ntpd,ntpdate,racoon,openvpn,pptps,poes,l2tps,relayd,hostapd,dnsmasq,filterdns,unbound,dhcpd,dhcrelay,dhclient,apinger,radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        local0.* 							@199.15.x.x
        local3.* 							@199.15.x.x
        local4.* 							@199.15.x.x
        local7.* 							@199.15.x.x
        *.notice;kern.debug;lpr.info;mail.crit; 			@199.15.x.x
        news.err;local0.none;local3.none;local7.none 			@199.15.x.x
        security.* 							@199.15.x.x
        auth.info;authpriv.info;daemon.info 				@199.15.x.x
        *.emerg 							@199.15.x.x
        
        

        The following conf is with everything:

        
        !radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        !ntp,ntpd,ntpdate
        !ppp
        !pptps
        !poes
        !l2tps
        !racoon
        !openvpn
        !apinger
        !dnsmasq,filterdns,unbound
        !dhcpd,dhcrelay,dhclient
        !relayd
        !hostapd
        !-ntp,ntpd,ntpdate,racoon,openvpn,pptps,poes,l2tps,relayd,hostapd,dnsmasq,filterdns,unbound,dhcpd,dhcrelay,dhclient,apinger,radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        !*
        *.* 								@199.15.x.x
        
        

        Finally, this is with all of the items selected manually:

        
        !radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        !ntp,ntpd,ntpdate
        !ppp
        !pptps
        !poes
        !l2tps
        !racoon
        *.* 								@199.15.x.x
        !openvpn
        *.* 								@199.15.x.x
        !apinger
        *.* 								@199.15.x.x
        !dnsmasq,filterdns,unbound
        *.* 								@199.15.x.x
        !dhcpd,dhcrelay,dhclient
        *.* 								@199.15.x.x
        !relayd
        *.* 								@199.15.x.x
        !hostapd
        *.* 								@199.15.x.x
        !-ntp,ntpd,ntpdate,racoon,openvpn,pptps,poes,l2tps,relayd,hostapd,dnsmasq,filterdns,unbound,dhcpd,dhcrelay,dhclient,apinger,radvd,routed,olsrd,zebra,ospfd,bgpd,miniupnpd
        local0.* 							@199.15.x.x
        local3.* 							@199.15.x.x
        local4.* 							@199.15.x.x
        local7.* 							@199.15.x.x
        *.notice;kern.debug;lpr.info;mail.crit; 			@199.15.x.x
        news.err;local0.none;local3.none;local7.none 			@199.15.x.x
        security.* 							@199.15.249.61
        auth.info;authpriv.info;daemon.info 				@199.15.x.x
        *.emerg 							@199.15.x.x
        
        

        Need help fast? https://www.netgate.com/support

        1 Reply Last reply Reply Quote 0
        • C
          cmcdonald Netgate Developer
          last edited by Jul 25, 2013, 8:16 PM

          Any ideas? I'm still under the impression that this is a bug.

          Need help fast? https://www.netgate.com/support

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Jul 25, 2013, 8:18 PM

            Do you have local logging disabled?

            Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • C
              cmcdonald Netgate Developer
              last edited by Jul 25, 2013, 11:12 PM

              @jimp:

              Do you have local logging disabled?

              Yes. Writing log files to the disk is disabled.

              Need help fast? https://www.netgate.com/support

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Jul 26, 2013, 12:08 AM

                Does it give the correct remote behavior if you enable local logging?

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • C
                  cmcdonald Netgate Developer
                  last edited by Jul 26, 2013, 12:22 AM

                  @jimp:

                  Does it give the correct remote behavior if you enable local logging?

                  Nope, when I enable local logging while keeping "System Events, Firewall Events, DHCP service events, etc. selected", the remote logging effectively stops. DHCPD events still get pushed through as well as some other services, but according to my firewall rules, PF should be pumping out messages like crazy. Something just isn't right hereโ€ฆ

                  Need help fast? https://www.netgate.com/support

                  1 Reply Last reply Reply Quote 0
                  • J
                    jimp Rebel Alliance Developer Netgate
                    last edited by Jul 26, 2013, 8:02 PM Jul 26, 2013, 7:58 PM

                    I was finally able to reproduce this, but it's odder than even you describe.

                    I can set it up and make no changes, and it works every other time I press Save.

                    Press Save, they work. Press Save, they stop. Press save, they work again. Press Save, they stop again. [Repeat]

                    And the same behavior happens whether I have "everything" checked or just the firewall events.

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • C
                      cmcdonald Netgate Developer
                      last edited by Jul 26, 2013, 10:22 PM

                      @jimp:

                      I was finally able to reproduce this, but it's odder than even you describe.

                      I can set it up and make no changes, and it works every other time I press Save.

                      Press Save, they work. Press Save, they stop. Press save, they work again. Press Save, they stop again. [Repeat]

                      And the same behavior happens whether I have "everything" checked or just the firewall events.

                      Ah, yep you are correct! I probably didn't notice this because I was other time for me I was also switching between "Everything" and selecting individual settingsโ€ฆ I'm glad that you are able to reproduce this issue! Hopefully we can get a fix soon :)

                      Need help fast? https://www.netgate.com/support

                      1 Reply Last reply Reply Quote 0
                      • J
                        jimp Rebel Alliance Developer Netgate
                        last edited by Jul 30, 2013, 6:10 PM

                        Tracked down the fix for this.

                        The tcpdump process that was logging from pf was being killed but not restarted as expected.

                        It'll be fixed in snapshots that pick up this commit (late today, tomorrow, etc): https://github.com/pfsense/pfsense/commit/32fb33927d51dd73ba9d0ef5b483efe66328c92c

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        11 out of 11
                        • First post
                          11/11
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                          This community forum collects and processes your personal information.
                          consent.not_received