How to keep the changes made in syslog.conf ? cronjob also not working



  • Hi All,
    can someone tell me how to keep the changes made in the file syslog.conf ?
    After every reboot, they are lost.
    I know that there is a inc.file generating this file after every reboot. But I don't know which changes to be made in this file to keep the changes done.
    I tried also with a crontab job added in /etc/crontab as
    @reboot  root    /root/skript.sh (also tried with @reboot  root  /root/skript.sh > dev/null )

    and in skript.sh
    echo  "The changes I need " >> /etc/syslog.conf

    But this is also not working.

    I also saw that after reboot, in /etc/crontab I can't see anymore the line added by for my cronjob.

    Thanks for help !



  • I saw that it's also possible to re-write in the config.xml the cron job as following :
    <cron><task_name>squid_check_swapstate</task_name>
    <minute>/15</minute>
    <hour>
    </hour>
    <mday></mday>
    <month>
    </month>
    <wday>*</wday>
    <who>root</who>
    <command></command>/usr/local/pkg/swapstate_check.php</cron>

    which tab should i enter for command to be applied at every reboot  ? @reboot.


  • Netgate Administrator

    What changes do you need? You're right it's overwritten so you need to either replace it at every boot or mod the file that generates it.
    Could be your cronjob isn't working because it's applied after the syslog.conf file is read to setup logging. Perhaps restart the logging after applying it.
    Try using the cron package to store custom cronjobs. Easier than manually editing the config file.

    Steve



  • Hi Steve,
    Thank you very much for your answer.

    @stephenw10:

    What changes do you need?

    I added the following line in the syslog.conf :
    local5.* @192.168.2.10
    Goal is to send the content of access.log  (squid) to this remote server.
    This works also, but as soon as I reboot the pfsense box, the syslog.conf is reset.

    When you say :@stephenw10:

    mod the file that generates it.

    What does it mean exactly please ?

    Could be your cronjob isn't working because it's applied after the syslog.conf file is read to setup logging. Perhaps restart the logging after applying it.

    How to verify this ? I don't know in which order all this works.
    I just added in /etc/crontab
    @reboot root /root/skript.sh
    and in skript.sh
    I have
    echo local5.* @192.168.2.10 >> /etc/syslog.conf


  • Netgate Administrator

    All of the configuration for pfSense is held in the single config.xml file. This means that every other config file has to be generated at boot by various scripts from the config.xml. Thus both /etc/syslog.conf and /etc/crontab are overwritten at boot or whenever a change is made via the webgui.
    If you want to add things to the crontab you need to either manually add it to the config file as you were earlier or use the pfSense cron package which does the same thing but adds error checking etc.
    Looking at the scripts it seems as though the syslog.conf file is generated by the function: system_syslogd_start() in the file: /etc/inc/system.inc. You could modify that function to add your new line easily enough. That modification will likely not survive a firmware update but will be fine across a reboot. Of course there is plenty of room for error here!  ;)
    If it were me I would add it to the first 'EOD' section because that's easiest to get correct, so:

    			$syslogconf .= <<<eod<br>local0.*							{$log_directive}{$g['varlog_path']}/filter.log
    local3.*							{$log_directive}{$g['varlog_path']}/vpn.log
    local4.*							{$log_directive}{$g['varlog_path']}/portalauth.log
    local7.*							{$log_directive}{$g['varlog_path']}/dhcpd.log
    *.notice;kern.debug;lpr.info;mail.crit;daemon.none;		{$log_directive}{$g['varlog_path']}/system.log
    news.err;local0.none;local3.none;local4.none;			{$log_directive}{$g['varlog_path']}/system.log
    local7.none							{$log_directive}{$g['varlog_path']}/system.log
    security.*							{$log_directive}{$g['varlog_path']}/system.log
    auth.info;authpriv.info;daemon.info				{$log_directive}{$g['varlog_path']}/system.log
    auth.info;authpriv.info 					|exec /usr/local/sbin/sshlockout_pf 15
    *.emerg								*
    
    EOD;</eod<br>
    

    Would become:

    			$syslogconf .= <<<eod<br>local0.*							{$log_directive}{$g['varlog_path']}/filter.log
    local3.*							{$log_directive}{$g['varlog_path']}/vpn.log
    local4.*							{$log_directive}{$g['varlog_path']}/portalauth.log
    local7.*							{$log_directive}{$g['varlog_path']}/dhcpd.log
    *.notice;kern.debug;lpr.info;mail.crit;daemon.none;		{$log_directive}{$g['varlog_path']}/system.log
    news.err;local0.none;local3.none;local4.none;			{$log_directive}{$g['varlog_path']}/system.log
    local7.none							{$log_directive}{$g['varlog_path']}/system.log
    security.*							{$log_directive}{$g['varlog_path']}/system.log
    auth.info;authpriv.info;daemon.info				{$log_directive}{$g['varlog_path']}/system.log
    auth.info;authpriv.info 					|exec /usr/local/sbin/sshlockout_pf 15
    *.emerg								*
    local5.* @192.168.2.10
    
    EOD;</eod<br>
    

    I have no idea if the syntax is correct there, I've never had to deal with the syslog config manually, but you say that works.
    It should go without saying that this presumably isn't a production system! It's very easy to cause all sorts of problems when you start tweaking internal scripts like this.

    Steve



  • Did you look at the cron package?



  • Hi All,
    I made the changes to .inc file, by the next reboot, the syslog.conf survives the changes, BUT I'm still not able to write the squid access file (access.log) to the remote server 192.168.2.10.
    Any other suggestion please ?  :'( :'( I have really no other idea more.

    @RonpfS:

    Did you look at the cron package?

    Yes I looked at it, but there is no way to  say, "Please make x change after every reboot". If I'm wrong please correct me.

    The most problem, is to get the access.log file to a remote logging server. Someone having any experience with this ?
    Thanks


  • Netgate Administrator

    Yet it worked ok when you manually edited the syslog.conf file?

    Use the Shellcmd package to run a specific command at each boot.

    Steve



  • @stephenw10:

    Yet it worked ok when you manually edited the syslog.conf file?

    Yes it worked. Thanks !!

    @stephenw10:

    Use the Shellcmd package to run a specific command at each boot.

    Thanks to point this out ! I will test this package in the next days for further tasks.

    Now we can close this thread  8)