Ye Olde Syslog Fun



  • Syslog has always been flaky for me on pfsense.  Works fine, leave it for a day, stops logging some elements to my remote syslog.

    I think I've tried everything reasonable to get it resolved, finally with my 2.15 - 2 upgrade I was hoping that it might be 'magically fixed.

    What I'd like to do instead for now is just restart the local syslog daemon once an hour or so.  Any tips for how do do that on latest version of pfsense:

    2.2-RELEASE][root@monkeybrains.notelling.com]/: /usr/sbin/syslogd stop
    usage: syslogd [-468ACcdknosTuv] [-a allowed_peer]
                   [-b bind_address] [-f config_file]
                   [-l [mode:]path] [-m mark_interval]
                   [-P pid_file] [-p log_socket]
    
    

    Nothing listed under /etc/rc.d/ for syslog



  • Also worth noting is that these steps don't seem to work for restarts.

    https://doc.pfsense.org/index.php/Copying_Logs_to_a_Remote_Host_with_Syslog



  • Pretty sure you're probably hitting this:
    https://redmine.pfsense.org/issues/4393

    Though I'm not aware of that being an issue on pre-2.2 versions, it's enough of an unusual edge case and the code being identical in earlier versions, it could well be. You can install that patch with the system patches package as described in a comment there.

    There are no rc.d scripts anywhere, that's all handled in the back end config code in /etc/inc/.



  • I'll give it a go and see what shows up, although one thing I have noticed, I can specify a log size in bytes bigger than the physical hard disk, dont know if it would be worth throwing an error message saying log size in bytes exceeds disk space, otherwise you can file up the HD quickly and then possibly crash some part or all of pfsense that way.