Syslog-ng pkg.v.1.0.2 is gzipping the client key file every night

  • I found that this behavior has been noted before, but is supposedly fixed:

    I am running pfsense version 2.1.5, and the package version for syslog-ng is pkg.v1.0.2.  Every night when the local log files are rolled over, syslog-ng is also gzipping the .key file for the local server.  Did this behavior accidentally slip back in?  Or is in only fixed in a package available for pfsense 2.2?


    (and yes, I did try to report it in the bugtracker but when I create an account, I never get a confirmation email nor can I log in with the credentials I created)

  • Well, I made this work. If you are running into this issue, you can probably fix it this way, but I'm no expert at regex.

    Here is the code that is in the syslog-ng package now, found in /usr/local/pkg/

    preg_match("/\bfile\b\(['\"]([^'\"]*)['\"]/", base64_decode($object['objectparameters']), $match);

    That is supposed to fix the "encrypting the keyfile" behavior, but it doesn't. This is at line 238 according to the redmine page here

    In order to get this thing to STOP encrypting the keyfile, I changed line 238 to this:

    preg_match("/[^-]\bfile\b\(['\"]([^'\"]*)['\"]/", base64_decode($object['objectparameters']), $match);

    Once I change this and re-saved, with no changes, my custom Destination object in syslog-ng (restarting the syslog-ng service does NOT make this change take effect), the /usr/local/etc/logrotate.conf no longer includes the key file, but it DOES still include the syslog-ng log files.

    One other thing - while youa re editing the /usr/local/pkg/ file, chenage the line

    $conf .= "@version:3.6\n";


    $conf .= "@version:3.5\n";

    otherwise the syslog-ng service will not start.

Log in to reply