Syslog-ng not archiving on pfsense 2.2
-
Hello. I installed syslog-ng on two firewalls on Friday - one is 2.2, the other is 2.1.5. On 2.2, the syslog-ng service started without having to adjust it - on 2.1.5. I had to follow my usual procedure as below:
Log into the webgui as andmin and go to Diagnostics->Edit file and browse to /usr/local/pkg/syslog-ng.inc and
1. search the file for @version. Change it from whatever it is (likely 3.6) to 3.5; i.e. "@version:3.6\n"; becomes "@version:3.5\n";2. In the SAME FILE, find and replace this line (and yes, it’s all one line):
preg_match("/\bfile\b('"['"]/", base64_decode($object['objectparameters']), $match);
with this line:
preg_match("/[^-]\bfile\b('"['"]/", base64_decode($object['objectparameters']), $match);
3. and then SAVE the file, start syslog-ng
So, over the weekend, the 2.1.5 install worked fine, received data and did the daily archive.
the 2.2 install currently has a 500Mb /var/syslog-ng/default file, and is NOT rolling over.
I can't find any entires in the log file for "zip" "gzip", "syslog-ng" contains jsut eh successful installation and starting of the service.Can anyone help me with troubleshooting the syslog-ng archive process? I have many 2.1.5 configurations that archiving works fine on, jsut this 2.2 install does not. Thanks!!
EDIT: I let this run over the weekend, it still did not archive. I'm not finding any errors in the log, but I may not know what I'm looking for. Does anyone have any experience with the syslog-ng archive process?
-
same here.
Manually run the log rotate cron job/usr/bin/nice -n20 /usr/pbi/syslog-ng-i386/local/sbin/logrotate /usr/local/etc/logrotate.confgives the following error
Shared object "libpopt.so.0" not found, required by "logrotate"pfSense 2.2.4-RELEASE, i386 and amd64
syslog-ng package version 1.0.7 -
Have any reboots been done, just in case some settings dont take effect until after a reboot?
-
Not a package bug. That's standard PBI idiocy.
-
Did anyone find the solution for this problem?
I have pfsense 2.2.6 with syslog-ng 1.1.1 and log files are not rotating
-
I think, after following various other threads on this issue, I MAY have fixed this.
If I copy these two files to this location:
cp /usr/pbi/syslog-ng-amd64/lib/libpopt.so.0 /usr/lib/
cp /usr/pbi/syslog-ng-amd64/lib/libcrpto.so.8 /usr/lib/
cp /usr/pbi/syslog-ng-amd64/lib/libintl.so.8 /usr/lib/and then run:
/usr/pbi/syslog-ng-amd64/local/sbin/logrotate /usr/local/etc/logrotate.confit now completes with no errors. Now, I haven't let this run overnight yet, and simply running the logrotate doesn't do anything because on the units I've tried it on, there has been nothing to rotate yet. I should know for certain that things are rolling over by tomorrow….
2.3.2 and syslog-ng logrotate did work for me without any funny business. I did have to change the version in the file from my OP to 3.7 to get syslog-ng to even start, plus also change the search as indicated above.
EDIT: first two firewalls I checked this morning rotated files last night, and gzip worked, so it appears the above does work.