Syslog-ng not archiving on pfsense 2.2

snm777

Hello. I installed syslog-ng on two firewalls on Friday - one is 2.2, the other is 2.1.5.  On 2.2, the syslog-ng service started without having to adjust it - on 2.1.5. I had to follow my usual procedure as below:

Log into the webgui as andmin and go to Diagnostics->Edit file and browse to /usr/local/pkg/syslog-ng.inc and
1. search the file for @version.  Change it from whatever it is (likely 3.6) to 3.5; i.e. "@version:3.6\n"; becomes "@version:3.5\n";

2. In the SAME FILE, find and replace this line (and yes, it’s all one line):

preg_match("/\bfile\b('"['"]/", base64_decode($object['objectparameters']), $match);

with this line:

preg_match("/[^-]\bfile\b('"['"]/", base64_decode($object['objectparameters']), $match);

3. and then SAVE the file, start syslog-ng

So, over the weekend, the 2.1.5 install worked fine, received data and did the daily archive.
the 2.2 install currently has a 500Mb /var/syslog-ng/default file, and is NOT rolling over.
I can't find any entires in the log file for "zip" "gzip", "syslog-ng" contains jsut eh successful installation and starting of the service.

Can anyone help me with troubleshooting the syslog-ng archive process?  I have many 2.1.5 configurations that archiving works fine on, jsut this 2.2 install does not.  Thanks!!

EDIT:  I let this run over the weekend, it still did not archive.  I'm not finding any errors in the log, but I may not know what I'm looking for.  Does anyone have any experience with the syslog-ng archive process?

cshy0024

same here.
Manually run the log rotate cron job

/usr/bin/nice -n20 /usr/pbi/syslog-ng-i386/local/sbin/logrotate /usr/local/etc/logrotate.conf

gives the following error

Shared object "libpopt.so.0" not found, required by "logrotate"

pfSense 2.2.4-RELEASE, i386 and amd64
syslog-ng package version 1.0.7

firewalluser

Have any reboots been done, just in case some settings dont take effect until after a reboot?

doktornotor

Not a package bug. That's standard PBI idiocy.

msemidan

Did anyone find the solution for this problem?

I have pfsense 2.2.6 with syslog-ng 1.1.1 and log  files are not rotating

snm777

I think, after following various other threads on this issue, I MAY have fixed this.

If I copy these two files to this location:

cp /usr/pbi/syslog-ng-amd64/lib/libpopt.so.0 /usr/lib/
cp /usr/pbi/syslog-ng-amd64/lib/libcrpto.so.8 /usr/lib/
cp /usr/pbi/syslog-ng-amd64/lib/libintl.so.8 /usr/lib/

and then run:
/usr/pbi/syslog-ng-amd64/local/sbin/logrotate /usr/local/etc/logrotate.conf

it now completes with no errors.  Now, I haven't let this run overnight yet, and simply running the logrotate doesn't do anything because on the units I've tried it on, there has been nothing to rotate yet.  I should know for certain that things are rolling over by tomorrow….

2.3.2 and syslog-ng logrotate did work for me without any funny business.  I did have to change the version in the file from my OP to 3.7 to get syslog-ng to even start, plus also change the search as indicated above.

EDIT:  first two firewalls I checked this morning rotated files last night, and gzip worked, so it appears the above does work.