The pfSense Store

Author Topic: system logging bug?  (Read 4615 times)

0 Members and 1 Guest are viewing this topic.

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
system logging bug?
« on: November 29, 2009, 01:55:46 pm »
I want to log my pfsense gateway to my central linux server.  So I went to Status => System logs => Settings and put the IP of the linux server.  Works fine.  Until and unless I reboot the pfsense, then no more syslog.  I go to the settings page and it is still shown as enabled.  I click on the Save button and see this appear on the remote syslog server:

Nov 29 14:14:10 gateway syslogd: restart
Nov 29 14:14:10 gateway syslogd: kernel boot file is /boot/kernel/kernel

And from that point on, messages flow like they should.  There are no messages in /var/log/system.log that are enlightening.  I tried rebooting the gateway and fired up tcpdump, matching on syslog.  No packets. I then did the 'click on the save button' deal and saw syslog messages in the remote log, and seen by tcpdump.  I am port forwarding UDP/514 from a specific host to the same syslog server, but that doesn't seem to be relevant, since restarting the syslogd is what "fixes" this.  Any ideas?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: system logging bug?
« Reply #1 on: November 29, 2009, 06:52:55 pm »
It would be interesting to see the contents of /var/etc/syslog.conf in both the broken and working states.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #2 on: November 29, 2009, 06:57:55 pm »
okay, i'll get that asap.

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #3 on: November 29, 2009, 09:17:13 pm »
okay, good news, bad news.  there is no difference in the config file, but i think i know what is going wrong.  since my home office is currently wireless to the pfsense, i can't see the console when this happens, so i tried an experiment: i created a virtualbox VM and installed a 1.2.3RC3 on it, and then set it to syslog to the same linux box.  see messages.  reboot the VM.  no messages.  look at the virtualbox console while this is happening.  we are starting syslog too early, before even the LAN has been configured, as i then see a message from syslog (not in the console, but in the pfsense syslog) that says "network unreachable".  it seems as if once this has happened, syslog is borked, and needs to be bounced.  should i open a ticket?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: system logging bug?
« Reply #4 on: November 29, 2009, 09:29:25 pm »
yeah, that would be the best thing to do at this point. Be sure to include all of that detail.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #5 on: November 29, 2009, 10:02:32 pm »
Ticket 196 opened.

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #6 on: November 30, 2009, 12:30:48 pm »
Chris has reproduced this and is investigating.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: system logging bug?
« Reply #7 on: November 30, 2009, 12:37:29 pm »
So I saw. He posted a message to the developer's list asking for input.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #8 on: November 30, 2009, 12:47:24 pm »
Ah, okay.  Something is clearly wrong, since if the subnet is not visible, you should get ENETDOWN, which syslogd treats as transitory, rather than ENETUNREACH, which is fatal.  I even tried booting a VM and taking all the interfaces offline and pinging the same host, and I do in fact get ENETDOWN, so this is odd, to put it mildly :)

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 14934
    • View Profile
Re: system logging bug?
« Reply #9 on: November 30, 2009, 12:57:14 pm »
That is odd. I wonder if it comes to life if you just kill -HUP it rather than restarting.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline danswartz

  • Hero Member
  • *****
  • Posts: 1167
    • View Profile
Re: system logging bug?
« Reply #10 on: November 30, 2009, 01:03:16 pm »
No idea, probably, if HUP entails rereading the config file.