Print Page - Logging targets stopped after 21.1.3 upgrade

Title: Logging targets stopped after 21.1.3 upgrade
Post by: gauthig on March 10, 2021, 04:52:26 PM

After the upgrade and reboot I notice my ELK server did not get any new records. I stopped and started the syslog-ng service and still nothing. Did tcpdump on the target server and do not see anything for the port I am sending udp log packets on. Then did tcpdump on the opnsense server (tcpdump -Q out udp port 5140) No traffic is going to the ELK server.

I also have Sensi installed with remote ELK (same elk cluster) and it is still fine (TCP port 9200).

Any logs or setting that may help troubleshooting?

Title: Re: Logging targets stopped after 21.1.3 upgrade
Post by: sorano on March 10, 2021, 05:04:02 PM

There were updates to syslog-ng so you should take a look at System: Settings: Logging / targets and verify that everything is configured correctly.

Title: Re: Logging targets stopped after 21.1.3 upgrade
Post by: franco on March 10, 2021, 07:53:12 PM

From x to 21.1.3. What was x? :)

Cheers,
Franco

Title: Re: Logging targets stopped after 21.1.3 upgrade
Post by: gauthig on March 10, 2021, 08:33:34 PM

@Franco, from 21.1.1 to 21.1.3.

Resolved - deleted the existing target and created a new one.

OPNsense Forum

Archive => 21.1 Legacy Series => Topic started by: gauthig on March 10, 2021, 04:52:26 PM