Hello!
I've recently been trying to set up a Graylog instance for remote logging, and after a while I noticed firewall logs stopped showing up. I've since checked the Live View and confirmed they aren't appearing there either.
I've read about the recent change from Clog to syslog_ng and checked to make sure the service is running properly, but have not been able to find anything indicating an error in the service. Other logs (DHCP, system logs, nginx, etc.) all make it through fine- this seems to be isolated to filter logs. I have tried resetting all logs, increasing/decreasing retention, restarting syslog, all services, the entire system, etc. to no avail.
This is my first time on the forum so please let me know if I can provide any boilerplate info about my setup that might help.
This thread seems to have had a similar issue, but their resolution was to reinstall. I'd like to find the root cause if possible. https://forum.opnsense.org/index.php?topic=22141.0 (https://forum.opnsense.org/index.php?topic=22141.0)
root@OPNsense:~ # service syslog-g status
syslog_ng is running as pid 2018.
root@OPNsense:~ # service syslogd status
syslogd is running as pid 15265.
root@OPNsense:~ # cat /var/log/system/latest.log
cat: /var/log/system/latest.log: No such file or directory # seems suspect?
root@OPNsense:~ # cat /var/log/pf.today
block drop in log inet all label "02f4bab031b57d1e30553ce08e0ec131" [ Evaluations: 39093 Packets: 3148 Bytes: 606061 States: 0 ]
Additional info: Option 10 - Firewall Log in the console does work properly.