OPNsense Forum
English Forums => Virtual private networks => Topic started by: klausagnoletti on June 17, 2022, 01:43:00 pm
-
I have two OPNsense firewalls. One is 22.1.8_1 and one is 21.7.8. On the first one my OpenVPN logs are prepended with <29>1 if I ssh to it and prints the file raw. On the other one there's nothing weird looking with any of the log files. Why? And how do I fix it? I need my log files parsed by CrowdSec as I am building a parser for those files and looking like that they won't parse.
<29>1 2022-06-15T00:00:51+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="1"] MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
<29>1 2022-06-15T00:00:51+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="2"] MANAGEMENT: CMD 'status 2'
<29>1 2022-06-15T00:00:52+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="3"] MANAGEMENT: CMD 'quit'
<29>1 2022-06-15T00:00:52+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="4"] MANAGEMENT: Client disconnected
<29>1 2022-06-15T00:01:54+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="1"] MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
Thanks for any help.
-
Basically you are looking at this change between 21.7 and 22.1:
https://github.com/opnsense/changelog/blob/16999481caf739cb18c0b856a595df1fe5b01752/community/22.1/22.1#L12
Cheers,
Franco
-
Thanks but what does that mean in practice? Can it be fixed? If so, how?
/k
-
I am not sure what the question of "how to fix a RFC" means here. The RFC format is the format a syslog parser needs to be able to parse, no?
Cheers,
Franco
-
No obviously you can't fix an RFC :-)
Fixing is in terms of removing the stuff from the log files. Surely that can't be deliberate. And if so, why is it not on all log files then? I guess there's a underlying cause that needs to be fixed, right?