OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: Bytechanger on September 23, 2020, 11:28:01 am
-
Hi,
I want to disable remote syslog.
I disabled/removed all from System->Logging/targets.
But on my remote syslog there where many entrys.
Where can I finaly disable it?
Greets
Byte
-
Hi,
no idea?
When I look into config.xml, there isn an entry
<syslog>
<reverse>1</reverse>
<nentries>50</nentries>
<remoteserver>172.30.90.81</remoteserver>
<remoteserver2/>
<remoteserver3/>
<sourceip/>
<ipproto>ipv4</ipproto>
<logall>1</logall>
<enable>1</enable>
<nologdefaultblock>1</nologdefaultblock>
<nologdefaultpass>1</nologdefaultpass>
<nologbogons>1</nologbogons>
<nologprivatenets>1</nologprivatenets>
</syslog>
But no position, where I can disable it in GUI?!
BUG??
Greets
Byte
-
System->Logging/Targets.
-
That´s empty!
So that is the problem!
Greets
Byte
-
Odd.. Mines OK if I add and delete. Here's mine after I have deleted the entry: So just edit the config.xml and reboot.
<syslog>
<reverse>1</reverse>
<nentries>50</nentries>
<remoteserver/>
<remoteserver2/>
<remoteserver3/>
<sourceip/>
<ipproto>ipv4</ipproto>
<nologlighttpd>1</nologlighttpd>
<nologbogons>1</nologbogons>
<nologprivatenets>1</nologprivatenets>
<nologdefaultpass>1</nologdefaultpass>
</syslog>
-
Hi,
thanks, removed it from config, import config part for syslog, restart syslog.
Now when I download config file, its like yours.
But, there are entrys every seconds in remote syslog::
Hostname Kategorie Programm Nachrichten
OPNsense.local local7 dhcpd DHCP offer
OPNsense.local user devd Popping table
OPNsense.local user configd.py [xxxxxxx
and so on....
Need help
-
did you reboot?
-
yes, several times!
It´s spoky, in config, I didn´t find a place, where remote syslog IP ist set to...
Greets
Byte
-
When I disable Syslog Server (Destination) in OPNSense Log there where entrys like:
Syslog connection broken; fd='21', server='AF_INET(172.30.90.81:514)', time_reopen='60'
So it trys to log all the time!
I think it´s a bug between GUI and Backend.
Greets
Byte
-
same issue here.
I edited /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf and now no more errors:
destination d_legacy_remote {
#network("192.168.14.241" transport("udp") port(514) ip-protocol(4) );
};
### ALL ####
log {
source(s_all);
destination(d_legacy_remote);
};
-
This looks to still be a problem as of 20.7.7_1. Did anyone ever find a solution beyond exporting and editing the config by hand?
-
looks like a remnant of an old, unused configuration (because of transitioning from syslogd to syslog-ng?)
it seems to me that you can just delete /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf so that it not read into syslog-ng.conf via a hook
-
I think it's resolved here:
https://github.com/opnsense/core/issues/4121
-
I hate that I have to reply to a topic this old, but I just spent 30 minutes trying things to make this go away "for good". There's a 2 step part to this issue:
1. The file /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf has your old syslog IP in it.
2. Your config file also has the IP in it, so restoring your config to a new system would presumably restore the issue.
I cleared this issue on my system by doing both of these two things:
1. Comment out the line in /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf that has your IP listed.
2. Download your config file, search your config file for the IP, and remove that entire section. After that, reupload the file and reboot the opnsense box.
At this point your opnsense system should not try to connect to that syslog server anymore, and any future setup you do with your config file won't regenerate this rather annoying edge case.
You should be able to look at System -> Settings -> Logging/Targets -> Statistics and no longer see that IP, and your system should no longer try to connect to that IP, generating log entries for the failures since that syslog server is long since retired.