OPNsense Forum

Archive => 20.7 Legacy Series => Topic started by: loganx1121 on January 10, 2021, 02:35:34 am

Title: Syslog_ng causing ridiculous boot times
Post by: loganx1121 on January 10, 2021, 02:35:34 am

So I've been having this issue for a while now, and I've just been dealing with it.  I googled it, found a few things, but can't seem to find an actual fix.

Every time I reboot the firewall, it hangs on "Stopping syslog_ng" and I can see on the monitor it's waiting to kill some PID.  It takes forever though, causing like 10 minute reboot times on the firewall.  I didn't have this issue in version 19 that I can remember, and it seems to be a known thing from what I'm reading?  Just wondering if anyone knows an actual fix for this. 

Thanks

Title: Re: Syslog_ng causing ridiculous boot times
Post by: franco on January 11, 2021, 07:56:26 pm

Can I ask which version and does the health audit say anything in particular?


Cheers,
Franco

Title: Re: Syslog_ng causing ridiculous boot times
Post by: loganx1121 on January 14, 2021, 01:19:35 pm

Quote from: franco on January 11, 2021, 07:56:26 pm

Can I ask which version and does the health audit say anything in particular?


Cheers,
Franco

Hey Franco.  I'm currently on 20.7.7_1 but the issue has been persistent for several versions now.  Been happening for about 6 months if not more.  The health audit shows everything is fine.

Title: Re: Syslog_ng causing ridiculous boot times
Post by: loganx1121 on January 14, 2021, 01:24:19 pm

For what it's worth, I also tried installing syslog_ng from the packages section in the GUI but that didn't seem to help.  Here's the health audit:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .
elasticsearch5-5.6.8_5: checksum mismatch for /usr/local/etc/elasticsearch/elasticsearch.yml
Checking all packages............ done
>>> Check for core packages consistency
Checking core packages: .................................................................... done
***DONE***

Title: Re: Syslog_ng causing ridiculous boot times
Post by: franco on January 14, 2021, 05:02:33 pm

Seeing elasticsearch... is it possible this has something to do with sensei or some remote syslog target?

Syslog-ng errors were fixed early in 20.7.x.


Cheers,
Franco

Title: Re: Syslog_ng causing ridiculous boot times
Post by: loganx1121 on January 16, 2021, 02:59:40 am

I am sending logs to a system that is using elasticsearch and then forwarding them from there to a cloud SIEM.  Yes I also have sensei running but that's been updated several times since the issue started.  What would you suggest?  Do you think this is a sensei issue?

Title: Re: Syslog_ng causing ridiculous boot times
Post by: loganx1121 on January 27, 2021, 02:46:58 am

Any suggestions here?