Messages

Did you ever figure this out? Also looking to implement some forwarding here...

Found it, documenting here as it was the first google result for my issue:

The file

Code Select Expand

/usr/local/etc/inc/system.inc contains a function named

Code Select Expand

system_syslogd_start, the file is defined and written there. I dont' have any idea yet how to change it so that it survives an OPNsense update, so...

Hey everybody,
I've recently replaced my Ubiquiti EdgeRouter with a VM running

Code Select Expand

OPNsense 19.7.9_1-amd64 - FreeBSD 11.2-RELEASE-p16-HBSD - LibreSSL 3.0.2. It has 2 cores and 4 GB memory, storage is an SSD. I first installed it ~1 month ago.

I recently noticed that it had completely stopped logging a few days ago. I couldn't figure anything specific out, checked System -> Settings -> Logging and made sure "Disable writing log files to the local disk" wasn't ticked. I compared the Logging config with another OPNsense that I run and that logs totally fine.
I tried the "Reset log files" button, and also to raise the log file size. Nothing helped, and being a Windows user on the Desktop and a Linux user when it comes to servers, I began to learn the basics of *BSD to troubleshoot.

I ended up in /var/log, which looks like this (see attachment #1).

So all circular log files haven't been touched since the moment of log file reset. I did then compare a

Code Select Expand

ps aux | grep log and noticed that my properly logging firewall has a process

Code Select Expand

/usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -p /var/run/legacy_log -S /var/run/legacy_logpriv -k -s -s -f /var/etc/syslog.conf, which seems to be kicked off by init.

After restarting a few times, I noticed that syslogd exists for a short time, and then is gone. Further investigation shows a core dump file in /syslogd.core and a dmesg entry like this:

Code Select Expand


*** hostname: OPNsense 19.7.9_1 (amd64/LibreSSL) ***

LAN (em2)       -> v4: 192.168.23.1/24
WAN (em1)       -> v4: 192.168.22.2/24
X_GUEST (em3)   -> v4: 192.168.24.1/24
X_IOT (em0)     -> v4: 192.168.25.1/24

HTTPS: SHA256 25 12 AE C3 10 82 D6 02 5F E2 36 4C 6B F0 62 F4
               69 3F FF 6F D0 E4 A6 C5 F2 01 B4 1C BF 1D 91 5B
SSH:   SHA256 nKB0SuJHPxKLX8ysmjDA0jKwGAjBzkfVq6itnV28RNA (ECDSA)
SSH:   SHA256 fLgrWA1Eix6IlIF8bUN1s4nCXzQGOvGTO8YSyLtGAus (ED25519)
SSH:   SHA256 JHuEQmuKutFRqgNhym1tRnUnMgn8bbl81DbXqbIisDU (RSA)
pid 49361 (syslogd), uid 0: exited on signal 11 (core dumped)


The only thing I could get out of the core file is:

Code Select Expand


Core was generated by `/usr/local/sbin/syslogd -s -c -c -P /var/run/syslog.pid -p /var/run/legacy_log -'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x0000026d40a0b406 in ?? ()
(gdb) bt
#0  0x0000026d40a0b406 in ?? ()
#1  0x0000000000000000 in ?? ()


And that's where I'm stuck - any idea how to proceed or what causes this?

Kind regards
xpac

This is the most easy to find posting on this issue via Google.
As this is still an issue and the file is still as old as before, I've opened an issue on this:
https://github.com/opnsense/core/issues/3883