Where disable remote syslog?

[Bytechanger]

Hi,

I want to disable remote syslog.
I disabled/removed all from System->Logging/targets.

But on my remote syslog there where many entrys.

Where can I finaly disable it?

Greets

Byte

[Bytechanger]

Hi,

no idea?

When I look into config.xml, there isn an entry

Code Select Expand

<syslog>
    <reverse>1</reverse>
    <nentries>50</nentries>
    <remoteserver>172.30.90.81</remoteserver>
    <remoteserver2/>
    <remoteserver3/>
    <sourceip/>
    <ipproto>ipv4</ipproto>
    <logall>1</logall>
    <enable>1</enable>
    <nologdefaultblock>1</nologdefaultblock>
    <nologdefaultpass>1</nologdefaultpass>
    <nologbogons>1</nologbogons>
    <nologprivatenets>1</nologprivatenets>
  </syslog>

But no position, where I can disable it in GUI?!

BUG??

Greets

Byte

[marjohn56]

System->Logging/Targets.

[Bytechanger]

That´s empty!
So that is the problem!

Greets

Byte

[marjohn56]

Odd.. Mines OK if I add and delete. Here's mine after I have deleted the entry: So just edit the config.xml and reboot.



<syslog>
    <reverse>1</reverse>
    <nentries>50</nentries>
    <remoteserver/>
    <remoteserver2/>
    <remoteserver3/>
    <sourceip/>
    <ipproto>ipv4</ipproto>
    <nologlighttpd>1</nologlighttpd>
    <nologbogons>1</nologbogons>
    <nologprivatenets>1</nologprivatenets>
    <nologdefaultpass>1</nologdefaultpass>
  </syslog>

[Bytechanger]

Hi,

thanks, removed it from config, import config part for syslog, restart syslog.
Now when I download config file, its like yours.

But, there are entrys every seconds in remote syslog::
Hostname                 Kategorie    Programm    Nachrichten
OPNsense.local          local7                dhcpd              DHCP offer
OPNsense.local         user                   devd             Popping table
OPNsense.local       user                 configd.py     [xxxxxxx

and so on....

Need help

[marjohn56]

did you reboot?

[Bytechanger]

yes, several times!

It´s spoky, in config, I didn´t find a place, where remote syslog IP ist set to...

Greets

Byte

[Bytechanger]

When I disable Syslog Server (Destination) in OPNSense Log there where entrys like:
Syslog connection broken; fd='21', server='AF_INET(172.30.90.81:514)', time_reopen='60'

So it trys to log all the time!
I think it´s a bug between GUI and Backend.

Greets

Byte

[zitlo]

same issue here.

I edited /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf and now no more errors:

Code Select Expand


destination d_legacy_remote {

#network("192.168.14.241" transport("udp") port(514) ip-protocol(4) );

};

### ALL ####
log {
  source(s_all);
  destination(d_legacy_remote);
};



[deviantintegral]

This looks to still be a problem as of 20.7.7_1. Did anyone ever find a solution beyond exporting and editing the config by hand?

[Fright]

looks like a remnant of an old, unused configuration (because of transitioning from syslogd to syslog-ng?)
it seems to me that you can just delete /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf so that it not read into syslog-ng.conf via a hook

[gpb]

I think it's resolved here:

https://github.com/opnsense/core/issues/4121

[j_s]

I hate that I have to reply to a topic this old, but I just spent 30 minutes trying things to make this go away "for good".  There's a 2 step part to this issue:

1.  The file /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf has your old syslog IP in it.
2.  Your config file also has the IP in it, so restoring your config to a new system would presumably restore the issue.

I cleared this issue on my system by doing both of these two things:

1.  Comment out the line in /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf that has your IP listed.
2.  Download your config file, search your config file for the IP, and remove that entire section.  After that, reupload the file and reboot the opnsense box.

At this point your opnsense system should not try to connect to that syslog server anymore, and any future setup you do with your config file won't regenerate this rather annoying edge case.

You should be able to look at System -> Settings -> Logging/Targets -> Statistics and no longer see that IP, and your system should no longer try to connect to that IP, generating log entries for the failures since that syslog server is long since retired.