OpenVPN: All log lines are prepended with <29>1

[klausagnoletti]

I have two OPNsense firewalls. One is 22.1.8_1 and one is 21.7.8. On the first one my OpenVPN logs are prepended with <29>1 if I ssh to it and prints the file raw. On the other one there's nothing weird looking with any of the log files. Why? And how do I fix it? I need my log files parsed by CrowdSec as I am building a parser for those files and looking like that they won't parse.

<29>1 2022-06-15T00:00:51+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="1"] MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock
<29>1 2022-06-15T00:00:51+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="2"] MANAGEMENT: CMD 'status 2'
<29>1 2022-06-15T00:00:52+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="3"] MANAGEMENT: CMD 'quit'
<29>1 2022-06-15T00:00:52+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="4"] MANAGEMENT: Client disconnected
<29>1 2022-06-15T00:01:54+02:00 fw.agnoletti.net openvpn 56743 - [meta sequenceId="1"] MANAGEMENT: Client connected from /var/etc/openvpn/server2.sock

Thanks for any help.

[franco]

Basically you are looking at this change between 21.7 and 22.1:

https://github.com/opnsense/changelog/blob/16999481caf739cb18c0b856a595df1fe5b01752/community/22.1/22.1#L12


Cheers,
Franco

[klausagnoletti]

Thanks but what does that mean in practice? Can it be fixed? If so, how?

/k

[franco]

I am not sure what the question of "how to fix a RFC" means here. The RFC format is the format a syslog parser needs to be able to parse, no?


Cheers,
Franco

[klausagnoletti]

No obviously you can't fix an RFC :-)

Fixing is in terms of removing the stuff from the log files. Surely that can't be deliberate. And if so, why is it not on all log files then? I guess there's a underlying cause that needs to be fixed, right?