syslog-ng - stopped working after recent upgrade?

[sorro]

I am on 20.7.1 and only been using opnsense for a few weeks so still learning.

I want to push all my logs via syslog-ng to another host and after setting this up they worked fine for a day but since about 3 days ago when I updated/rebooted to 20.7.1 no more logs have appeared remotely.

I am not sure if there was a problem with the update or whether I have misconfigured something. The remote host syslog-ng process is healthy and syslog service port open in firewall.

If anyone has pointers on what to check that would be appreciated.

Local Logging Options
Disable circular logs    🗹
Preserve logs (Days)    
Log Firewall Default Blocks
   🗹 Log packets matched from the default block rules put in the ruleset
       Log packets matched from the default pass rules put in the ruleset
   🗹 Log packets blocked by 'Block Bogon Networks' rules
   🗹 Log packets blocked by 'Block Private Networks' rules
Web Server Log    🗹 Log errors from the web server process.
Local Logging    🗹 Disable writing log files to the local disk

[MdB]

Three days ago I upgraded our firewalls to 20.7.1-amd64.
Since then all logs on the firewall have frozen. When updating log settings syslog-ng core-dumps on a signal 11 (segment violation)!

[mimugmail]

20.7.2 will deliver a fixed version

[philippe.temesi]

Also noticed this crash with syslog-ng.

[franco]

Hi,

This version should get rid of the crashes for now.

# pkg add -f https://pkg.opnsense.org/FreeBSD:12:amd64/20.7/misc/syslog-ng327-3.27.1_2.txz

It will be part of 20.7.2 and we are discussing with the authors of syslog-ng what can be done about it.


Cheers,
Franco

[dinguz]

I have tried the new package, and it no longer seems to crash, which is good.
However, after disabling circular logging, it still generates these messages:

Aug 20 09:29:47 haanjdj.ddns.net syslog-ng[6085]: Destination timeout has elapsed, closing connection; fd='27'

[gpb]

I have tried the new package, and it no longer seems to crash, which is good.
However, after disabling circular logging, it still generates these messages:

Aug 20 09:29:47 haanjdj.ddns.net syslog-ng[6085]: Destination timeout has elapsed, closing connection; fd='27'

Same here.  And thanks @franco.

Code Select Expand

2020-08-22T12:11:32 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='28'
2020-08-22T12:11:03 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='27'
2020-08-22T12:10:56 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='7'
2020-08-22T12:09:56 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='7'
2020-08-22T12:08:56 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='28'
2020-08-22T12:08:51 syslog-ng[21334] Destination timeout has elapsed, closing connection; fd='7'
2020-08-22T12:07:51 syslog-ng[21334] syslog-ng starting up; version='3.27.1'

[siga75]

I have the same errors

Destination timeout has elapsed, closing connection; fd=xx

[mimugmail]

This is just cosmetic as syslog in general works

[Kyong]

For me it was causing acme-client plugin. I had a newer installation so I upgraded it to 20.7 and everything worked fine. Then I installed acme-client and I had a few issues. I couldn't get a certificate, there were also some php warnings and the syslog-ng started to crash. I tried restart opnsense several times (also with Let's encrypt plugin disable) and after every restart syslog-ng crashed and couldn't be started. So I tried to remove the acme-plugin and after restart syslog-ng was working again. I tried another testing restart and syslog-ng was still working. So the problem was acme-plugin (some of its dependencies probably) which have some problem with syslog-ng.