Syslog_ng causing ridiculous boot times

[loganx1121]

So I've been having this issue for a while now, and I've just been dealing with it.  I googled it, found a few things, but can't seem to find an actual fix.

Every time I reboot the firewall, it hangs on "Stopping syslog_ng" and I can see on the monitor it's waiting to kill some PID.  It takes forever though, causing like 10 minute reboot times on the firewall.  I didn't have this issue in version 19 that I can remember, and it seems to be a known thing from what I'm reading?  Just wondering if anyone knows an actual fix for this. 

Thanks

[franco]

Can I ask which version and does the health audit say anything in particular?


Cheers,
Franco

[loganx1121]

Can I ask which version and does the health audit say anything in particular?


Cheers,
Franco

Hey Franco.  I'm currently on 20.7.7_1 but the issue has been persistent for several versions now.  Been happening for about 6 months if not more.  The health audit shows everything is fine.

[loganx1121]

For what it's worth, I also tried installing syslog_ng from the packages section in the GUI but that didn't seem to help.  Here's the health audit:

Code: [Select]

***GOT REQUEST TO AUDIT HEALTH***
>>> Check installed kernel version
Version 20.7.6 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 20.7.6 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for and install missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .
elasticsearch5-5.6.8_5: checksum mismatch for /usr/local/etc/elasticsearch/elasticsearch.yml
Checking all packages............ done
>>> Check for core packages consistency
Checking core packages: .................................................................... done
***DONE***

[franco]

Seeing elasticsearch... is it possible this has something to do with sensei or some remote syslog target?

Syslog-ng errors were fixed early in 20.7.x.


Cheers,
Franco

[loganx1121]

I am sending logs to a system that is using elasticsearch and then forwarding them from there to a cloud SIEM.  Yes I also have sensei running but that's been updated several times since the issue started.  What would you suggest?  Do you think this is a sensei issue?

[loganx1121]

Any suggestions here?