Logging targets stopped after 21.1.3 upgrade

Started by gauthig, March 10, 2021, 04:52:26 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 10, 2021, 04:52:26 PM
After the upgrade and reboot I notice my ELK server did not get any new records.  I stopped and started the syslog-ng service and still nothing.  Did tcpdump on the target server and do not see anything for the port I am sending udp log packets on.  Then did tcpdump on the opnsense server (tcpdump -Q out udp port 5140)  No traffic is going to the ELK server. 

I also have Sensi installed with remote ELK (same elk cluster) and it is still fine (TCP port 9200).

Any logs or setting that may help troubleshooting?
March 10, 2021, 05:04:02 PM #1
There were updates to syslog-ng so you should take a look at System: Settings: Logging / targets and verify that everything is configured correctly.
2x 23.7 VMs & CARP, 4x 2.1GHz, 8GB
Cisco L3 switch, ESXi, VDS, vmxnet3
DoT, Chrony, HAProxy + NAXSI, Suricata
VPN: IPSec, OpenVPN, Wireguard
MultiWAN: Fiber 500/500Mbit dual stack + 4G failover

--
Available for private support.
Did my answer help you? Feel free to click [applaud] to the left
March 10, 2021, 07:53:12 PM #2
From x to 21.1.3. What was x? :)


Cheers,
Franco
March 10, 2021, 08:33:34 PM #3
@Franco, from 21.1.1 to 21.1.3.

Resolved - deleted the existing target and created a new one. 

Print
Go Up Pages1
User actions