On Mon, May 4, 2015 at 1:25 AM, Volker Kuhlmann
list0...@paradise.net.nz wrote:
I noticed that after a re-install of 2.2.2 (with sections of config file
from 2.1.5 and several reboots) syslog to remote was not sending any
data.
The settings at
https://fw.site/diag_logs_settings.php
were all correct (Remote Syslog Servers, IP address) and just saving the
page sends syslog data from pfsense to a remote host.
Now there is no syslog data again. Saving the above page as is makes it
flow out again.
I conclude that under some condition(s) pfsense stops sending syslog
data to a remote host. What might those conditions be, and where do I
start looking?
The last line logged is
...T02:57:57.142885+12:00 xx syslogd: sendto: Operation not permitted
Does local logging stop as well in this circumstance? The operation
not permitted from syslog is often because of something blocking the
traffic, like Snort with block offenders is a common one. But that
should only stop remote logging. And a kick of syslogd shouldn't be
enough to change that.
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold