Remote Syslog keeps sending to old target

[90er]

I recently changed the Remote Syslog Target in OPNsense 20.1.2 (https:///ui/syslog/) and applied the change. I confirmed it by checking the incoming logs at the new Syslog Server.

Today i wanted to shut down the old Syslog Server and have seen, that the OPNsense System is still sending the events to the old Syslog Target as well.

The section "System: Settings: Logging / targets" only shows the new Syslog Target. Even restarting the service "syslog-ng" doesn't fix it.

Information: i'm using explicit ip-addresses for the Logging targets and not DNS.

Thanks,
Wolfgang

[90er]

This also happens with OPNsense 20.1.4.

[AdSchellevis]

it's a leftover from an older version, see #4060 (comment)

[90er]

@AdSchellevis thanks a lot. Do you think this will be fixed soon? I would wait then and give feedback as tester ;-)

[AdSchellevis]

just remove the file as mentioned in the comment

[Bytechanger]

Me too,
is there a way to disable reporting? SSH and change a config or something else?

[mimugmail]

Do a fgrep with your syslog IP over /usr/local/etc.
Maybe theres a stale file

[AdSchellevis]

rm /usr/local/etc/syslog-ng.conf.d/syslog-ng-destinations.conf (In which case I'm repeating myself #4060 (comment))

[Bytechanger]

Hi,

thanks, but

1. fgrep "172.30.90.81" /usr/local/etc
   returning nothing

2. cat /usr/local/etc/syslog-ng.conf.d/syslog-ng-destinations.conf
   returning nothing
   file has one empty line...

3. found my ip at
   /usr/local/etc/syslog-ng.conf.d/legacy-remote.conf

`destination d_legacy_remote {

network("172.30.90.81" transport("udp") port(514) ip-protocol(4) );

};

### ALL ####
log {
  source(s_all);
  destination(d_legacy_remote);
};`

so I think 1) was wrong command ?!

Greets

Byte

[mimugmail]

fgrep -r ..

[Bytechanger]

OK thanks, found it now.

I deleted legacy-remote.conf now, restart service and logging stops! Thanks.
One more question, do I need
/usr/local/etc/syslog-ng.conf.d/legacy.conf ?
It sounds like an "old" config?!

#
# OPNsense legacy log target
# send all received local events to platform standard syslogd
#

destination legacy_dst {
    unix-dgram("/var/run/legacy_log" flags(syslog-protocol));
};

log {
    source(s_all);
    destination(legacy_dst);
};

Is the config normal? I don´t want to log to much data.

Greets

Byte

[fichtner]

Might be better to make legacy.conf an empty template and remove in next major version?

…

On 4. Oct 2020, at 10:34, Bytechanger ***@***.***> wrote:  OK thanks, found it now. I deleted legacy-remote.conf now, restart service and logging stops! Thanks. One more question, do I need /usr/local/etc/syslog-ng.conf.d/legacy.conf ? It sounds like an "old" config?! # # OPNsense legacy log target # send all received local events to platform standard syslogd # destination legacy_dst { unix-dgram("/var/run/legacy_log" flags(syslog-protocol)); }; log { source(s_all); destination(legacy_dst); }; Is the config normal? I don´t want to log to much data. Greets Byte — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[AdSchellevis]

@fichtner I don't think we should do anything, the major upgrade change log (https://docs.opnsense.org/releases/20.1.html?highlight=syslog#january-30-2020) clearly stated which steps to perform before upgrade, you are allowed to keep old configs, but the system won't manage them anymore in that case.

[AdSchellevis]

This issue has been automatically timed-out (after 180 days of inactivity).

For more information about the policies for this repository,
please read https://github.com/opnsense/core/blob/master/CONTRIBUTING.md for further details.

If someone wants to step up and work on this issue,
just let us know, so we can reopen the issue and assign an owner to it.