Local Logs - Settings - Enabled - but not working.

Question

I send my UTM logs through to my Splunk install. Today I noticed that the UTM has not been sending any logs through since Nov 1 2019. 
 On the View Logs Files screen all the logs are "0 bytes" in size Using the Web interface, I disable then re-enabled the logging and nothing changed. (still no logging) 
 I did some searching on this forum, and found some cli commands, so I logged to the UTM, and first did an ls -al *log on the /var/log folder -rw-r--r-- 1 root log 0 Jan 28 12:40 afc.log -rw-r--r-- 1 root log 0 Jan 28 12:40 aptp.log -rw-r--r-- 1 root log 0 Jan 28 12:40 aua.log -rw-r--r-- 1 root log 0 Jan 28 12:40 boot.log -rw-r--r-- 1 root log 0 Jan 28 12:40 confd-debug.log -rw-r--r-- 1 root log 0 Jan 28 12:40 confd.log -rw-r--r-- 1 root log 0 Jan 28 12:40 dhcpd.log -rw-r--r-- 1 root log 0 Jan 28 12:40 epsecd.log -rw-r--r-- 1 root log 0 Jan 28 12:40 fallback.log -rw-r--r-- 1 root log 0 Jan 28 12:40 html5vpn.log -rw-r--r-- 1 root log 0 Jan 28 12:40 httpd.log -rw-r--r-- 1 root log 0 Jan 28 12:40 http.log -rw-r--r-- 1 root log 0 Jan 28 12:40 ips.log -rw-r--r-- 1 root log 0 Jan 28 12:40 kernel.log -rw-r--r-- 1 root log 0 Jan 28 12:40 logging.log -rw-r--r-- 1 root log 0 Jan 28 12:40 login.log -rw-r--r-- 1 root log 0 Jan 28 12:40 mdw-debug.log -rw-r--r-- 1 root log 0 Jan 28 12:40 mdw.log -rw-r--r-- 1 root log 686 Jan 28 12:40 mg-agent.log -rw-r--r-- 1 root log 0 Jan 28 12:40 named.log -rw-r--r-- 1 root log 0 Jan 28 12:40 notifier.log -rw-r--r-- 1 root log 0 Jan 28 12:40 packetfilter.log -rw-r--r-- 1 root log 0 Jan 28 12:40 pppoe.log -rw-r--r-- 1 root log 0 Jan 28 12:40 red.log -rw-r--r-- 1 root log 0 Jan 28 12:40 reverseproxy.log -rw-r--r-- 1 root log 0 Jan 28 12:40 selfmon.log -rw-r--r-- 1 root log 0 Jan 28 12:40 service_monitor.log -rw-r--r-- 1 root log 0 Jan 28 12:40 smtp.log -rw-r--r-- 1 root log 0 Jan 28 12:40 sshd.log -rw-r--r-- 1 root log 0 Jan 28 12:40 system.log -rw-r--r-- 1 root log 0 Jan 28 12:40 up2date.log -rw-r--r-- 1 root log 0 Jan 28 12:40 webadmin.log -rw-r--r-- 1 root log 0 Jan 28 12:40 wireless.log 
 I then ran the following commands.. 
 astaro:/var/log # /etc/init.d/syslogng status :: Status Logging unused 
 astaro:/var/log # /etc/init.d/syslogng restart :: Stopping Logging done :: Starting Logging done :: Restarting Logging 
 astaro:/var/log # /etc/init.d/syslogng status :: Status Logging unused 
 astaro:/var/log # /etc/init.d/syslogng configtest :: Testing Logging configuration/etc/init.d/syslogng: line 29: 8921 Bus error (core dumped) $SYSLOGD -s $SYSLOGD_OPTS failed 
 I the had a quick look at the /etc/init.d/syslogng line 29, and I'm not seeing anything unusual there. 
 ------ start of file ----------- #!/bin/bash # Copyright (C) 2000-2011 Astaro AG # For copyright information look at /doc/astaro-license.txt # or www.astaro.com/.../astaro-license.txt # # Maintainer: Christoph Moench-Tegeder <cmoench@astaro.com> # ### BEGIN INIT INFO # Provides: syslog # Required-Start: $local_fs # Required-Stop: # Default-Start: 2 3 # Default-Stop: 0 6 # Description: Start the syslog-ng and klogd daemons ### END INIT INFO 
 . /lib/lsb/init-functions 
 # First reset status of this service rc_reset 
 PATH=/sbin:/bin:/usr/sbin:/usr/bin PNAME="Logging" 
 SYSLOGD="/usr/sbin/syslog-ng" SYSLOGD_OPTS=" -f /etc/syslog-ng.conf" NOSELFM="/etc/no-selfmonitor/syslog-ng" 
 case "$1" in start) echo -n ":: Starting $PNAME" 
 if checkproc $SYSLOGD; then rc_status -s echo "already running!" exit 1; fi 
 if [ ! -f /etc/syslog-ng.conf ] ; then cp /etc/syslog-ng.conf-minimal /etc/syslog-ng.conf fi 
 ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. startproc -f $SYSLOGD $SYSLOGD_OPTS 2> /dev/null # Remember status and be verbose rc_status -v # activate selfmonitoring rm -f $NOSELFM ;; stop) echo -n ":: Stopping $PNAME" # deactivate selfmonitoring touch $NOSELFM killproc $SYSLOGD >/dev/null 2>&1 # Remember status and be verbose rc_status -v while pgrep -c syslog-ng > /dev/null ; do sleep 0.25 ; done ;; try-restart) ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. $0 status >/dev/null && $0 restart # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start echo -e ${attn}":: Restarting $PNAME"${norm} # Remember status and be quiet rc_status ;; force-reload|reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). echo -n -e ${attn}":: Reconfigure $PNAME"${norm} killproc -HUP $SYSLOGD ; rc_status -v ;; status) ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. 
 # Status has a slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running 
 # NOTE: checkproc returns LSB compliant status values. # NOTE: rc_status knows that we called this init script with # "status" option and adapts its messages accordingly. 
 echo -n ":: Status $PNAME" checkproc $SYSLOGD rc_status -v 
 #echo -n "Checking for service klogd: " #checkproc $KLOGD #rc_status -v 
 ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. echo -n ":: Probe for reload of $PNAME" rc_status -v test /etc/syslog-ng.conf -nt /var/run/syslog-ng.pid && $0 reload ;; configtest) echo -n ":: Testing $PNAME configuration" if ! $SYSLOGD -s $SYSLOGD_OPTS; then rc_failed 1 fi rc_status -v ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe|configtest}" exit 1 ;; esac rc_exit ------- cut file here -------------- 
 So I did some more digging, and noticed there's a new update for the UTM. Firmware version: 9.701-6 (I was on 9.700-5. ) So I manually downloaded the latest and applied it. All installed fine, and the system rebooted. 
 I then rechecked the logs, and unfortunately logging is still not working. I re-ran the /etc/init.d/syslogng commands and got the same results as above. 
 For the record disk space is not an issue astaro:/var/log # df -h Filesystem Size Used Avail Use% Mounted on /dev/sda6 5.2G 2.7G 2.3G 54% / udev 2.0G 96K 2.0G 1% /dev tmpfs 2.0G 48K 2.0G 1% /dev/shm /dev/sda1 331M 16M 295M 5% /boot /dev/sda5 40G 4.6G 33G 13% /var/storage /dev/sda7 52G 387M 49G 1% /var/log /dev/sda8 2.4G 4.7M 2.3G 1% /tmp /dev 2.0G 96K 2.0G 1% /var/storage/chroot-clientlessvpn/dev tmpfs 2.0G 0 2.0G 0% /var/sec/chroot-httpd/dev/shm /dev 2.0G 96K 2.0G 1% /var/sec/chroot-openvpn/dev /dev 2.0G 96K 2.0G 1% /var/sec/chroot-ppp/dev /dev 2.0G 96K 2.0G 1% /var/sec/chroot-pppoe/dev /dev 2.0G 96K 2.0G 1% /var/sec/chroot-pptp/dev /dev 2.0G 96K 2.0G 1% /var/sec/chroot-pptpc/dev /dev 2.0G 96K 2.0G 1% /var/sec/chroot-restd/dev tmpfs 2.0G 0 2.0G 0% /var/storage/chroot-reverseproxy/dev/shm /var/storage/chroot-smtp/spool 40G 4.6G 33G 13% /var/sec/chroot-httpd/var/spx/spool /var/storage/chroot-smtp/spx 40G 4.6G 33G 13% /var/sec/chroot-httpd/var/spx/public/images/spx tmpfs 2.0G 84K 2.0G 1% /var/storage/chroot-smtp/tmp/ram 
 The server/appliance that is running the UTM, has been inplace since 2015 and is a Netgate RCC-VE 2440 
 Thoughts, suggestions, help, greatly appreciated. 
 Trevor..

Local Logs - > Settings -> Enabled - but not working.