Right as I hit post for this I just found what seems to do it. "Disable writing log files to the local RAM disk"  If that is checked then clog no longer works and the syslogd.conf file is turned into that listed at the beginning of the post and hence nothing will log to any place any longer. I recommend that setting be renamed to "Disables all logging."

Intel NICs are indeed the better option.  :) However I think a large amount of the bad rep associated with Realtek was due to their 10/100 cards. The recent Gigabit cards are much better. Steve

just to update anyone who may have this problem turns out the snort rule (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE was blocking my legitmate web browsing i could see this by browsing the net and keeping an eye on the snort alerts and then seeing the sites appear in the block list. took me about 3 days to work this out as its never happened before. anyhow the below link shows the solution which in a nutshell is adding the sid of the rule into a suppress list and then picking the rule in the suppression and filtering dropdown in the snort interface. http://forum.pfsense.org/index.php?topic=44224.0;prev_next=prev i can sleep well again tonight was really annoying me this one..

To get bonjour working across interfaces you will probably need the Avahi package. However I would expect you to be able to see it via it's IP. Since your pfSense box is behind a router does it have a private subnet on its WAN? If so have you removed the block private networks rule? Is there some reason that your printer is not on the pfSense LAN? Steve

why dont you post up how much traffic there is, what services you plan to run and what hardware you have… generally speaking the hardware is almost always overkill.

Thanks for the quick reply, I tried that, unfortunately its not working for those websites. Any tips\guides on how to use Squid\SquidGuard on pfSense? Thanks!

Bingo! That's what I needed to do! Testing is going much better now! :)

All my experience is with the Firebox LCD which is built into the appliance so not much use to you. Probably best to ask in the lcdproc-dev thread. Although I note that the only reference to the LCD you have is in reply to a similar suggestion.  ::) Steve

/etc/rc.linkup l2tp0 start actually. GREAT Big thanks! Now i can go further  :D

Thanks again cmb, Battle plan is to read through the material and play with it some.  No doubt can sort it out quick with some hands on. Ed

So you want a correlation of external ip to internal ip traffic analysis?  ie: 204.123.123.13 <-> 192.168.10.100 -ntop can do that though Im not sure how good the package is in pfsense at this time. Should be able to do netflow metrics. -bandwidthd also seems somewhat capable. -pflow might be another option though it doesnt appear to be a support package on pfsense.

Hello, I could get only the test messages but not the alerts. Can anyone help me in this regard. regards Venkat

Hi Again, I think you should firts remove nics on your vm then add again them. After that do steps. Regards, SGTR

Hi, I have configured pfsense 2.0.1 for email notification and could get the test email message but no events are received by emails. can anyone help me in this regard. Venkat

On 2.0 and newer versions, the better drivers include details on errors in sysctl output. For instance if you have those errors on em0, run:  sysctl -a |grep em0 and you'll see specifics on what they are.

Are xxx and zzz both public subnets? Steve

Put the system in a welded "catwalk cage" along side a ZoneMinder monitor with a simple usb cam capable of sms/emailing notifications. Epoxy ports in place and metal shield cables.  Weld/Glue/Lock the case shut. Wire in a high capacity cmos battery. Back the entire thing up with a 4000VA ups with attach notif usb inside the cage. Or, just hire someone with a larger pay grade and hand them a remington 870 and box of ammo. Cheap and effective.