• Log file question

    Locked
    12
    0 Votes
    12 Posts
    25k Views
    M

    Hi Hoba !

    I haven't solved anythink, just modify my pfsense box to do what in need…
    I have understand why the logs are in ram and why clog generate circular log files.

    This is the start of my work... in a 1.2 Rc2 realease.
    Suggestions are welcome !

    Do not try it if you have no enought space on your Hdd !

    1, Install ssmtp :

    #setenv PACKAGESITE ftp://ftp4.freebsd.org/pub/FreeBSD/ports/i386/packages-6-stable/Latest/
    #pkg_add -r redir

    #pkg_add -r ssmtp

    2, rename the conf file /usr/local/etc/ssmtp.conf.sample to ssmtp.conf
    Modify this file (give your smtp server parameters).

    this is my ssmtp.conf file:

    /etc/ssmtp.conf -- a config file for sSMTP sendmail. The person who gets all mail for userids < 1000 Make this empty to disable rewriting.

    root=

    The place where the mail goes. The actual machine name is required no MX records are consulted. Commonly mailhosts are named mail.domain.com The example will fit if you are in domain.com and your mailhub is so named. Example for SMTP port number 2525 mailhub=mail.your.domain:2525 Example for SMTP port number 25 (Standard/RFC)

    mailhub=smtp.wanadoo.fr:25

    Example for SSL encrypted connection mailhub=mail.your.domain:465 Where will the mail seem to come from?

    #rewriteDomain=

    The full hostname

    #hostname=

    Set this to never rewrite the "From:" line (unless not given) and to use that address in the "from line" of the envelope.

    FromLineOverride=YES

    Use SSL/TLS to send secure messages to server.

    #UseTLS=YES

    Use SSL/TLS certificate to authenticate against smtp host.

    #UseTLSCert=YES

    Use this RSA certificate. #TLSCert=/usr/local/etc/ssmtp/ssmtp.pem

    I 've just modify the mailhub= , and uncomment FromLineOverride=YES

    3, Install syslog-ng
    #pkg_add -r syslog-ng

    4, edit /usr/local/etc/syslog-ng/syslog-ng.conf (read the doc before).
    this is my conf, not finished, i cath all log to messages logs).
    This is just an example... This sample configuration file is essentially equilivent to the stock FreeBSD /etc/syslog.conf file.

    options { long_hostnames(off); sync(0); };

    sources

    source src { unix-dgram("/var/run/log");
                unix-dgram("/var/run/logpriv" perm(0600));
        udp(); internal(); file("/dev/klog"); };

    destination

    destination firewall { file("/log/$DAY$MONTH$YEAR/filter.log"
      create_dirs(yes)); };
    destination vpn { file("/log/$DAY$MONTH$YEAR/vpn.log"
      create_dirs(yes)); };
    destination portalauth { file("/log/$DAY$MONTH$YEAR/portalauth.log"
      create_dirs(yes)); };
    destination dhcp { file("/log/$DAY$MONTH$YEAR/dhcpd.log"
      create_dirs(yes)); };
    destination messages { file("/log/$DAY$MONTH$YEAR/messages.log"
      create_dirs(yes)); };
    destination cron { file("/log/$DAY$MONTH$YEAR/cron.log"
      create_dirs(yes)); };
    destination auth { file("/log/$DAY$MONTH$YEAR/auth.log"
      create_dirs(yes)); };
    destination sshlockout { program("/usr/local/sbin/sshlockout_pf"); };

    destination ntpd { file("/log/$DAY$MONTH$YEAR/ntpd.log"
      create_dirs(yes)); };
    destination ipsec { file("/log/$DAY$MONTH$YEAR/ipsec.log"
      create_dirs(yes)); };
    destination openvpn { file("/log/$DAY$MONTH$YEAR/openvpn.log"
      create_dirs(yes)); };

    Define filters Level Filters

    filter f_emerg { level (emerg); };
    filter f_alert { level (alert .. emerg); };
    filter f_crit { level (crit .. emerg); };
    filter f_err { level (err .. emerg); };
    filter f_warning { level (warning .. emerg); };
    filter f_notice { level (notice .. emerg); };

    Facility Filters

    filter f_auth { facility(auth, authpriv); };
    filter f_authpriv { facility(authpriv); };
    filter f_syslog { facility (syslog); };
    filter f_cron { facility (cron); };
    #filter f_local0 { facility (local0); };
    filter f_local1 { facility (local1); };
    filter f_local2 { facility (local2); };
    filter f_local3 { facility (local3); };
    filter f_local4 { facility (local4); };
    filter f_local5 { facility (local5); };
    filter f_local6 { facility (local6); };
    filter f_local7 { facility (local7); };
    filter ntp   {program (ntpd); };
    filter f_racoon   {program (racoon); };
    filter f_openvpn   {program (openvpn); };
    #filter f_firewall-drop { facility (local0) and match("drop"); };
    filter f_firewall-pass { facility (local0) and match("pass"); };

    #log { source(src); filter(f_local0); destination(firewall); };
    log { source(src); filter(f_firewall-pass); destination(firewall); };
    log { source(src); filter(f_local3); destination(vpn); };
    log { source(src); filter(f_local4); destination(portalauth); };
    log { source(src); filter(f_local7); destination(dhcp); };
    #log { source(src); filter(f_cron); destination(cron); };
    log { source(src); filter(f_auth); destination(auth); };
    log { source(src); filter(f_auth); destination(sshlockout); };
    log { source(src); filter(ntp); destination(ntpd); };
    log { source(src); filter(f_racoon); destination(ipsec); };
    log { source(src); filter(f_openvpn); destination(openvpn); };
    log { source(src); destination(messages); };

    5, modify the /etc/rc file, comment the creation of clog files
    (or better test if syslog-ng exist and do an else / then

    generate circular logfiles

    #if [ ! "$PLATFORM" = "cdrom" ]; then

    clog -i -s 512144 /var/log/system.log clog -i -s 512144 /var/log/filter.log clog -i -s 65535 /var/log/dhcpd.log clog -i -s 65535 /var/log/vpn.log clog -i -s 65535 /var/log/openvpn.log clog -i -s 65535 /var/log/portalauth.log clog -i -s 65535 /var/log/ipsec.log clog -i -s 65535 /var/log/slbd.log clog -i -s 65535 /var/log/lighttpd.log clog -i -s 65535 /var/log/ntpd.log

    #else
    #    clog -i -s 65535 /var/log/system.log
    #    clog -i -s 65535 /var/log/filter.log
    #    clog -i -s 65535 /var/log/dhcpd.log
    #    clog -i -s 65535 /var/log/vpn.log

    clog -i -s 65535 /var/log/openvpn.log

    #    clog -i -s 65535 /var/log/portalauth.log
    #    clog -i -s 65535 /var/log/ipsec.log
    #    clog -i -s 65535 /var/log/slbd.log

    clog -i -s 65535 /var/log/ntpd.log

    #fi

    change permissions on newly created clog files.

    #chmod 0600 /var/log/system.log /var/log/filter.log /var/log/dhcpd.log /var/log/vpn.log /var/log/portalauth.log /var/log/slbd.log

    6, start syslog-ng (you can insert it before the cron start)

    echo -n "Starting Syslog-ng… "
    /usr/local/sbin/syslog-ng
    echo "done.

    7, modify the /etc/rc.bootup and comment the original syslog start
    /* start syslogd */
    /system_syslogd_start();/

    8, stop syslogd and start syslog-ng to test if all is ok

    9, reboot.

    A this time you have syslog-ng working on your system, and you can send mail.

    you can make your own script to send the log by mail, and rotate the logs files...

    I've make a little script for me who send the log by mail, and delete directory older than one year...

    #!/bin/sh
    #Require ssmtp & syslog-ng

    chemin des logs

    path=/log/$(date '+%d%m%Y')

    Les variables des dates

    jour=$(date '+%d%m')
    annee=$(date '+%Y')
    anterieur=$(($annee-1))

    les variables d'email (envoi de mail email =oui ou non)

    email=oui
    expediteur=xxx@wanadoo.fr
    destinataire=xxx@mkws.net
    sujet='Log Wifi du '$jour$annee''

    On génere le header(pour ssmtp), on l'insere dans le fichier log, et envoi du mail

    if cat $path/portalauth.log | grep -a logportalauth > /dev/null;
    then echo -e "From:$expediteur\nTo:$destinataire\nSubject:$sujet\n" > $path/$jour$annee.log
    echo -e "\nPortail Captif:" | tee -a $path/$jour$annee.log > /dev/null
    cat $path/portalauth.log | grep -a logportalauth | tee -a $path/$jour$annee.log > /dev/null
    echo -e "\nServeur Dhcp:" | tee -a $path/$jour$annee.log > /dev/null
    cat $path/dhcpd.log | grep -a DHCPACK | tee -a $path/$jour$annee.log > /dev/null
    echo -e "\nPare-feu:" | tee -a $path/$jour$annee.log > /dev/null
    cat $path/filter.log | grep -a rule | tee -a $path/$jour$annee.log > /dev/null

    else echo -e "From:$expediteur\nTo:$destinataire\nSubject:$sujet\n" > $path/$jour$annee.log
    echo -e "\nPortail Captif:" | tee -a $path/$jour$annee.log > /dev/null
    echo "Pas de connexion au portail captif aujourd'ui!" | tee -a $path/$jour$annee.log > /dev/null
    fi

    case $email in
    oui)
    /usr/local/sbin/ssmtp $destinataire < $path/$jour$annee.log;;
    non)
    ;;
    esac

    #On verifie l'existence du répertoire de l'année antérieur et on le supprime
    [ -d $path/$jour$anterieur ]&& rm -Rf $path/$jour$anterieur

    –---------------------------------------------------------------------------------------------------
    Marc

  • Creat a PPPOE server

    Locked
    2
    0 Votes
    2 Posts
    7k Views
    H

    Add rules at firewall>rules, pppoe tab to allow traffic.

  • Firewall-Cluster / Active-Active / Link Aggregation… Questions

    Locked
    3
    0 Votes
    3 Posts
    6k Views
    K

    Details to my last question:

    Firewall LAN-Interface: 10.10.254.254
    Layer-3-Switch forwards all traffic to extern to firwall-lan-interface (10.10.254.254)

    Sample:
    VLAN 1  10.0.0.0 ==> 10.10.254.254
    VLAN 2  10.0.1.0 ==> 10.10.254.254
    VLAN 2  10.0.2.0 ==> 10.10.254.254

    Do I need Setup separate Vlans or can I use Aliases instead?

  • PF as proxy only

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Gcc compiler.

    Locked
    1
    0 Votes
    1 Posts
    2k Views
    No one has replied
  • MOVED: pfSense hangs after NAT of Firewall changes

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Using Syslog to track firewall changes (Moved to Bounty)

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    H

    This is not really built in but I guess it should be rather easy as you could just diff the different configs. A bounty of course would help to raise interest as I think this is a rather specific need that not too many people are interested in.

  • How to test for actual maxium throughput

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    K

    There is one thread from almost exactly a year ago that matches GF's search suggestion, here it is:

    http://forum.pfsense.org/index.php/topic,4505.0.html

    Your hardware looks fine though - what kind of WAN link are you hooking it up to - what is the speed?  Your upstream connection will likely be your bottleneck, and that hardware will have plenty of cycles to spare filling it up.

  • Asymmetric load balancing?

    Locked
    8
    0 Votes
    8 Posts
    4k Views
    G

    I hadn't upgraded this particular installation from 1.0.1 yet.  I did that last night / early this morning, and it looks like entering the same IP twice works fine now :)

  • PfSense on a DOM (DiskOnModule)

    Locked
    5
    0 Votes
    5 Posts
    3k Views
    GruensFroeschliG

    The embedded is exactly the same as the full version.
    With the exception that you cannot install packages, and that the kernel wont panic if there is no keyboard/no VGA/default console output is COM1 (serial port)

  • Pfsense randomly and repeadidly locking up - Solved!

    Locked
    10
    0 Votes
    10 Posts
    5k Views
    C

    So, after searching around I found out how to reset the graphs now that it is on the hard drive. I am happy to report everything is working 100%. Thanks for the help, and now this thread can now be closed.  ;D

  • MOVED: snort not starting

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Putting pfSense at work.

    Locked
    7
    0 Votes
    7 Posts
    3k Views
    H

    looks good to me  :)

  • 0 Votes
    6 Posts
    10k Views
    J

    While we are talking about FTP Helper. I want to share another trick.

    When you have a WAN using a private subnet and a DMZ using a public subnet.
    You will certainly have an advanced outbound NAT rule that will NAT outgoing packets sourced from LAN with an IP address from the DMZ public subnet thus making the packet routable through Internet. Right, but what about FTP and Active FTP ? FTP helpers won't work because they will use your WAN IP Address, which is unreachable, inside FTP protocol. (eg. PORT command).

    To solve this:

    Edit the /etc/inc/config.inc file and go to line 1670 (in the 1.2 release), should looks like this one :

    mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 {$ip}");

    Comment out this line and add this one:

    mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 -p [PUBLICIPHERE]");

    Should work fine.

    I have 10+ boxes running like this since pfsense uses pftpx.

  • Ip address translate mac address

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    GruensFroeschliG

    Are you trying to ARP lookup an IP from the WAN? what for?
    Are you talking about a bridged setup? routed? NATed?
    Do you want to spoof the MAC of a PC on the LAN to the WAN?

    Generally more information would be nice. (what are you trying to achieve?)

  • Is it possible to include Logrotate on PfSense

    Locked
    13
    0 Votes
    13 Posts
    17k Views
    G

    @morgan14:

    sorry guys I'll search by myself  ;)

    Thanks a lot for all

    Edit /usr/local/pkg/squid.inc

    $conf .= <<<eod<br>icp_port $icp_port

    pid_filename $pidfile
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory $errordir
    visible_hostname $hostname
    cache_mgr $email

    access_log $logdir_access
    cache_log $logdir_cache
    cache_store_log none
    shutdown_lifetime 3 seconds
    logfile_rotate 31  <<–- add option here

    EOD;

    I have mine set for 31 rotations.</eod<br>

  • Send email reports [Solved]

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    M

    hi !

    you can try ssmtp… work for me !

  • Saturated WAN = pfsense crash

    Locked
    4
    0 Votes
    4 Posts
    4k Views
    S

    No, any device that "automatically adds states" when needed should not be trusted.  States require RAM.  Not every machine has unlimited RAM which would end up in a nasty situation.

    Regardless, pfSense should not "lock up" under full state situation.  It will simply stop passing new connections.

    I would check your Network interface cards.  It almost sounds like you are going down when you have high IRQ loads.

  • Pfsense : IPV6 compatibility ?

    Locked
    6
    0 Votes
    6 Posts
    11k Views
    E

    How about sponsoring it!

    You win IPv6 and pfSense devs take something back for their work.

    Ermal

  • Can you make Pfsense automaticly reboot after a power outage?

    Locked
    10
    0 Votes
    10 Posts
    4k Views
    V

    @MicroWISP:

    Use one of these…

    http://www.digital-loggers.com/lpc.html

    I wouldn't know what to do without them.

    was just shopping these around on ebay and such, neat and useful looking.  thinking about getting one and figuring out a way to have it auto-reset my cable modem when the pfsense LoadBalance monitor detects the link is down

    theres also a competing product, much more expensive "iBoot" but only has 1 plug, lame

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.