Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Only a couple of hours of DNS reply stats

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 3 Posters 453 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      Jesper 1
      last edited by Jesper 1

      I'm running PFBlockerNG 3.1.0_7 on 22.05 Pfsense.

      My DNS reply stats only contains a couple of hours of data.

      It doesn't seem to have anything to do with a restart of the unbound service, just tried to both manually restart it, and to run an update with pfblockerNG. The amount of data hours remains the same. Today it is from 4am this morning, but sometimes it starts at different hours.

      I have tried to increase the maximum log size in Status > System logs > Settings > Log Rotation Size, but it does not make any difference.

      Anyone have an idea what could be the problem?

      keyserK GertjanG 2 Replies Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @Jesper 1
        last edited by

        @jesper-1 Have you noticed that there are individual log size limits for pfblocker specifically on the front page/general page of it’s settings. Defaults are 20.000 lines of log.

        That’s probably your limiting factor

        Love the no fuss of using the official appliances :-)

        J 1 Reply Last reply Reply Quote 1
        • GertjanG
          Gertjan @Jesper 1
          last edited by

          @jesper-1

          They are here :
          /var/unbound/var/log/pfblockerng/

          The biggest two were created today, on December 2, 2022, around 02h00 AM. Both hover around 100 000 lines already.
          Dono what pfblockerng does with them, except for stats parsing, but it is not 'rotating'. So they gets ditched when the time is up, or size to big, I guess.
          PHP, and even python, using text files that are that big, that's a performance killer.

          e117aac6-4e5c-45c6-b499-c9367dc1aebf-image.png

          But, hey, we wanted "pfblockerng" and all the nifty graphs, stats and details.
          Now you know why your SSD is 'toast' after only one year or so 😊

          No "help me" PM's please. Use the forum, the community will thank you.
          Edit : and where are the logs ??

          J 1 Reply Last reply Reply Quote 1
          • J
            Jesper 1 @keyser
            last edited by

            @keyser Thanks for your reply. That sounds very interesting. I've now increased it to 100k. Will wait a couple of days and see if it helps.

            1 Reply Last reply Reply Quote 0
            • J
              Jesper 1 @Gertjan
              last edited by Jesper 1

              @gertjan okey, that log was just over 20k lines after I increased it to 100k according to keysers suggestion. So it sounds like this is going to help.

              The log I increased to 100k was the dns_reply.log it seems that it is containing only the dns replys, whereas the unified.log contains a lot of other information as well.

              Interesting comment on that they will degrade the SSDs. Might be a good idea for me to go for enterprise grade SSD:s when they start to degrade too much then. They should have significantly better lifespan for the amount of writes they can take.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.