Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No PFSense Web Logging

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 448 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nalasirrom
      last edited by

      Can someone help - PFSense logging. I simply cannot to get web logging working, specifically logging of firewall rules. It consistent says “no logs to display” everywhere including the Firewall log.
      I have two firewall rules I want to log, they are both set to so do. I have checked log settings general etc. I previously seen entries in the configured syslog server esp IPSEC but never in the pfsense web interface.
      Memory use is 25% of 1854 MiB
      Any help appreciated
      I am currently running the 2.6 release but this has been an issue forever!
      Thanks

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @nalasirrom
        last edited by johnpoz

        @nalasirrom can we see your rules? Your saying pfsense is not logging anything? No default denys being logged? Those are logged out of the box, did you disable that logging?

        Or are you saying just your specific rules are not logging? I have all the default logging disabled, bogon, rfc1918 rule, etc. But all of my rules that log, are logging.

        If you turned those default logs off, and your rule is not be evaluated because some other rule is allowing or blocking the traffic then no your rule wouldn't log.

        if you set a rule to log, but the traffic is being allowed by a state previously created before logging was enabled then no the traffic wouldn't be logged. You would have to kill any existing states, or wait for them to time out so that rule is evaluated and creates the new state with the log flag set on the rule.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Do you see any filter.log files in /var/log ?

          N 1 Reply Last reply Reply Quote 0
          • N
            nalasirrom @stephenw10
            last edited by

            In response to previous. The scenario I am working on involves routed vlans so to make things clearer I did the following: I have an inbound nat/rule to permit in inbound SMTP connection. I temporarily changed to drop rather than pass and switched on logging for it, Result no web log entries, but present in the syslog daemon running on a separate server.

            So same issue as previously stated.

            Mostly empty fils in /var/log save system setup, mesg,, utx.log.

            Thanks your help.

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              I would try resetting the logs if you haven't already. There is a button to do so in Status > System Logs > Settings

              N 1 Reply Last reply Reply Quote 0
              • N
                nalasirrom @stephenw10
                last edited by

                Have tried that. The weird thing is that the rule log data are generating and log entries that are making it to the syslog server but not to the web interface.
                Is it possible that there is a 'rule' is stopping the latter kind of deny all to self (127.0.01) ?

                Which file in va/log would contain firewall log data

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Hmm, nope, everything should always be logged locally. 🤔

                  N 1 Reply Last reply Reply Quote 0
                  • N
                    nalasirrom @stephenw10
                    last edited by

                    OK, my error, two things 1. had at some point i had turned off saving log to disk and then later whilst doing some other testing turned it on again to no effect neglecting the fact that there were probably open sessions that wouldn't have been logged. With greater patience i now have logs.

                    It does seem odd nomenclature, wouldn't it be better to say "disable local logging"

                    Thanks to all for help.

                    1 Reply Last reply Reply Quote 1
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Hmm, I don't think I've ever seen anyone set that! Good to know it's there....

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.