Post DR package repo not available in 2.7.2
-
If ssh guard is being restarted very often that means at least one of the logs is being rotated often. And that implies something is happening that's generating a lot of logs.
Check the logs (
ls -ls /var/log
) so see which log is rotating and what's in it.Steve
-
@stephenw10
nginx, filter and gateways logs have rotated more than others but the filter log looks like it does so more frequently.rw------- 1 root wheel 144457 Feb 1 07:36 auth.log -rw-r--r-- 1 root wheel 44790 Jan 29 08:39 bsdinstall_log -rw------- 1 root wheel 410497 Feb 1 07:35 dhcpd.log -rw------- 1 root wheel 14347 Jan 31 17:00 dhcpd.log.0.bz2 -rw------- 1 root wheel 16915 Jan 30 20:35 dhcpd.log.1.bz2 -rw-r--r-- 1 root wheel 15164 Jan 31 05:46 dmesg.boot -rw------- 1 root wheel 437599 Feb 1 07:36 filter.log -rw------- 1 root wheel 23772 Feb 1 07:34 filter.log.0.bz2 -rw------- 1 root wheel 23153 Feb 1 07:31 filter.log.1.bz2 -rw------- 1 root wheel 23168 Feb 1 07:28 filter.log.2.bz2 -rw------- 1 root wheel 23363 Feb 1 07:25 filter.log.3.bz2 -rw------- 1 root wheel 23705 Feb 1 07:22 filter.log.4.bz2 -rw------- 1 root wheel 23334 Feb 1 07:19 filter.log.5.bz2 -rw------- 1 root wheel 23087 Feb 1 07:16 filter.log.6.bz2 -rw------- 1 root wheel 503608 Feb 1 07:11 gateways.log -rw------- 1 root wheel 8957 Jan 30 03:44 gateways.log.0.bz2 -rw------- 1 root wheel 8032 Jan 30 02:44 gateways.log.1.bz2 -rw------- 1 root wheel 8120 Jan 30 01:46 gateways.log.2.bz2 -rw------- 1 root wheel 8103 Jan 30 00:48 gateways.log.3.bz2 -rw------- 1 root wheel 7979 Jan 29 23:50 gateways.log.4.bz2 -rw------- 1 root wheel 7617 Jan 29 22:52 gateways.log.5.bz2 -rw------- 1 root wheel 7791 Jan 29 21:54 gateways.log.6.bz2 -rw------- 1 root wheel 0 Jan 31 05:45 ipsec.log -rw------- 1 root wheel 0 Jan 31 05:45 l2tps.log -rw-r--r-- 1 root wheel 0 Jan 29 10:53 lastlog drwxr-xr-x 2 root wheel 3 Jan 29 09:18 nginx -rw------- 1 root wheel 334891 Feb 1 07:33 nginx.log -rw------- 1 root wheel 10109 Jan 31 19:53 nginx.log.0.bz2 -rw------- 1 root wheel 10127 Jan 31 19:21 nginx.log.1.bz2 -rw------- 1 root wheel 10021 Jan 31 18:49 nginx.log.2.bz2 -rw------- 1 root wheel 10032 Jan 31 18:17 nginx.log.3.bz2 -rw------- 1 root wheel 10079 Jan 31 17:45 nginx.log.4.bz2 -rw------- 1 root wheel 10014 Jan 31 17:13 nginx.log.5.bz2 -rw------- 1 root wheel 10562 Jan 31 16:41 nginx.log.6.bz2 drwxr-xr-x 2 root wheel 2 Jan 29 09:18 ntp -rw------- 1 root wheel 351580 Jan 31 06:43 ntpd.log -rw------- 1 root wheel 0 Jan 31 05:45 openvpn.log -rw------- 1 root wheel 0 Jan 31 05:45 poes.log -rw------- 1 root wheel 0 Jan 31 05:45 portalauth.log -rw------- 1 root wheel 0 Jan 31 05:45 ppp.log -rw------- 1 root wheel 265790 Feb 1 07:33 resolver.log -rw------- 1 root wheel 11140 Jan 30 08:02 resolver.log.0.bz2 -rw------- 1 root wheel 0 Jan 31 05:45 routing.log -rw------- 1 root wheel 41041 Feb 1 07:36 system.log -rw------- 1 root wheel 35445 Jan 31 21:00 system.log.0.bz2 -rw------- 1 root wheel 6318 Jan 31 05:46 userlog -rw-r--r-- 1 root wheel 394 Feb 1 07:36 utx.lastlogin -rw------- 1 root wheel 1555 Feb 1 07:36 utx.log -rw------- 1 root wheel 0 Jan 31 05:45 vpn.log -rw------- 1 root wheel 0 Jan 31 05:45 wireless.log
-
I have two gateways for this firewall -- the default to the WAN and another interface that routes to another pfsense firewall in another building.
It's a 10G link between buildings for backups and access to the private network there.This hopefully doesn't affect anything as it worked without issues with 2.6.x virtualized -- maybe some logging setting is wrong for the private gateway?
-
I see a lot of this in the firewall logs:
-
Yeah that's rotating every few minutes. Unless you have very limited disk space I would set the firewall log larger so it rotates less frequetly and disable log compression so it isn't taxing the CPU each time.
You might also consider changing the ruleset to log less depending on what it's logging.
-
I'll do that and pursue the question of why the firewall is being flooded from that private IP range with the ISP ...
I've got overly large disk space for this firewall so I bumped log size from 512000 to 5120000 an turned off compression.
Filesystem Size Used Avail Capacity Mounted on pfSense/var/log 729G 825K 729G 0% /var/log
-
Ah, nice. Well it would be trivial to add a block rule for just UDP port 10002 without logging enabled. That traffic is odd though I agree.
-
@stephenw10
I reinstalled, but the recovery of the configuration via config.xml in either the root or a copy on /conf (of a fat32 formatted USB stick) doesn't work.
I had to configure wan and lan, connect an restore through the GUI.
back to not being able to even get a list of available packages in the GUI. :/I just saw a noticed the little alarm bell is lit up:
The config file I restored had this for packages:
<installedpackages>
</installedpackages>What could have possibly re-installed?
-
pfSense-repoc
pfSense-repoc: failed to fetch the repo data
failed to read the repo data.I really used to like pfsense but I really am starting to get discouraged.
-
@MakOwner
Speaking of disappointments, where do you file bugs?
You can't position widgets on the dashboard at the bottom of a column.
Widgets will only "stick" in a column above another widget. -
@MakOwner
I should probably start another thread over this...
I installed apcupsd using the cli.
Installed nice and quick.Getting it to work on the other hand ...
What's the magic?I have an APC RM 2200 connected via USB.
I have no issues with USB connection (using the same cable) to linux desktop...
I miss the good old days when things worked :/
-
What does
pkg-static -d update
show?Does the config actually contain any installed packages? I've never seen that report success when it couldn't reach the package server.
How did you format the USB drive? I've noticed Windows will try to use some proprietary format if you're not careful.
Steve
-
We use redmine for bug reports: https://redmine.pfsense.org/
-
This post is deleted! -
@stephenw10
No -- the config file looked like this:<installedpackages>
</installedpackages>I used a Linux desktop to format the 4GB USB to fat32
-
Ah, OK. Then yes the reinstall process completes as expected; no packages are installed. That obviously doesn't require pkh repo access so it succeeds.
Hmm, I would certainly expect a Linux created FAT32 stick to work. I use that process all the time. Perhaps the drive is not detected at all for some reason? If you connect it now do you see it reported in the system log?
@stephenw10 said in Post DR package repo not available in 2.7.2:
What does pkg-static -d update show?
-
@stephenw10
I have just given up.I can get the two packages I want installed from the CLI.
It would be really, really helpful if you didn't have to guess at package names at the CLI.
Is displaying the the actual package name in the GUI that difficult?Try installing pfblockerng from the cli (if you don't already know the package name) to see what I mean ...
-
You can use 'pkg search' like:
[2.7.2-RELEASE][admin@t70.stevew.lan]/root: pkg search pfSense-pkg pfSense-pkg-Avahi-2.2_4 pfSense package Avahi pfSense-pkg-Backup-0.6 pfSense package Backup pfSense-pkg-Cron-0.3.8_3 pfSense package Cron pfSense-pkg-FTP_Client_Proxy-0.3_8 pfSense package FTP_Client_Proxy pfSense-pkg-Filer-0.60.6_8 pfSense package Filer pfSense-pkg-LADVD-1.2.2_3 pfSense package LADVD pfSense-pkg-LCDproc-0.11.5_1 LCDproc package for pfSense pfSense-pkg-Lightsquid-3.0.7_3 pfSense package Lightsquid pfSense-pkg-Netgate_Firmware_Upgrade-0.47 pfSense package Netgate Firmware Upgrade pfSense-pkg-Notes-0.2.9_5 pfSense package Notes pfSense-pkg-Open-VM-Tools-10.1.0_5,1 pfSense package Open-VM-Tools pfSense-pkg-RRD_Summary-2.2 pfSense package RRD_Summary pfSense-pkg-Service_Watchdog-1.8.7_1 pfSense package Service_Watchdog pfSense-pkg-Shellcmd-1.0.5_3 pfSense package Shellcmd pfSense-pkg-Status_Traffic_Totals-2.3.2_3 Traffic Totals using the vnStat database pfSense-pkg-System_Patches-2.2.9_1 pfSense package System_Patches pfSense-pkg-Tailscale-0.1.4 pfSense package Tailscale pfSense-pkg-Telegraf-0.9_6 pfSense package Telegraf pfSense-pkg-WireGuard-0.2.1 pfSense package WireGuard pfSense-pkg-acme-0.7.5 ACME package for pfSense pfSense-pkg-apcupsd-0.3.92_1 pfSense package apcupsd pfSense-pkg-arping-1.2.2_4 pfSense package arping pfSense-pkg-arpwatch-0.2.1 Arpwatch package for pfSense pfSense-pkg-bandwidthd-0.7.5 BandwidthD package for pfSense pfSense-pkg-bind-9.17 BIND DNS suite with updated DNSSEC and DNS64 pfSense-pkg-cellular-1.2.3_3 Voleatech Cellular Module Interface pfSense-pkg-darkstat-3.1.3_6 pfSense package darkstat pfSense-pkg-freeradius3-0.15.10_1 FreeRADIUS 3.x package for pfSense pfSense-pkg-frr-2.0.2_1 FRR package for pfSense pfSense-pkg-haproxy-0.63_1 pfSense package haproxy pfSense-pkg-haproxy-devel-0.63_1 pfSense package haproxy-devel pfSense-pkg-iperf-3.0.3 pfSense package iperf pfSense-pkg-lldpd-0.9.11_2 802.1ab Link Layer Discovery Protocol (LLDP) daemon pfSense-pkg-mailreport-3.6.4_1 pfSense package mailreport pfSense-pkg-mtr-nox11-0.85.6_3 pfSense package mtr-nox11 pfSense-pkg-net-snmp-0.1.5_11 Net-SNMP package for pfSense pfSense-pkg-nmap-1.4.4_7 pfSense package nmap pfSense-pkg-node_exporter-0.18.1_3 pfSense package node_exporter pfSense-pkg-nrpe-4.1 pfSense package nrpe pfSense-pkg-ntopng-0.8.13_10 pfSense package ntopng pfSense-pkg-nut-2.8.2 Network UPS Tools pfSense-pkg-openvpn-client-export-1.9.2 pfSense package openvpn-client-export pfSense-pkg-pfBlockerNG-3.2.0_7 pfSense package pfBlockerNG pfSense-pkg-pfBlockerNG-devel-3.2.0_7 pfSense package pfBlockerNG pfSense-pkg-pimd-0.0.3_6 PIMD package for pfSense pfSense-pkg-siproxd-1.1.4_1 pfSense package siproxd pfSense-pkg-snmptt-1.0.0_1 pfSense package snmptt pfSense-pkg-snort-4.1.6_14 pfSense package snort pfSense-pkg-softflowd-1.2.6_1 pfSense package softflowd pfSense-pkg-squid-0.4.46 pfSense package squid pfSense-pkg-squidGuard-1.16.19 pfSense package squidGuard pfSense-pkg-stunnel-5.50_11 pfSense package stunnel pfSense-pkg-sudo-0.3_8 pfSense package sudo pfSense-pkg-suricata-7.0.2_3 pfSense package suricata pfSense-pkg-syslog-ng-1.16 pfSense package syslog-ng pfSense-pkg-tftpd-0.1.3_4 pfSense package for tftp server pfSense-pkg-tinc-1.0.35_3 pfSense package tinc pfSense-pkg-udpbroadcastrelay-1.0 pfSense package UDP Broadcast Relay pfSense-pkg-zabbix-agent4-1.0.6 pfSense package zabbix-agent pfSense-pkg-zabbix-agent5-1.0.6 pfSense package zabbix-agent pfSense-pkg-zabbix-agent6-1.0.6 pfSense package zabbix-agent pfSense-pkg-zabbix-agent64-1.0.6 pfSense package zabbix-agent pfSense-pkg-zabbix-proxy4-1.0.6 pfSense package zabbix-proxy pfSense-pkg-zabbix-proxy5-1.0.6 pfSense package zabbix-proxy pfSense-pkg-zabbix-proxy6-1.0.6 pfSense package zabbix-proxy pfSense-pkg-zabbix-proxy64-1.0.6 pfSense package zabbix-proxy pfSense-pkg-zeek-3.0.6_4 Zeek Network Security Monitor package for pfSense