Logging my daily changing WAN-address

stephenw10

Yup, that's exactly what we thought. Just waiting for a build to test....

stephenw10

Opened a bug to track: https://redmine.pfsense.org/issues/16229

bmeeks

@stephenw10 said in Logging my daily changing WAN-address:

Yup, that's exactly what we thought. Just waiting for a build to test....

Note that Suricata likely has the same issue. See my comment in this thread for the relevant section of source code: https://forum.netgate.com/topic/197701/error-on-snort-with-if_pppoe/8.

VinnieNZ

I see this issue still exists in Suricata on 25.07.1 - the redmine bug ticket has been open 3 months, but doesn't look like there has been any action on it.

On Suricata, if you leave the service running against an if_pppoe interface, it will continuously log "Error: pcap: datalink type 51 not yet supported" into suricata.log for the PPPoE interface and eventually fill the disk (if not caught).

jrey

@Bob.Dig said in Logging my daily changing WAN-address:

Is there a package where I can log only my dynamic IP-address on WAN?

I can't test this because I'm static - but I think if you simply want to log the IP changing on the WAN, a script and a cron job might do the trick --

hopefully there are no typos
you need to change "/path/to" to some appropriate directory ( perhaps something in var/log)
you need to change usewebinterfacehere" to the name of your WAN interface, you can get that from ifconfig (em0, mvneta0, or whatever it is on your system)

call the script whatever you like. mywanwatcher.sh find a suitable directory for it
make it executable, schedule it with cron at some reasonable interval (every 5 minutes)

You might need to add a rotation if the file grows to big or simply off load it and start a new one every 1000 lines or so

# File to store the previous IP address
PREVIOUS_IP_FILE="/path/to/previous_ip.txt"
# Log file to record changes
LOG_FILE="/path/to/ip_change_log.txt"
# Specify the interface to check
INTERFACE="usewebinterfacehere"

# Get the current WAN IP address
CURRENT_IP=$(ifconfig $INTERFACE | grep 'inet ' | awk '{print $2}')

# Check if the previous IP file exists
if [ -f "$PREVIOUS_IP_FILE" ]; then
    # Read the previous IP address
    PREVIOUS_IP=$(cat "$PREVIOUS_IP_FILE")

    # Compare the current IP with the previous IP
    if [ "$CURRENT_IP" != "$PREVIOUS_IP" ]; then
        echo "IP address has changed from $PREVIOUS_IP to $CURRENT_IP"
        # Log the change to the log file
        echo "$(date): IP address changed from $PREVIOUS_IP to $CURRENT_IP" >> "$LOG_FILE"
        # Update the previous IP file with the new IP
        echo "$CURRENT_IP" > "$PREVIOUS_IP_FILE"
    fi
else
    # If the file does not exist, create it and store the current IP
    echo "$CURRENT_IP" > "$PREVIOUS_IP_FILE"
fi

Gertjan

@jrey (Bob) said in Logging my daily changing WAN-address:

Is there a package where I can log only my dynamic IP-address on WAN?

World's most simple solution : your mail box. This means you have the WAN IP thus a possible remote access possible where ever your are.
The setup :

Set one up here :

and set up this :

and done.

edit : no script, no maintenance.

jrey

@Bob.Dig

revised
actually that first echo "IP address has changed .." you want to remove that line or the cron job will attempt to email the output and typically that emailing service is not available.

and if you want to trim the file to when it hits 1000 lines something like this in that same if statement should do the trick .

revised sample so the previous IP file and log go to /var/log
commented out the echo (I don't have cron email configured)
and added a trim the file back to the last 10 lines when it hits 1000 line

# File to store the previous IP address
PREVIOUS_IP_FILE="/var/log/previous_ip.txt"
# Log file to record changes
LOG_FILE="/var/log/ip_change_log.txt"
# Specify the interface to check
INTERFACE="usewaninterfacehere"

# Get the current WAN IP address
CURRENT_IP=$(ifconfig $INTERFACE | grep 'inet ' | awk '{print $2}')

# Check if the previous IP file exists
if [ -f "$PREVIOUS_IP_FILE" ]; then
    # Read the previous IP address
    PREVIOUS_IP=$(cat "$PREVIOUS_IP_FILE")

    # Compare the current IP with the previous IP
    if [ "$CURRENT_IP" != "$PREVIOUS_IP" ]; then
        # uncomment the following line if your cron is configured to email job output
        # echo "IP address has changed from $PREVIOUS_IP to $CURRENT_IP"

        # Log the change to the log file
        echo "$(date): IP address changed from $PREVIOUS_IP to $CURRENT_IP" >> "$LOG_FILE"
        # Update the previous IP file with the new IP
        echo "$CURRENT_IP" > "$PREVIOUS_IP_FILE"

        # Check the number of lines in the log file
        LINE_COUNT=$(wc -l < "$LOG_FILE")
        if [ "$LINE_COUNT" -ge 1000 ]; then
            # Trim the log file to keep only the last 10 lines
            tail -n 10 "$LOG_FILE" > "$LOG_FILE.tmp" && mv "$LOG_FILE.tmp" "$LOG_FILE"
        fi
    fi
else
    # If the file does not exist, create it and store the current IP
    echo "$CURRENT_IP" > "$PREVIOUS_IP_FILE"
fi

to test since I'm on a static IP I did the following
created the script in /usr/local/pkg
made it executable chmod 755 (whatever you called it). in my test I used mywanwatcher.sh
run the script confirmed the file "previous" file was created in /var/log
edit the "previous" Ip recorded there to simulate the IP would change
run the script again. log file created and tells me that
at the date/time IP address changed from xx to yy

No I'm not testing the 1000 line trimmer

just change the INTERFACE variable at the top - should be fine.

works as expect

jrey

@Gertjan said in Logging my daily changing WAN-address:

your mail box

A log or clutter of email are very different things. maybe Bob has some other use for the logged information other than just a notification?

The original request was "where I can log", and not "where I can get notified when"
At least now there is a choice and in fact nothing to say you could not do both.

Personally if wanted this information logged I'd send it to syslog - on the other hand not sure what the reason for logging or notifying when the WAN changes would be in the first place. I'm on a static IP, but I'm sure Bob must have some reason for the "where can I log" request.
Do one, do both, do nothing, and at the end of the day - really up to Bob how to proceed with the various options presented.

Bob.Dig

@Gertjan As explained before, I will get flooded with emails about some vpn gateway going down. I have those configured as failover and/or load-balancing and a lot of them.

Bob.Dig

@jrey said in Logging my daily changing WAN-address:

schedule it with cron at some reasonable interval (every 5 minutes)

Thanks jrey but this is no a slick as the old solution, which would be triggered only on a PPPoE reconnect.

Also I am not in need for solution anymore because I will change my setup shortly to have another router before pfSense (again) and with that, I get good "logging" from that (via email) and I don't need do do PPPoE on pfSense anymore. This has not to with anything talked about in this thread, it is just a "design" decision.

jrey

@Bob.Dig
No worries.