Logging not working

g0dsp33d

I don't know where this topic would best be fit, but none of the logging is working. My system logs are all blank, my firewall logs are blank. etc .etc.

hoba

Mine show up fine. What version? What platform?

g0dsp33d

everything was working fine then i did this http://forum.pfsense.org/index.php?topic=1525.0  as recommended.

Now all the logging as disappeared.

Running TOP I see "LOGGER" is running. I don't know however if this is the application that logs all the info.

hoba

Did you reboot after this?

g0dsp33d

yes i have tried disabling and re enabling also is the syslog settings. rebooted several times. i have also reupdated the firmware with 6/24/06 snapshot.

g0dsp33d

don't know if this helps..

$ ps aux
USER    PID %CPU %MEM  VSZ  RSS  TT  STAT STARTED      TIME COMMAND
root    11 55.1  0.0    0    8  ??  RL  12:12PM  3:51.96 [idle: cpu0]
root    31  2.9  0.0    0    8  ??  DL  12:12PM  0:07.49 [pagezero]
root  2786  2.5  3.7 10764  9364  ??  S    12:17PM  0:00.14 /usr/local/bin/ph
root    21  1.6  0.0    0    8  ??  WL  12:12PM  0:03.89 [irq5: xl0]
root    14  1.1  0.0    0    8  ??  WL  12:12PM  0:03.45 [swi1: net]
root    12  1.0  0.0    0    8  ??  WL  12:12PM  0:02.51 [swi4: clock sio]
root      0  0.0  0.0    0    0  ??  WLs  12:12PM  0:00.00 [swapper]
root      1  0.0  0.1  568  360  ??  ILs  12:12PM  0:00.01 /sbin/init –
root      2  0.0  0.0    0    8  ??  DL  12:12PM  0:00.04 [g_event]
root      3  0.0  0.0    0    8  ??  DL  12:12PM  0:00.21 [g_up]
root      4  0.0  0.0    0    8  ??  DL  12:12PM  0:00.37 [g_down]
root      5  0.0  0.0    0    8  ??  DL  12:12PM  0:00.00 [crypto]
root      6  0.0  0.0    0    8  ??  DL  12:12PM  0:00.00 [crypto returns]
root      7  0.0  0.0    0    8  ??  DL  12:12PM  0:00.00

sullrich

Try rebooting.

g0dsp33d

like the 8th reboot i have tried with no luck.

sullrich

Not sure what to tell you then.  I am not having this problem and a reboot should resetup the log files.

g0dsp33d

is there anyway to do it from the command line? Or is there a way to tell if they are even writing to the log files? maybe it's writing to them and not displaying it through php?

barf

Using 1.0-RC1 here I have a similar problem, my CPU is fully consumed all of the time, with php using the most cpu time.

USER     PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root   98475 60.0 13.8 11612  7812  ??  RN    6:02PM   0:01.92 /usr/local/bin/php /etc/rc.dyndns.update

my filter logs stopped working a few minutes after boot but all other logs are working. at first I cat the log file and thought that might have broken a FIFO or pipe but after a reboot logs came through again, but stopped after a few minutes.

it's not logging to the file, or to a remote syslog server, i think it's not a PHP issue.

# tail -n5 filter.log
Jul  3 12:56:43 thundercleese pf: 50\. 613073 rule 82/0(match): block in on rl0: (tos 0x0, ttl  47, id 5296, offset 0, flags [none], proto: UDP (17), length: 404) 199.210.84.6.30907 > 222.153.140.109.1026: UDP, length 376
Jul  3 12:57:15 thundercleese pf: 31\. 884392 rule 82/0(match): block in on rl0: (tos 0x0, ttl 110, id 61075, offset 0, flags [none], proto: TCP (6), length: 48) 61.138.25.135.80 > 222.153.140.109.6353: S, cksum 0x61c8 (correct), 60068870:60068870(0) ack 51866488 win 16384 <mss 1432,nop,nop,sackok="">
Jul  3 12:59:04 thundercleese pf: 109\. 595317 rule 82/0(match): block in on rl0: (tos 0x0, ttl 110, id 31217, offset 0, flags [none], proto: TCP (6), length: 48) 61.138.25.135.80 > 222.153.140.109.13216: S, cksum 0x66bd (correct), 413623087:413623087(0) ack 993341274 win 16384 <mss 1432,nop,nop,sackok="">
Jul  3 13:05:32 thundercleese pf: 388\. 526356 rule 82/0(match): block in on rl0: (tos 0x0, ttl  47, id 20494, offset 0, flags [DF], proto: UDP (17), length: 485) 221.209.110.49.43626 > 222.153.140.109.1027: UDP, length 457
Jul  3 13:07:11 thundercleese pf: 98\. 556819 rule 82/0(match): block in on rl0: (tos 0x0, ttl 110, id 8549, offset 0, flags [none], proto: TCP (6), length: 48) 61.138.25.135.80 > 222.153.140.109.1656: S, cksum 0x926c (correct), 1079505203:1079505203(0) ack 1075934770 win 16384 <mss 1432,nop,nopclog
pü&#<="" pre="">

note the garbage at the end of the last line. I dont see this in Linux logs but then again I'm a BSD newbie.

does anyone have any ideas?</mss></mss></mss>

barf

this issue may be specific to my network; my ADSL modem is a PPP half bridge and provisions the connection to pfsense WAN interface via DHCP with a lease time of 30 seconds and I see in the process list 'sleep 60' appearing alot.

I dont want to get into the nitty gritty of this system just yet but if the /etc/rc.newwanip script is calling 'sleep 60' from one of it's functions that might break things a little? (considering my dhcp lease time is very small)

g0dsp33d

Well if I SSH into the box I think I have different problem. I don't think it updated correctly through the cvs.

If I do an option 10.)Filter Logs  from command line this is what i get.

Enter an option: 10

tcpdump: WARNING: pflog0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
000000 rule 76/0(match): block in on fxp0: 220.150.43.126.6886 > 66.28.213.2.688              1: UDP, length 63

then very slowly i start getting stuff in the logs file. could this be any reason for the webgui not working for the log files?

also can anyone clarify me if pfSEnse is now running on 6.1 core? I believe it is from what i have read and number of sources and sites that have referenced to increased CPU usage. Some my machines I have reverted back to BETA 4 as it is rock solid stable. I havn't too good of luck with RC-1 except for in small enviornments. Most systems that I have built are all Tyan ITX server boards with p3 cpus ranging from 500-900mhz and all have 256Mb of RAM, 10Gb Hard Drive.

sullrich

This was fixed recently.  Run cvs_sync.sh releng_1 && shutdown -r now