Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logs

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 3 Posters 4.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • X Offline
      XIII
      last edited by

      I would like the logs (all logs, system, firewall, etc) to be archived. There are two ways that I can see this being done (besides sending to a syslog server).

      1. when the clog gets full, before it starts to remove older entries have it save it to a unc path (preferred) or to the local drive or send an email with said logs.
      2. get rid of clog and have normal syslog running on pf.

      For those that would be performing the work what would you charge?

      -Chris Stutzman
      Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
      Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
      freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
      Check out the pfSense Wiki

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        The difference in time/effort/skillset required for either of those options is quite a bit.  It would be better to indicate your preference of which approach you want.  Mind you, neither approach will cost you less than remote syslogging which is extremely easy to do.

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          Actually getting rid of clog is easy. All you need to do is edit where the syslog.conf is generated and change the syntax to write out normal files.

          For example, for clog we use:

          !racoon
          *.*                                             %/var/log/ipsec.log
          

          Just change that to:

          !racoon
          *.*                                             /var/log/ipsec.log
          

          Also be sure the file is empty (e.g. disable all of the clog instances where the log is "cleared" or initialized, and change them to rm/touch)

          And I don't think 1 is possible because I don't think clog has any concept of "full" in that way. It would probably take quite a bit of coding, not to mention we don't include any of the libraries you'd need to write to a unc path. ssh, ftp, or mail would be much more likely to happen if anything.

          Personally I'm not sure how either of those is better than just redirecting syslog to a remote syslog box that is dedicated to processing these logs. You can get syslog servers for just about any OS.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • ? This user is from outside of this forum
            Guest
            last edited by

            That was the point I was trying to make without coming out and saying it.  I, personally, looked at running a full syslogger on pfSense for a project but couldn't come up with a compelling reason to do it that justified the effort when exporting to a remote syslogger was quite easily.

            1 Reply Last reply Reply Quote 0
            • X Offline
              XIII
              last edited by

              I dont have any computers that are on 24/7 that could easily run a syslog server. I was looking into disabling clog but then saw that a user had made a package to do just that and would publish it if any one was interested, so I imed them and posted this bounty, but they have not gotten back to me.

              For what would work with the stated restrictions, would be 2, which jimp says is easily done or 1, with emails of logs.

              I will give jimps method a try and post back in a few days.

              -Chris Stutzman
              Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
              Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
              freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
              Check out the pfSense Wiki

              1 Reply Last reply Reply Quote 0
              • ? This user is from outside of this forum
                Guest
                last edited by

                Cool, good luck.  I'm going to move this out of Bounties and into General if there are no objections, this is clearly not going to turn into a bounty project.

                1 Reply Last reply Reply Quote 0
                • X Offline
                  XIII
                  last edited by

                  thats fine. posted here as I though it would be a lot harder than my available skill set.

                  -Chris Stutzman
                  Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                  Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                  freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                  Check out the pfSense Wiki

                  1 Reply Last reply Reply Quote 0
                  • X Offline
                    XIII
                    last edited by

                    I did as you said jimp and the ones I made the changes to are not populating with anything except this:
                    Segmentation fault (core
                    This entry is only in the webgui log, the actual log file itself is empty, just as it was before I made the edits to syslog.conf

                    -Chris Stutzman
                    Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                    Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                    freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                    Check out the pfSense Wiki

                    1 Reply Last reply Reply Quote 0
                    • jimpJ Offline
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      Ah, yeah, the GUI calls clog to read the logs, that would just need to be changed to cat.

                      Though that doesn't explain why the files themselves are empty. There's probably some other place that is still trying to use clog on the files.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • X Offline
                        XIII
                        last edited by

                        Well it looks like I did something wrong as the syslog.conf is back to defaults and the two logs I edited are still giving that error.

                        -Chris Stutzman
                        Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                        Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                        freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                        Check out the pfSense Wiki

                        1 Reply Last reply Reply Quote 0
                        • X Offline
                          XIII
                          last edited by

                          Had to reboot the system to get my logs working. What I did stopped the logs generating for everything. Not sure what I messed up.

                          -Chris Stutzman
                          Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
                          Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
                          freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
                          Check out the pfSense Wiki

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.