Possible to roll logs?
-
I realize I can push my logs to a syslog server, but I'd rather keep a copy on pfsense, locally, which I'm doing now. The problem though of course is the drive consumption.
So, the question is: Is there a way to have pfsense log locally and then roll the logs once they reach a certain size or age? I don't see anywhere in the GUI a way to do this.Is there maybe a package for this?
-
I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.
-
I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.
What would happen then when the RAM drive gets filled up? Is the system smart enough to delete the oldest logs to make room for the newer ones, or does logging come to a sudden halt?
-
The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.
Looks like they're generated here in /etc/rc
DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml` ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml` LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing" for logfile in $LOG_FILES; do if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then /usr/bin/touch /var/log/$logfile.log else if [ ! -f /var/log/$logfile.log ]; then if [ "$ENABLEFIFOLOG" -gt "0" ]; then # generate fifolog files /usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log else /usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log fi fi fi done
There is a package for running a syslog server on the pfSense box you might also look at.
Steve
-
You're right. Looks like it's rolling 500KB log files! Thanks!
The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.
Looks like they're generated here in /etc/rc
DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml` ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml` LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing" for logfile in $LOG_FILES; do if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then /usr/bin/touch /var/log/$logfile.log else if [ ! -f /var/log/$logfile.log ]; then if [ "$ENABLEFIFOLOG" -gt "0" ]; then # generate fifolog files /usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log else /usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log fi fi fi done
There is a package for running a syslog server on the pfSense box you might also look at.
Steve