[solved] pfBlockerNG: purging interval of alert-logs
-
How can I change the purge-interval and/or size of the pfBlocker-alert-logs?
In pfBlockerNG > alerts all log-entries vanish after about half an hour.
-
The alert tab has settings at the top of the Page to set the number of alerts to show per category.
The alerts are compiled from the pfSense firewall log. You can increase the firewall log setting, but if you set it too large it will slow the refresh time of the alerts tab.
-
Ah, ok, I think I got the point now.
As the default log size is 500KB per log, older log-entries are being purged if the log file reaches that limit, right? And those purged entries (obviously) could not be read by the pfBlockerNG-alerts, right?
So if I increase the general log file size in Status : System logs : Settings, there is a bigger chance of seeing "older" entries in the pfB-alterts-view. That´s what I did now.
Thanks again, BBcan177.
P.S.: how to I mark a topic as solved?
-
Yes that would increase the size. If your only getting 1/2 an hour of logs, you either have a really busy network or you have the "Log Firewall Default Blocks" check boxes enabled in the log settings. Would recommend unchecking those.
Edit the topic to include: "[solved]"
-
Do u recommend to disable all the 4 entries in "Log Firewall Default Blocks"? Besides the second, the 3 others are activated.
-
Depends how much logs you want to see, but you can uncheck all four… Its still processing those rules in the background with these checked/unchecked...
-
So (last question :)) it´s not that important to view those log-entries?
-
The first two checkboxes are for the "Implicit" rules… So usually those can be unchecked...
The last two shouldn't cause too much log traffic so you could enable those....