Chatty logs and most in err log level
-
Hi!
I
m using pfsense 2.4.2_1 and pfsense is logging most of it
s events in the err log level. All the XMLRPC configuration synchronization is logged with the err log level.
A successful sync is treated as an error in the logs, which messes up any notifications based on log level.
I see this has been a problem since at least 2015 and still nothing has been done to it.Since there is no effort put into fixing the log levels, maybe you could add an option for custom syslog config line in the syslog settings page of pfsense?
Also, the same problem is present with current up to date snort package, which loggs everything as alert (also the synchronization messages).
If any more detail is required, please let me know!
Thank You in advance!
::UPDATE::
The reason for this problem is that all the logs are printed by the log_error($error) function, which is hardcoded to write the log with log level "error".
One could just use log_warning($warning) function, which unfortunately does not exist.If only one could take the function log_error found in /etc/inc/util.c
function log_error($error) { global $g; $page = $_SERVER['SCRIPT_NAME']; if (empty($page)) { $files = get_included_files(); $page = basename($files[0]); } syslog(LOG_ERR, "$page: $error"); if ($g['debug']) { syslog(LOG_WARNING, var_dump(debug_backtrace())); } return; }
and create another function by changing all $error with $warning and LOG_ERR with LOG_WARNING, which is already used in the same function for debugging reasons, like so:
function log_warning($warning) { global $g; $page = $_SERVER['SCRIPT_NAME']; if (empty($page)) { $files = get_included_files(); $page = basename($files[0]); } syslog(LOG_WARNING, "$page: $warning"); if ($g['debug']) { syslog(LOG_WARNING, var_dump(debug_backtrace())); } return; }
That would be a simple way to provide a less aggressive way of looging. Then one should only choose, what places to use which function.
That could be done with configuration parameters in the same manner it is already being done with the webconfigurator parameter: "WebGUI login messages". Only not remove the logging in general, but just reduce the logging level.Simple right?
No hard changes, just adding another function (95% copy of an existing one) and letting the client choose where to use it, thus providing a lot more friendly way of logging.
This is something that the community has been asking for since already more than 2 years ago and it took me only 1h of total time to do. Sure its not clean, nice and fully done, but I
m an administrator.The least help could be allowing to make custom changes to some configuration files, without having them be overwritten all the time. Like adding a window for custom configuration options on the syslog settings page, so one could filter out chatty messages, which are not errors, before sending them to a logging server, which will notify one on each error.
Thanks again!
Im looking forward to hearing from a developer or and engineer, which would enlighten me why I
m crazy asking for this.
Also, if everyone refuses to do this, is there a chance I can code this myself (by adding the webconfigurator option for lets say xmlrpc sync log level) and have it merged in the master branch? -
Still no insights?