@Gertjan, thx very much for your awesome reply. I really appreciate it as I learned something new 👍 😎
To be honest, it's the first time I read something about the services.inc-file. Super interesting!!

Of course, I tried it and it works like a charm.

this can also be done with squidlight

first delete the /var/lightsquid/report
create a new file to use with lightsquid on your other drive and link them

rmdir -r /var/lightsquid/report

mkdir /var/lightsquid/report

mkdir /nvme/Logs_Optane/Light_Squid_Reports

ln -s F /nvme/Logs_Optane/Light_Squid_Reports /var/lightsquid/report

https://redmine.pfsense.org/issues/15874

https://redmine.pfsense.org/issues/15873

Thanks! 👍

I know what your thinking, Big deal, I got logs in pfSense,

But here the issue is, most often you will be running your AP in bridge mode and having pfSense hand out the DHCP addresses, and if your in bridge mode not much info on whats connecting to the NAS internally behind the firewall is ever seen on the firewall logs. This gives you a level of visibility not normally seen within pfSense unless it is configured. Again if you can do it with one AP you can do it with an alias for many APs on a bigger network. This gives you more information into possibile mac spoofing and unauthorized access. If you use remote access and Dynamic DNS for your network, you can see the firewall logs and the AP logs as well.

@Bob-Dig said in System Logs / Firewall Not Logging:

You are right, I also can't see it.
I call @johnpoz

Ooops, now I see it... was to late for me that day.

@michmoor said in Graylog server on a raspberry pi:

The 'count' in your charts. Should we assume thats how many sessions were created on the firewall, i.e. how many times a packet hit that rule?

Based on what I've observed so far, this would be the same thing you would see in System logs > Firewall in Pfsense logs.

Since its a game, it is probably using UDP, right? I never played Roblox.. So I can't tell.

You can click the play button inside this chart to take a look at each of those entries to check.

Downtime at my house is not a thing.
It has been booted after this started and has only been up 23 days... embarrassingly short time...
I just now got around to asking if there is a way to stop it.

Thank you for the suggestions.

@kiokoman Ugh, thank you! Working now!

RRD intentionally aggregates data into larger intervals as the data gets older.

The monitoring graphs are intended to provide troubleshooting information, not be a high-resolution, historical archive. For that you can query the device using something like cacti or zabbix or a plethora of others.

Setting 8 hours x 1 minute resolution is pretty comprehensive. Anything longer than 8 hours and the resolution will be reduced.