My firewall log is getting trimmed

  • I set my firewall logging to monitor just one rule. Saved and clear the log. In the gui I see 12 entries of last 50 max. After some time these entries get trimmed even if no new logs arrive. I do not have any filters. What happened to my firewall log entries?

  • Rebel Alliance Developer Netgate

    What version of pfSense are you running?

    Look in the raw filter log and see what shows up there:

    clog /var/log/filter.log

    I'd have to double check the code, but there used to be some really spammy types of log meaningless log messages that we filtered out, but I thought we fixed that a while back.

  • Thank you for your help with my firewall log problem

    2.3.1-RELEASE-p5 (amd64)
    built on Thu Jun 16 12:53:15 CDT 2016
    FreeBSD 10.3-RELEASE-p3

    These are repeated in clog
    filterlog: 54,16777216,,11000,<snip>,match,block,in,6,0xe0,0x00000,1,Options,0,36,<snip>,HBH,RTALERT,0x0000,PADN,
    filterlog: 54,16777216,,11000,<snip>,match,block,in,6,0xe0,0x00000,1,Options,0,32,<snip>,HBH,RTALERT,0x0000,PADN,</snip></snip></snip></snip>

  • Rebel Alliance Developer Netgate

    Is that an example log entry that is not showing up in the GUI? Or one that is?

    Can you PM me a copy of those log entries with the original IP addresses intact?

  • Last 0 Firewall Log Entries. (Maximum 50)
    No logs to display

    original ipv6 is fe80::

Log in to reply