Help for c-icap/e2guardian access.log rotation and low free memory

pfSense Packages
Log in to reply
  • C

    Hello,

    in my company I have put in production a proxy/filtering solution based on pfSense 2.2.3 for 140 users with this architecture:

    VM configured with 2 vCPU, 8 GB RAM and 20 GB virtual disk;
    installed packages Squid3, Lightsquid, E2guardian, Suricata, pfBlockerNG.

    Everything works very well and the performance is good, but I have two problems that worries me because still I have not managed to solve.

    The first is that after some time of use, the disk fills up mainly due to the growth without limit of these files:

    /var/log/c-icap/access.log (that actually does not contain useful data)
    /var/log/e2guardian/access.log (that despite the setting even records the traffic allowed and not only blocked sites as I would)

    Given that I was unable to find the right solution in this forum, I ask a help to know if there is a way for rotate and delete these files, so that that I do not have to worry about it.

    the second thing that puzzles me is that the free memory rapidly decreases below the threshold of 10%, though the memory usage showed in the dashboard usually does not exceed the 18%.

    I originally configured the machine with 4 GB RAM, that I had estimated to be enough, but in this configuration after a few weeks
    I noticed a swap usage despite a memory usage of 50%, so I had to reconfigure the VM to 8 GB RAM.

    I thank in advance all those who will have the patience to read my post and who can help me.

    Best Regards.

    Claudio

    0
  • R

    @CBRom:

    /var/log/c-icap/access.log (that actually does not contain useful data)

    Hi.

    I've just been struggling to disable this file. It was receiving several lines of useless information every few seconds.

    The c-icap configuration file is located in /usr/local/etc/c-icap/c-icap.conf. You can edit it but, somehow, the webinterface replaces it while saving the configuration so this is what I (blindly) did. I'm sure there has to be a better way:

    • Edit /usr/local/etc/c-icap/c-icap.conf.pfsense

    • Locate the line AccessLog /var/log/c-icap/access.log

    • Replace it with AccessLog /dev/null

    • Go to Services/Squid Proxy Server and just save the configuration

    • Check that both /usr/local/etc/c-icap/c-icap.conf.pfsense and /usr/local/etc/c-icap/c-icap.conf have the "AccessLog /dev/null" line

    • Reboot the server (maybe restarting the icap service would be enough)

    • Browse some site and check for modifications to the access.log file

    Regards.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy