Help for c-icap/e2guardian access.log rotation and low free memory

  • Hello,

    in my company I have put in production a proxy/filtering solution based on pfSense 2.2.3 for 140 users with this architecture:

    VM configured with 2 vCPU, 8 GB RAM and 20 GB virtual disk;
    installed packages Squid3, Lightsquid, E2guardian, Suricata, pfBlockerNG.

    Everything works very well and the performance is good, but I have two problems that worries me because still I have not managed to solve.

    The first is that after some time of use, the disk fills up mainly due to the growth without limit of these files:

    /var/log/c-icap/access.log (that actually does not contain useful data)
    /var/log/e2guardian/access.log (that despite the setting even records the traffic allowed and not only blocked sites as I would)

    Given that I was unable to find the right solution in this forum, I ask a help to know if there is a way for rotate and delete these files, so that that I do not have to worry about it.

    the second thing that puzzles me is that the free memory rapidly decreases below the threshold of 10%, though the memory usage showed in the dashboard usually does not exceed the 18%.

    I originally configured the machine with 4 GB RAM, that I had estimated to be enough, but in this configuration after a few weeks
    I noticed a swap usage despite a memory usage of 50%, so I had to reconfigure the VM to 8 GB RAM.

    I thank in advance all those who will have the patience to read my post and who can help me.

    Best Regards.


  • @CBRom:

    /var/log/c-icap/access.log (that actually does not contain useful data)


    I've just been struggling to disable this file. It was receiving several lines of useless information every few seconds.

    The c-icap configuration file is located in /usr/local/etc/c-icap/c-icap.conf. You can edit it but, somehow, the webinterface replaces it while saving the configuration so this is what I (blindly) did. I'm sure there has to be a better way:

    • Edit /usr/local/etc/c-icap/c-icap.conf.pfsense

    • Locate the line AccessLog /var/log/c-icap/access.log

    • Replace it with AccessLog /dev/null

    • Go to Services/Squid Proxy Server and just save the configuration

    • Check that both /usr/local/etc/c-icap/c-icap.conf.pfsense and /usr/local/etc/c-icap/c-icap.conf have the "AccessLog /dev/null" line

    • Reboot the server (maybe restarting the icap service would be enough)

    • Browse some site and check for modifications to the access.log file