Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help for c-icap/e2guardian access.log rotation and low free memory

    pfSense Packages
    2
    2
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cedbonificaromagna.it
      last edited by

      Hello,

      in my company I have put in production a proxy/filtering solution based on pfSense 2.2.3 for 140 users with this architecture:

      VM configured with 2 vCPU, 8 GB RAM and 20 GB virtual disk;
      installed packages Squid3, Lightsquid, E2guardian, Suricata, pfBlockerNG.

      Everything works very well and the performance is good, but I have two problems that worries me because still I have not managed to solve.

      The first is that after some time of use, the disk fills up mainly due to the growth without limit of these files:

      /var/log/c-icap/access.log (that actually does not contain useful data)
      /var/log/e2guardian/access.log (that despite the setting even records the traffic allowed and not only blocked sites as I would)

      Given that I was unable to find the right solution in this forum, I ask a help to know if there is a way for rotate and delete these files, so that that I do not have to worry about it.

      the second thing that puzzles me is that the free memory rapidly decreases below the threshold of 10%, though the memory usage showed in the dashboard usually does not exceed the 18%.

      I originally configured the machine with 4 GB RAM, that I had estimated to be enough, but in this configuration after a few weeks
      I noticed a swap usage despite a memory usage of 50%, so I had to reconfigure the VM to 8 GB RAM.

      I thank in advance all those who will have the patience to read my post and who can help me.

      Best Regards.

      Claudio

      1 Reply Last reply Reply Quote 0
      • R
        regne
        last edited by

        @CBRom:

        /var/log/c-icap/access.log (that actually does not contain useful data)

        Hi.

        I've just been struggling to disable this file. It was receiving several lines of useless information every few seconds.

        The c-icap configuration file is located in /usr/local/etc/c-icap/c-icap.conf. You can edit it but, somehow, the webinterface replaces it while saving the configuration so this is what I (blindly) did. I'm sure there has to be a better way:

        • Edit /usr/local/etc/c-icap/c-icap.conf.pfsense

        • Locate the line AccessLog /var/log/c-icap/access.log

        • Replace it with AccessLog /dev/null

        • Go to Services/Squid Proxy Server and just save the configuration

        • Check that both /usr/local/etc/c-icap/c-icap.conf.pfsense and /usr/local/etc/c-icap/c-icap.conf have the "AccessLog /dev/null" line

        • Reboot the server (maybe restarting the icap service would be enough)

        • Browse some site and check for modifications to the access.log file

        Regards.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.