Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfBlockerNG Strange Quirk with Log Files

    Scheduled Pinned Locked Moved
    pfBlockerNG
    2
    3
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      SteveLuxe
      last edited by

      Greetings! I'm not sure if anyone else has experienced this, or if perhaps I'm just too much of a noob, and I've done something wrong with my configuration, however I'm experiencing a very strange quirk with pfBlockerNG 2.1.1_4 running on pfSense 2.3.2_1.

      The behavior goes something like this:

      My dashboard displays the stats for pfBlockerNG, which I can click on to further view the alerts / blocks. However – it seems that for whatever reason, when I click on the alerts to view what has been blocked, things do not properly display under the "Deny" and "DNSBL" sections until I switch over to view the log files for pfBlocker.

      In order to get the alerts to display properly on my Alerts page, I have to click on Firewall / pfBlockerNG / Log Browser, Select "pfblockerng.log", allow it to display the log file, and THEN switch back to the "Alerts" section, and the alerts / blocked hosts will now display properly.

      I'm just wondering if this may be some sort of bug, or something on my end that may be misconfigured on my end, or perhaps just a quirk that's unique to my pfSense installation? Has anyone else experienced this behavior? It's not a showstopper by any means, but it certainly doesn't seem like it should be behaving this way. Does anyone happen to have any idea as to what may cause this, or even better, how to fix this? I'm a bit stumped. Thanks in advance, everyone!

      1 Reply Last reply Reply Quote 0
      • BBcan177B
        BBcan177 Moderator
        last edited by

        The Log Browser tab has nothing to do with the Alerts Tab (and vice versa)… The IP Alerts are taken from the pfSense Firewall log, and the DNSBL alerts are taken from the /var/log/pfblockerng/dnsbl.log

        When you pivot from the widget to the Alerts Tab, it will Filter the alerts to only show those particular Alerts (ie: Tracker rule numbers), and it will not show any other Alerts for DNSBL.  If the pfSense firewall log settings are set too low, than the firewall log might not have those alerts and thus the pfBlockerNG Alerts tab can show no details for those alerts…  You can terminate the Alerts Filter by clicking the Clear Filter button

        "Experience is something you don't get until just after you need it."

        Website: http://pfBlockerNG.com
        Twitter: @BBcan177  #pfBlockerNG
        Reddit: https://www.reddit.com/r/pfBlockerNG/new/

        1 Reply Last reply Reply Quote 0
        • S
          SteveLuxe
          last edited by

          Hey BBcan177! Thank you SO much for taking the time to explain this to me. I was scratching my head trying to figure out exactly why my PrivacyGuard alerts weren't showing, but my general pfBlocker alerts were. This makes perfect sense, now. Thank you again for the clear, concise explanation. You rock!  ;D

          1 Reply Last reply Reply Quote 0
          • First post
            Last post