System logs time interval?
-
I see that Sytem logs there's a filter functionality, but the 'Regular expression reference' doesn't contain any sensible information on how to simply filter out a time interval.
For example, I'dl like to see logs beween 2AM and 4AM. Any quick and dirty hints to check this out?
-
What day in the logs.. So for example if I wanted to look at Dec 10-12 between 0200 and 0400 You could do this
Dec 1[0-2] 0[2-4]
In the time box… If you know the specific DAY then say Dec 11 0[2-4]
-
Thanks. How long are the system logs kept by the way? I tried to search for log entries from Dec 11, and no results… (logs from today appear fine).
-
the logs are there but the gui defaults to only like last 50 lines.. you can up the gui to show more logs… I have mine to set 2000 last entries.. If you want to view the full logs with clog
https://doc.pfsense.org/index.php/Why_can't_I_view_view_log_files_with_cat/grep/etc%3F_(clog)
There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link... If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..
-
There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link… If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..
Do you have suggestions for an external log server? Docker, VM, etc.? Hardest part I have found is finding updated filters/extractors for latest pfSense version.
-
There are quite a few threads about using a elk stack with pfsense. I was playing with that for a while.. But other priorities in my home network/lab I have not gotten back to that..
But simple google you find this great site
http://pfelk.3ilson.com/2017/10/pfsense-v24xkibanaelasticsearchlogstash.htmlThis guy has put up great info on using pfsense with elk stack with very detailed instructions… I know for sure last time I played with this back when 2.3 was new his instructions were spot on..
-
Thanks for that link johnpoz, was looking for something like that
-
Thank you for the link, even has 2.4 GROK patterns! Much appreciated.
