Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System logs time interval?

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robi
      last edited by

      I see that Sytem logs there's a filter functionality, but the 'Regular expression reference' doesn't contain any sensible information on how to simply filter out a time interval.
      For example, I'dl like to see logs beween 2AM and 4AM. Any quick and dirty hints to check this out?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        What day in the logs.. So for example if I wanted to look at Dec 10-12 between 0200 and 0400 You could do this

        Dec 1[0-2] 0[2-4]

        In the time box…  If you know the specific DAY then say Dec 11 0[2-4]

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • R
          robi
          last edited by

          Thanks. How long are the system logs kept by the way? I tried to search for log entries from Dec 11, and no results… (logs from today appear fine).

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            the logs are there but the gui defaults to only like last 50 lines..  you can up the gui to show more logs… I have mine to set 2000 last entries..  If you want to view the full logs with clog

            https://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_(clog)

            There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link... If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              Metrick
              last edited by

              @johnpoz:

              There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link… If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..

              Do you have suggestions for an external log server?  Docker, VM, etc.?  Hardest part I have found is finding updated filters/extractors for latest pfSense version.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                There are quite a few threads about using a elk stack  with pfsense.  I was playing with that for a while.. But other priorities in my home network/lab I have not gotten back to that..

                But simple google you find this great site
                http://pfelk.3ilson.com/2017/10/pfsense-v24xkibanaelasticsearchlogstash.html

                This guy has put up great info on using pfsense with elk stack with very detailed instructions… I know for sure last time I played with this back when 2.3 was new his instructions were spot on..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • I
                  ianrenton
                  last edited by

                  Thanks for that link johnpoz, was looking for something like that

                  http://www.scorebat.com

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metrick
                    last edited by

                    Thank you for the link, even has 2.4 GROK patterns!  Much appreciated.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.