"No logs to display" for firewall-logs after upgrade from 2.3.4 to 2.4.2_p1



  • all other logs are displayed ok in the gui.
    There are entries in /var/log/filter.log.
    When I check the option "raw logs" the entries were displayed.



  • There are no rows with ip-addresses in the filter.log. I have enabled a rule which logs my access, but nothing went to filter.log…

    Only these entries:
    Dec 20 10:26:48 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,3,bad-hlen=16),3
    Dec 20 10:26:49 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,4,bad-len=0,
    Dec 20 10:26:49 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,7,bad-len=0,7
    Dec 20 10:26:50 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,0,bad-len=0,0
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,4,bad-len=0,
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:52 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-hlen=0),5
    Dec 20 10:26:53 firewall filterlog: 768,16777216,,1448346704,igb1,match,block,in,5,bad-len=0,5



  • any hints?


  • Rebel Alliance Developer Netgate

    Something in the upgrade must have failed. Are you certain you're running a fully updated 2.4.2-p1 system? That looks like a symptom of a mismatched kernel and world/binaries.

    What does the output of "uname -a" show?

    What about "pkg-static info -x pfSense"?



  • I got the same problem.

    $> uname -a

    
    FreeBSD med-router-1.medialog.datacenter 10.3-RELEASE-p19 FreeBSD 10.3-RELEASE-p19 #0 bbfdb9a1d(RELENG_2_3_4): Wed May  3 16:09:14 CDT 2017     root@ce23-amd64-builder:/builder/pfsense-234/tmp/obj/builder/pfsense-234/tmp/FreeBSD-src/sys/pfSense  amd64
    
    

    $> pkg-static info -x pfSense

    
    pfSense-2.4.2_1
    pfSense-Status_Monitoring-1.7.6
    pfSense-base-2.4.2_1
    pfSense-default-config-2.4.2_1
    pfSense-kernel-pfSense-2.3.4
    pfSense-pkg-haproxy-0.54_2
    pfSense-pkg-nrpe-2.3.2_2
    pfSense-pkg-openvpn-client-export-1.4.14
    pfSense-pkg-pfBlockerNG-2.1.2_2
    pfSense-rc-2.4.2_1
    pfSense-repo-2.4.2_1
    pfSense-upgrade-0.42
    php56-pfSense-module-0.57
    
    

    The content of my firewall log in raw format :

    
    Mar 6 16:19:53	filterlog: 7,16777216,,1000000105,vtnet0,match,block,in,0,bad-hlen=0),0
    Mar 6 16:19:53	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,14,bad-hlen=12),14
    Mar 6 16:19:53	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,12,error='truncated-ip 14932 bytes missing!',0x97,CE,193,13318,10104,DF,248,unknown,16384,xx.xx.xx.xx,197.252.1.187,12
    Mar 6 16:19:51	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,11,error='truncated-ip 16330 bytes missing!',0x65,1,145,13073,29856,none,255,unknown,16384,xxx.xxx.xxx.xxx,200.213.27.43,11
    Mar 6 16:19:51	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,6,error='truncated-ip6 - 12192 bytes missing!',0xbc,0x84000,220,unknown,167,13318,xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx,xxxx:xxxx:xxxx:xxxx:xxxx:0:xxxx:xxxx,
    Mar 6 16:19:51	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,14,error='truncated-ip 14932 bytes missing!',0xdf,CE,193,13318,23864,+,248,unknown,16384,xx.xx.xx.xx,197.252.1.187,14
    Mar 6 16:19:50	filterlog: 5,16777216,,1000000103,vtnet1,match,block,in,4,bad-len=0,
    Mar 6 16:19:50	filterlog: 7,16777216,,1000000105,vtnet0,match,block,in,0,bad-hlen=0),0
    Mar 6 16:19:49	filterlog: 3,16777216,,1000000101,vtnet1,match,block,in,3,bad-len=0,3
    
    

    It really looks like : https://redmine.pfsense.org/issues/3648



  • I think i found.

    pkg unlock pfSense-kernel-pfSense
    pfSense-kernel-pfSense-2.3.4: unlock this package? [y/N]: y
    Unlocking pfSense-kernel-pfSense-2.3.4

    Then : pkg upgrade
    Installed packages to be UPGRADED:
    pfSense-kernel-pfSense: 2.3.4 -> 2.4.2_1 [pfSense-core]

    You were right. Kernel mismatch.