Alerts not showing properly

guardian

Unless I misunderstand the way things are supposed to work, the alerts don't seem to be working properly. I get the following display on the dashboard:

When I clicked on the 11 and the 65 I get the following display:

I clicked on Apply Filter to update the search, and I still got no entries.

Am I doing something incorrectly, or have I found a bug?

RonpfS

Maybe those log entries are no longer present in the Firewall log?
I set my box to use 10MB for Log file size (Bytes) in the Status / System Logs / Settings tab

BBcan177

Install pfBlockerNG-devel which has a new logging method which doesn't rely on the pfSense filter.log

guardian

@bbcan177 said in Alerts not showing properly:

Install pfBlockerNG-devel which has a new logging method which doesn't rely on the pfSense filter.log

Thanks for the reply - before I do that a couple of questions:

• Since it's pfBlockerNG-devel - I assume that means "development" and essentially "beta" software?
• I would assume this means a much faster update cycle with "beta" software?
• How long until that feature from the development branch becomes the stable branch?

I don't really have the time/skill to deal with anything that might crash my firewall so I'll have to wait till the changes trickle down

BTW... How do I clear those counters? I clicked on the trash can and only the DNSBL counts cleared.

Thanks again @bbcan177 for all your great work--makes me proud to be Canadian!

"Experience is something you don't get until just after you need it."
Ain't that the truth!

@ronpfs said in Alerts not showing properly:

Maybe those log entries are no longer present in the Firewall log?
I set my box to use 10MB for Log file size (Bytes) in the Status / System Logs / Settings tab

Thanks @ronpfs I think you might be right - I just set set mine for 20MB.

RonpfS

@guardian
BTW :
NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, first save the options to set the size, then clear all logs using the "Reset Log Files" option farther down this page.

Mines are still at 500KBs I didn't reset the log then. I just did.

The settings was set before restoring the config to a new installation of 2.4.4_p1, that explain why I didn't notice at the time.

guardian

@ronpfs said in Alerts not showing properly:

@guardian
BTW :
NOTE: Log sizes are changed the next time a log file is cleared or deleted. To immediately increase the size of the log files, first save the options to set the size, then clear all logs using the "Reset Log Files" option farther down this page.

Mines are still at 500KBs I didn't reset the log then. I just did.

I actually noticed that and reset the logs, but thanks for mentioning it.

BBcan177

@guardian
https://forum.netgate.com/topic/135708/is-pfblockerng-devel-stable

guardian

@bbcan177 said in Alerts not showing properly:

@guardian
https://forum.netgate.com/topic/135708/is-pfblockerng-devel-stable

Thanks @bbcan177... I read the post... 3 months ago there was a reference to pushing the devel to production. Did that happen with the recent release of 2.4.4-p1? or is that about to happen soon?

How can I clear the counters that I mention in the original post?

I'm tempted to try -devel, but I need to know what's my fallback position. I've spent a lot of time setting up blocklists and I don't want to have to go through that mess again.

I'm not a network engineer, and if my pfSense goes bye-bye, I have no access to the internet and a managed switch that I can't route.... In short I'm F@*ked, so rollback has got to be very very simple. That's why I skipped 2.4.4 and waited for 2.4.4-p1 to avoid problems.

BBcan177

@guardian said in Alerts not showing properly:

Thanks @bbcan177... I read the post... 3 months ago there was a reference to pushing the devel to production. Did that happen with the recent release of 2.4.4-p1? or is that about to happen soon?
How can I clear the counters that I mention in the original post?
I'm tempted to try -devel, but I need to know what's my fallback position. I've spent a lot of time setting up blocklists and I don't want to have to go through that mess again.
I'm not a network engineer, and if my pfSense goes bye-bye, I have no access to the internet and a managed switch that I can't route.... In short I'm F@*ked, so rollback has got to be very very simple. That's why I skipped 2.4.4 and waited for 2.4.4-p1 to avoid problems.

The two version share the same configuration files, so you can always flip back... but I am sure that once you install devel, you will stick with it... The only caveat to flipping back would be the need to reconfigure the IP Interface settings, as devel has merged the IPsec/OVPN interfaces into one option. Also EasyList category settings would need to be reconfigured.

In the release version of pfB, there is no btn to clear the IP counters, you would have to run a Filter Reload I think to clear them, or script something with a pfctl shell command. Devel has this already completed in the widget.

But as always, you have to ensure you have backups, and a disaster recovery plan. You can always spin up a test VM with your existing config, and play with it before hand.

The only issue would be to ensure that you are on pfSense 2.4, since the Devel package uses PHPv7 and is no longer compatible with pfSense 2.3.x

guardian

Thanks for the followup @bbcan177... a couple of questions:

@bbcan177 said in Alerts not showing properly:

The two version share the same configuration files, so you can always flip back... but I am sure that once you install devel, you will stick with it... The only caveat to flipping back would be the need to reconfigure the IP Interface settings, as devel has merged the IPsec/OVPN interfaces into one option. Also EasyList category settings would need to be reconfigured.

You can always spin up a test VM with your existing config, and play with it before hand.

Realistically how can I do this? To test my setup I need multiple NICs, and the VM would have to take control of my managed switch. I have multiple VLANs, and without pfSense the whole setup falls apart.

The only issue would be to ensure that you are on pfSense 2.4, since the Devel package uses PHPv7 and is no longer compatible with pfSense 2.3.x
Thanks for the warning, but at least that's not an issue as I am on 2.4.4-p1.

What is the approach to switching? Is it as simple as uninstalling 2.1.4_14 and leaving keep settings checked, and then installing pfBlockerNG-devel 2.2.5_19? I have OpenVPN clients and servers, but no IPsec - anything I would have to change?

How long before pfBlockerNG-devel 2.2.5_19 becomes "non-devel"?

StyleNZ

Hi, I believe I had run into this exact issue myself and this happened upon across multiple installs of it too.

I narrowed it down to the fact that some of the log files were not being created for any odd reason. For each of the log files, make sure they exist, and if they don't, manually create them using touch.