Email notification setup not completed the logs
-
Hi everyone,
I'd like to ask what's wrong with my setup in my pfsense. I have setup email notification and its working fine to send a logs in my email but the only problem the logs is not completed. I want to get the complete logs everday but in my current setup i got only 50 logs. Hope you will help me regarding this issue. Thanks.
P.S if you have suggestion any alternative how to get full logs everday, please let me know. Im really sorry i'm newbie in pfsense. Thanksbolded text
-
Do you mean you're only getting 50 lines of log? After you create the report, you can edit it to choose the number of lines.
-
I'm using -> Send log messages to remote syslog server
under Status / System Logs / Settings
i have another pc running linux with rsyslog collecting all the data and rotating it daily, there are also software for windows if you don't have a linux machine that can do it. if you need you can take the generated daily log and send it via email.
-
You mean using the mailreport package I assume?
In which case there is a field to change that
Enter the number of rows to include in the report.But, yes, if you just want to export the logs you should use syslog:
https://docs.netgate.com/pfsense/en/latest/monitoring/copying-logs-to-a-remote-host-with-syslog.htmlSteve
-
@kiokoman thanks maybe i need to use syslog than to email notification package. Do you have any tutorial how to install it on linux and what application did you use on your linux? What i really want is to keep all my logs. Thanks everyone to your reply. Thanks. :)
-
@provels thanks. How do i edit the line. I got only 50 lines in my email. I already edited in the status-system logs-settings the line on 50 to 2000 but still the problem is the same. Thanks.
-
@stephenw10 yes email package. How can i adjust the row that you have said? Is there any way to get all the logs using email package or i need to use syslog?
-
the package that i use under linux is rsyslog
add this to /etc/rsyslog.conf
module(load="imuxsock") # provides support for local system logging $ModLoad imfile #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception module(load="imudp") input(type="imudp" port="514") # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514") # provides kernel logging support and enable non-kernel klog messages module(load="imklog" permitnonkernelfacility="on")create a file inside /etc/rsyslog.d/33-pfsense.conf
if $programname == 'suricata' then /var/log/pfsense-suricata.log & stop if $programname == 'filterlog' then /var/log/pfsense-filterlog.log & stop if $programname == 'filterdns' then /var/log/pfsense-filterdns.log & stop if $programname == 'hostapd' then /var/log/pfsense-hostapd.log & stop if $programname == 'radvd' then /var/log/pfsense-radvd.log & stopyou can add more filter just follow the pattern
add every /var/log/pfsense-*.log to /etc/logrotate.d/rsyslog
example :
kiokoman@nanto:/etc/logrotate.d$ cat rsyslog /var/log/syslog { rotate 7 daily missingok notifempty delaycompress compress postrotate /usr/lib/rsyslog/rsyslog-rotate endscript } /var/log/mail.info /var/log/mail.warn /var/log/mail.err /var/log/mail.log /var/log/daemon.log /var/log/kern.log /var/log/auth.log /var/log/user.log /var/log/lpr.log /var/log/cron.log /var/log/debug /var/log/messages /var/log/tftp /var/log/named.log /var/log/named/client.log /var/log/named/config.log /var/log/named/database.log /var/log/named/default.log /var/log/named/dispatch.log /var/log/named/dnssec.log /var/log/named/general.log /var/log/named/lame-servers.log /var/log/named/network.log /var/log/named/notify.log /var/log/named/queries.log /var/log/named/resolver.log /var/log/named/security.log /var/log/named/unmatched.log /var/log/named/update.log /var/log/named/xfer-in.log /var/log/named/xfer-out.log /var/log/pfsense-suricata.log /var/log/pfsense-radvd.log /var/log/pfsense-filterdns.log /var/log/pfsense-filterlog.log
-
@kiokoman thank you so much for this tutorial. I will try this setup. Once again, thank you so much I really appreciate your help. :)
