Email notification setup not completed the logs

cheqsync

Hi everyone,

I'd like to ask what's wrong with my setup in my pfsense. I have setup email notification and its working fine to send a logs in my email but the only problem the logs is not completed. I want to get the complete logs everday but in my current setup i got only 50 logs. Hope you will help me regarding this issue. Thanks.

P.S if you have suggestion any alternative how to get full logs everday, please let me know. Im really sorry i'm newbie in pfsense. Thanksbolded text

provels

Do you mean you're only getting 50 lines of log? After you create the report, you can edit it to choose the number of lines.

kiokoman

I'm using -> Send log messages to remote syslog server
under Status / System Logs / Settings
i have another pc running linux with rsyslog collecting all the data and rotating it daily, there are also software for windows if you don't have a linux machine that can do it. if you need you can take the generated daily log and send it via email.

stephenw10

You mean using the mailreport package I assume?

In which case there is a field to change that Enter the number of rows to include in the report.

But, yes, if you just want to export the logs you should use syslog:
https://docs.netgate.com/pfsense/en/latest/monitoring/copying-logs-to-a-remote-host-with-syslog.html

Steve

cheqsync

@kiokoman thanks maybe i need to use syslog than to email notification package. Do you have any tutorial how to install it on linux and what application did you use on your linux? What i really want is to keep all my logs. Thanks everyone to your reply. Thanks. :)

cheqsync

@provels thanks. How do i edit the line. I got only 50 lines in my email. I already edited in the status-system logs-settings the line on 50 to 2000 but still the problem is the same. Thanks.

cheqsync

@stephenw10 yes email package. How can i adjust the row that you have said? Is there any way to get all the logs using email package or i need to use syslog?

kiokoman

the package that i use under linux is rsyslog

add this to /etc/rsyslog.conf

module(load="imuxsock") # provides support for local system logging
$ModLoad imfile
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

create a file inside /etc/rsyslog.d/33-pfsense.conf

if $programname == 'suricata' then /var/log/pfsense-suricata.log
& stop

if $programname == 'filterlog' then /var/log/pfsense-filterlog.log
& stop

if $programname == 'filterdns' then /var/log/pfsense-filterdns.log
& stop

if $programname == 'hostapd' then /var/log/pfsense-hostapd.log
& stop

if $programname == 'radvd' then /var/log/pfsense-radvd.log
& stop

you can add more filter just follow the pattern

add every /var/log/pfsense-*.log to /etc/logrotate.d/rsyslog

example :

kiokoman@nanto:/etc/logrotate.d$ cat rsyslog

/var/log/syslog
{
        rotate 7
        daily
        missingok
        notifempty
        delaycompress
        compress
        postrotate
                /usr/lib/rsyslog/rsyslog-rotate
        endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
/var/log/tftp
/var/log/named.log
/var/log/named/client.log
/var/log/named/config.log
/var/log/named/database.log
/var/log/named/default.log
/var/log/named/dispatch.log
/var/log/named/dnssec.log
/var/log/named/general.log
/var/log/named/lame-servers.log
/var/log/named/network.log
/var/log/named/notify.log
/var/log/named/queries.log
/var/log/named/resolver.log
/var/log/named/security.log
/var/log/named/unmatched.log
/var/log/named/update.log
/var/log/named/xfer-in.log
/var/log/named/xfer-out.log
/var/log/pfsense-suricata.log
/var/log/pfsense-radvd.log
/var/log/pfsense-filterdns.log
/var/log/pfsense-filterlog.log

cheqsync

@kiokoman thank you so much for this tutorial. I will try this setup. Once again, thank you so much I really appreciate your help. :)