pfBlocker genrates 12GBs of logs a day

tazmo

I continue to struggle with the non-dev version pfBlocker, and it's not just pfBlocker's fault...

pfBlocker is now generating over 12GBs of logs in the following file, per day:
/var/log/pfblockerng/dnsbl_error.log

This has filed up my /var 3 times already, which breaks unbound (see my previous posts).

I get the lines below[1] in that log over and over and over again... and that log does not seem to get rotated, is not "circular", or not rotated in time enough to keep it from filling up my /var partition.

Note I have not touched the generated /var/unbound/pfb_dnsbl_lighty.conf file, it is default.

How can I stop this log from filling up my /var and stop this junk from writing to the log?

Strangely enough, the dnsbl.log in the same dir, stays a constant size.

If I go to Status -> System Logs -> Settings -> Reset Log files, this does not clear the above dnsbl_error.log.

Now I do realize I have one (important) device on my home net that is generating 30(!) dns requests to api.amplitude.com per second! This is absolutely positively ridiculous, and while I have complained to the OEM, they' don't care, it's not going to get "fixed". This also drives up CPU use for lighttpd to 30% of my CPU on pfSense in spurts of 5 minutes at a time.

I can live with the CPU spikes (that's what pfBlocker is for), but why is the log growing unbounded (no pun intended)?

Bob

[1] Ref:
2020-04-18 10:56:50: (configfile-glue.c.581) === start of condition block ===
2020-04-18 10:56:50: (configfile-glue.c.325) 3 global/HTTPhost=~.* not available yet
2020-04-18 10:56:50: (configfile-glue.c.493) 1 (uncached) result: unset
2020-04-18 10:56:50: (configfile-glue.c.581) === start of condition block ===
2020-04-18 10:56:50: (configfile-glue.c.449) SERVER["socket"] ( 0.0.0.0:8443 ) compare to 0.0.0.0:8443
2020-04-18 10:56:50: (configfile-glue.c.493) 2 (uncached) result: true
2020-04-18 10:56:50: (configfile-glue.c.581) === start of condition block ===
2020-04-18 10:56:50: (configfile-glue.c.282) go parent global/SERVERsocket==0.0.0.0:8443
2020-04-18 10:56:50: (configfile-glue.c.500) 2 (cached) result: true
2020-04-18 10:56:50: (configfile-glue.c.325) 3 global/SERVERsocket==0.0.0.0:8443/HTTPhost=~.* not available yet
2020-04-18 10:56:50: (configfile-glue.c.493) 3 (uncached) result: unset
2020-04-18 10:56:50: (configfile-glue.c.581) === start of condition block ===
2020-04-18 10:56:50: (configfile-glue.c.449) HTTP["host"] ( api.amplitude.com ) compare to .*
2020-04-18 10:56:50: (configfile-glue.c.493) 1 (uncached) result: true

BBcan177

@tazmo best to move to pfBlockerNG-devel FTW!

tazmo

Alright... I'll give that a try next.

Had to resort to a cron tab that did a:
/bin/cat /dev/null > /var/log/pfblockerng/dnsbl_error.log

every 15 minutes. That's a hack!

Will try the dev version next...

Thx,
Bob