• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Empty Firewall Log - 2.5

Scheduled Pinned Locked Moved 2.5 Development Snapshots (Retired)
6 Posts 3 Posters 265 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Q
    Quarkz
    last edited by Sep 23, 2020, 11:30 PM

    Is anyone else seeing no firewall updates to filter.log recently?

    Currently on build
    2.5.0-DEVELOPMENT (amd64)
    built on Wed Sep 23 13:05:48 EDT 2020
    FreeBSD 12.2-PRERELEASE

    Re-installed and reset log files already.

    pfctl shows the default block rules in place
    block drop in log inet all label "Default deny rule IPv4"

    Any ideas?

    1 Reply Last reply Reply Quote 0
    • Q
      Quarkz
      last edited by Sep 24, 2020, 4:09 PM

      I see syslog running
      /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -b 192.168.1.1

      I also see packets showing blocked under the interfaces

      In/out packets (pass)
      5057612/1557430 (6.12 GiB/263.44 MiB)
      In/out packets (block)
      2454/0 (184 KiB/0 B)

      but nothing is showing under Status/System Logs/Firewall and /var/log/filter.log is empty.

      I assume nobody else is having this same issue?

      1 Reply Last reply Reply Quote 0
      • K
        kiokoman LAYER 8
        last edited by kiokoman Sep 24, 2020, 5:03 PM Sep 24, 2020, 4:59 PM

        nope, check permission and compare

        -rw-------   1 root      wheel     137776 Sep 24 18:55 filter.log
        
        root   74183   0.0  0.0  11420   2676  -  Ss   Tue15       0:41.58 /usr/sbin/syslogd -O rfc3164 -s -c -c -l /var/dhcpd/var/run/log -l /tmp/haproxy_chroot/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -b 172.17.0.254
        
        [2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/var/log: cat /etc/syslog.conf
        # Automatically generated, do not edit!
        # Place configuration files in /var/etc/syslog.d
        !*
        
        include                                         /var/etc/syslog.d
        # /* Manually added files with non-conflicting names will not be automatically removed */
        [2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/var/log: cd /var/etc/syslog.d
        [2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/var/etc/syslog.d: ls
        haproxy.log.conf pfSense.conf
        [2.5.0-DEVELOPMENT][root@pfSense.kiokoman.home]/var/etc/syslog.d: cat pfSense.conf
        # Automatically generated, do not edit!
        !*
        auth.*;authpriv.*                                               /var/log/auth.log
        !radvd,routed,zebra,ospfd,ospf6d,bgpd,miniupnpd,igmpproxy
        *.*                                                             /var/log/routing.log
        !ntp,ntpd,ntpdate
        *.*                                                             /var/log/ntpd.log
        !ppp
        *.*                                                             /var/log/ppp.log
        !poes
        *.*                                                             /var/log/poes.log
        !l2tps
        *.*                                                             /var/log/l2tps.log
        !charon,ipsec_starter
        *.*                                                             /var/log/ipsec.log
        !openvpn
        *.*                                                             /var/log/openvpn.log
        !dpinger
        *.*                                                             /var/log/gateways.log
        !dnsmasq,named,filterdns,unbound
        *.*                                                             /var/log/resolver.log
        !dhcpd,dhcrelay,dhclient,dhcp6c,dhcpleases,dhcpleases6
        *.*                                                             /var/log/dhcpd.log
        !hostapd
        *.*                                                             /var/log/wireless.log
        !filterlog
        *.*                                                             /var/log/filter.log
        *.*                                                             @172.17.0.100:514
        *.*                                                             @172.17.0.100:5140
        !logportalauth
        *.*                                                             /var/log/portalauth.log
        !-ntp,ntpd,ntpdate,charon,ipsec_starter,openvpn,poes,l2tps,hostapd,dnsmasq,named,filterdns,unbound,dhcpd,dhcrelay,dhclient,dhcp6c,dpinger,radvd,routed,zebra,ospfd,ospf6d,bgpd,miniupnpd,igmpproxy,filterlog,haproxy
        local3.*                                                        /var/log/vpn.log
        local5.*                                                        /var/log/nginx.log
        *.notice;kern.debug;lpr.info;mail.crit;daemon.none;news.err;local0.none;local3.none;local4.none;local7.none;security.*;auth.info;authpriv.info;daemon.info      /var/log/system.log
        auth.info;authpriv.info                                         |exec /usr/local/sbin/sshguard -i /var/run/sshguard.pid
        *.emerg                                                         *
        *.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none;security.*;auth.info;authpriv.info;daemon.info      @172.17.0.100:514
        *.emerg;*.notice;kern.debug;lpr.info;mail.crit;news.err;local0.none;local3.none;local7.none;security.*;auth.info;authpriv.info;daemon.info      @172.17.0.100:5140
        

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 0
        • Q
          Quarkz
          last edited by Sep 24, 2020, 7:50 PM

          @kiokoman

          Thanks for the ideas! Unfortunately everything matches up fine.
          I am seeing packets being properly blocked if I tcpdump on pflog0 so I think that much is working.

          I will try a fresh install this weekend and see if I still have the issue with a vanilla config or if there is something wrong in my config.xml.

          1 Reply Last reply Reply Quote 0
          • J
            jimp Rebel Alliance Developer Netgate
            last edited by Sep 24, 2020, 8:02 PM

            It's working fine for me here.

            The process you really want to look for is filterlog:

            root  51714   0.0  0.3 12336  1284  -  Ss   Tue08      0:13.20 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
            

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • Q
              Quarkz
              last edited by Sep 24, 2020, 9:31 PM

              @jimp I figured it was the filterlog process.

              root    45091   0.0  0.1  12104  2976  -  Ss   15:18     0:00.13 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
              

              It must be something specific to my config. I have done several fresh re-installs albeit importing my existing config.xml. If you have any other thoughts on troubleshooting things please let me know.

              tcpdump -n -e -ttt -i pflog0 inbound and action block and on em0
              

              Shows things being properly blocked so I am not as concerned but still puzzled.

              1 Reply Last reply Reply Quote 0
              1 out of 6
              • First post
                1/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received