Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue: entire unified.log (monitored by syslog-ng) gets transmitted every time pfblockerng.php job is executed in cron

    pfBlockerNG
    1
    1
    190
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ccchuey
      last edited by

      I configured syslog-ng to send logs in /var/log/pfblockerng/unified.log to an ELK server. I discovered when the "/usr/local/www/pfblockerng/pfblockerng.php cron" job is executed (which is automatically scheduled in cron every 12 hours), ALL log messages contained in the unified.log file are transmitted by syslog-ng to the ELK server. This means the same logs will be sent to the ELK server every 12 hours until the specific log messages are cleared based on your max log settings. I resolved the issue by adding the following line within the "cron" case statement in file /usr/local/www/pfblockerng/pfblockerng.php:

      exec("cat /dev/null > /var/log/pfblockerng/unified.log");

      This clears the unified.log file when the cron job executes, and fixes the problem of sending multiple duplicate log messages to my ELK server. Since the logs within the unified.log file are dynamically transmitted to my ELK server, this solution serves my needs quite well.

      1 Reply Last reply Reply Quote 0
      • J jrey referenced this topic on
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.