Does the log track rule changes?
-
I'm forwarding all logs. I deleted some rules and I'm not seeing much.
- Graylog: filterdns[96878]: merge_config: configuration reload
- PFSesnse: Jul 9 01:30:57 check_reload_status 372 Syncing firewall
Does PFSense not track this? I'd like to know which rules were changed. Additionally, I deleted an interface.
ntpd[92478]: Deleting interface #40 ovpnc4, fe80::********%23#123, interface stats: received=0, sent=0, dropped=0, active_time=1630058 secs
Why is ntpd the process reporting this?
-
I have no idea if those actions could be logged.
I usually look in :
Diagnostics -> Backup & Restore -> Config HistoryIf i need to see config differences.
NTP:
My guess is that the NTP daemon is listening/serving on that interface.
And when deleted , NTP has logged that it is removing it from the active interfaces list./Bingo
-
No, configuration changes are not tracked in the log. Even if we added that, it wouldn't show you a ton of detail there, only the short summary you see in the config history list.
If there isn't already a feature request in Redmine you could add one for at least logging the string we already generate.
If you need more than that, you would need to setup something custom that triggers during the config write procedure that logs what you want or takes some other action. Trying to log a diff wouldn't be viable in most cases, at least not generally.
-
@jimp I'm only looking to see that a rule changed and which rule, not the details. I'll see about putting in a feature request.
-
First see if what's in the config history shows you what you want, if it does, then logging that would be sufficient as an option.
If that doesn't show enough detail then you'd need a separate feature request to have the configuration change(s) for rules add more detail, which may or may not be viable.
-
@jimp I will check before submitting.
What about interfaces? Only ntpd reported an interface being deleted. I saw nothing on one being added.
-
@jimp All the detail is in the Config History section.
Feature request submitted: https://redmine.pfsense.org/issues/12118
