Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Does the log track rule changes?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 3 Posters 664 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tyler.montney 0
      last edited by tyler.montney 0

      I'm forwarding all logs. I deleted some rules and I'm not seeing much.

      • Graylog: filterdns[96878]: merge_config: configuration reload
      • PFSesnse: Jul 9 01:30:57 check_reload_status 372 Syncing firewall

      Does PFSense not track this? I'd like to know which rules were changed. Additionally, I deleted an interface.

      ntpd[92478]: Deleting interface #40 ovpnc4, fe80::********%23#123, interface stats: received=0, sent=0, dropped=0, active_time=1630058 secs

      Why is ntpd the process reporting this?

      bingo600B 1 Reply Last reply Reply Quote 0
      • bingo600B
        bingo600 @tyler.montney 0
        last edited by

        @tyler-montney-0

        I have no idea if those actions could be logged.
        I usually look in :
        Diagnostics -> Backup & Restore -> Config History

        If i need to see config differences.

        NTP:
        My guess is that the NTP daemon is listening/serving on that interface.
        And when deleted , NTP has logged that it is removing it from the active interfaces list.

        /Bingo

        If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

        pfSense+ 23.05.1 (ZFS)

        QOTOM-Q355G4 Quad Lan.
        CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
        LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          No, configuration changes are not tracked in the log. Even if we added that, it wouldn't show you a ton of detail there, only the short summary you see in the config history list.

          If there isn't already a feature request in Redmine you could add one for at least logging the string we already generate.

          If you need more than that, you would need to setup something custom that triggers during the config write procedure that logs what you want or takes some other action. Trying to log a diff wouldn't be viable in most cases, at least not generally.

          Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          T 1 Reply Last reply Reply Quote 0
          • T
            tyler.montney 0 @jimp
            last edited by

            @jimp I'm only looking to see that a rule changed and which rule, not the details. I'll see about putting in a feature request.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              First see if what's in the config history shows you what you want, if it does, then logging that would be sufficient as an option.

              If that doesn't show enough detail then you'd need a separate feature request to have the configuration change(s) for rules add more detail, which may or may not be viable.

              Remember: Upvote with the šŸ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              T 2 Replies Last reply Reply Quote 0
              • T
                tyler.montney 0 @jimp
                last edited by

                @jimp I will check before submitting.

                What about interfaces? Only ntpd reported an interface being deleted. I saw nothing on one being added.

                1 Reply Last reply Reply Quote 0
                • T
                  tyler.montney 0 @jimp
                  last edited by tyler.montney 0

                  @jimp All the detail is in the Config History section.

                  Feature request submitted: https://redmine.pfsense.org/issues/12118

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.