Tons sshguard log entries and its not enabled
-
Hi @stephenw10
Let's try an ideal combination of the two.
But for today I'll just follow the behavior.Thanks.
Geovane
-
Change of plans:
My quiet time dropped to less than 20 minutes in the last rotation, with the arrival of users on the wifi network.
I am changing the size of the log files to 100MB and the retention to 2 files.
-
Good morning gentlemen,
Thanks to you, we are evolving towards a satisfactory configuration.
I was looking for logs to disable and I noticed that the squid access logs are being written locally to the /var/log/nginx.log file and also to the /var/squid/logs/access.log folder.
Do you know if there's a way to solve this without affecting the sending to the remote server?
Note: I have the LightSquid package installed as well.Thanks.
-
Hmm, nothing I'm aware of but I've never tried to solve that before. You mean prevent Squid writing to the nginx log? You certainly need local logging for LightSquid to work.
-
Good Morning,
Yes, LightSquid uses log files from the "/var/squid/logs" folder. I reduced the space used by changing the retention of logs in the squid from 30 to 3 files.
Regarding the same logs that go to "/var/log/nginx.log" it seems that they are sent remotely to syslog, so there's not much to do there. -
Sirs,
Thanks again for the suggestions.
I believe that we have reached a suitable configuration for our case.I'll report the actions in case anyone finds this useful in the future:
PfSense 2.6.0 - FW/GW/Proxy wifi network approx 1300 daily users.
Logs are sent remotely for auditing purposes. Lots of filter logs!Our final configuration to avoid "sshguard" spam looked like this:
- We increased log file size to 100MB;
- To avoid excessive disk consumption, retention has been changed to only two files in "log settings";
-rw------- 1 root wheel 97239550 Jul 14 11:35 filter.log
-rw------- 1 root wheel 102682474 Jul 13 16:16 filter.log.0
-rw------- 1 root wheel 102697059 Jul 13 11:31 filter.log.1- To avoid the risk of unnecessary CPU consumption, log compression was disabled (UFS);
- We disabled the log packets matched from the default block rules in the ruleset to reduce the amount of system logs;
- We reviewed the other firewall rules and kept the logs strictly necessary;
- Also to avoid space consumption, squid log retention has been reduced from 30 to 3 files.
Thanks,
Geovane
-
M Mixka referenced this topic on
-
M Mixka referenced this topic on
-
M Mixka referenced this topic on
-
ok run into same thing ...
gonna have a look into this2.6CE
brNP
-
P pst referenced this topic on
-
S sammiorelli referenced this topic on
