Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tons sshguard log entries and its not enabled

    Scheduled Pinned Locked Moved General pfSense Questions
    67 Posts 9 Posters 39.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      geovaneg @stephenw10
      last edited by

      Hi @stephenw10

      Let's try an ideal combination of the two.
      But for today I'll just follow the behavior.

      Thanks.

      Geovane

      1 Reply Last reply Reply Quote 0
      • G
        geovaneg
        last edited by

        Change of plans:

        My quiet time dropped to less than 20 minutes in the last rotation, with the arrival of users on the wifi network.

        I am changing the size of the log files to 100MB and the retention to 2 files.

        1 Reply Last reply Reply Quote 0
        • G
          geovaneg
          last edited by

          Good morning gentlemen,

          Thanks to you, we are evolving towards a satisfactory configuration.
          I was looking for logs to disable and I noticed that the squid access logs are being written locally to the /var/log/nginx.log file and also to the /var/squid/logs/access.log folder.
          Do you know if there's a way to solve this without affecting the sending to the remote server?
          Note: I have the LightSquid package installed as well.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Hmm, nothing I'm aware of but I've never tried to solve that before. You mean prevent Squid writing to the nginx log? You certainly need local logging for LightSquid to work.

            G 1 Reply Last reply Reply Quote 1
            • G
              geovaneg @stephenw10
              last edited by

              @stephenw10

              Good Morning,

              Yes, LightSquid uses log files from the "/var/squid/logs" folder. I reduced the space used by changing the retention of logs in the squid from 30 to 3 files.
              Regarding the same logs that go to "/var/log/nginx.log" it seems that they are sent remotely to syslog, so there's not much to do there.

              1 Reply Last reply Reply Quote 0
              • G
                geovaneg
                last edited by

                Sirs,

                Thanks again for the suggestions.
                I believe that we have reached a suitable configuration for our case.

                I'll report the actions in case anyone finds this useful in the future:

                PfSense 2.6.0 - FW/GW/Proxy wifi network approx 1300 daily users.
                Logs are sent remotely for auditing purposes. Lots of filter logs!

                Our final configuration to avoid "sshguard" spam looked like this:

                • We increased log file size to 100MB;
                • To avoid excessive disk consumption, retention has been changed to only two files in "log settings";

                -rw------- 1 root wheel 97239550 Jul 14 11:35 filter.log
                -rw------- 1 root wheel 102682474 Jul 13 16:16 filter.log.0
                -rw------- 1 root wheel 102697059 Jul 13 11:31 filter.log.1

                • To avoid the risk of unnecessary CPU consumption, log compression was disabled (UFS);
                • We disabled the log packets matched from the default block rules in the ruleset to reduce the amount of system logs;
                • We reviewed the other firewall rules and kept the logs strictly necessary;
                • Also to avoid space consumption, squid log retention has been reduced from 30 to 3 files.

                Thanks,

                Geovane

                1 Reply Last reply Reply Quote 1
                • M Mixka referenced this topic on
                • M Mixka referenced this topic on
                • M Mixka referenced this topic on
                • noplanN
                  noplan
                  last edited by

                  ok run into same thing ...
                  gonna have a look into this

                  2.6CE

                  brNP

                  1 Reply Last reply Reply Quote 0
                  • P pst referenced this topic on
                  • S sammiorelli referenced this topic on
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.