• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Tons sshguard log entries and its not enabled

Scheduled Pinned Locked Moved General pfSense Questions
67 Posts 9 Posters 40.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    geovaneg @stephenw10
    last edited by Jul 11, 2022, 1:28 PM

    Hi @stephenw10

    Let's try an ideal combination of the two.
    But for today I'll just follow the behavior.

    Thanks.

    Geovane

    1 Reply Last reply Reply Quote 0
    • G
      geovaneg
      last edited by Jul 11, 2022, 1:37 PM

      Change of plans:

      My quiet time dropped to less than 20 minutes in the last rotation, with the arrival of users on the wifi network.

      I am changing the size of the log files to 100MB and the retention to 2 files.

      1 Reply Last reply Reply Quote 0
      • G
        geovaneg
        last edited by Jul 13, 2022, 1:43 PM

        Good morning gentlemen,

        Thanks to you, we are evolving towards a satisfactory configuration.
        I was looking for logs to disable and I noticed that the squid access logs are being written locally to the /var/log/nginx.log file and also to the /var/squid/logs/access.log folder.
        Do you know if there's a way to solve this without affecting the sending to the remote server?
        Note: I have the LightSquid package installed as well.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Jul 13, 2022, 4:34 PM

          Hmm, nothing I'm aware of but I've never tried to solve that before. You mean prevent Squid writing to the nginx log? You certainly need local logging for LightSquid to work.

          G 1 Reply Last reply Jul 14, 2022, 2:23 PM Reply Quote 1
          • G
            geovaneg @stephenw10
            last edited by Jul 14, 2022, 2:23 PM

            @stephenw10

            Good Morning,

            Yes, LightSquid uses log files from the "/var/squid/logs" folder. I reduced the space used by changing the retention of logs in the squid from 30 to 3 files.
            Regarding the same logs that go to "/var/log/nginx.log" it seems that they are sent remotely to syslog, so there's not much to do there.

            1 Reply Last reply Reply Quote 0
            • G
              geovaneg
              last edited by Jul 14, 2022, 2:41 PM

              Sirs,

              Thanks again for the suggestions.
              I believe that we have reached a suitable configuration for our case.

              I'll report the actions in case anyone finds this useful in the future:

              PfSense 2.6.0 - FW/GW/Proxy wifi network approx 1300 daily users.
              Logs are sent remotely for auditing purposes. Lots of filter logs!

              Our final configuration to avoid "sshguard" spam looked like this:

              • We increased log file size to 100MB;
              • To avoid excessive disk consumption, retention has been changed to only two files in "log settings";

              -rw------- 1 root wheel 97239550 Jul 14 11:35 filter.log
              -rw------- 1 root wheel 102682474 Jul 13 16:16 filter.log.0
              -rw------- 1 root wheel 102697059 Jul 13 11:31 filter.log.1

              • To avoid the risk of unnecessary CPU consumption, log compression was disabled (UFS);
              • We disabled the log packets matched from the default block rules in the ruleset to reduce the amount of system logs;
              • We reviewed the other firewall rules and kept the logs strictly necessary;
              • Also to avoid space consumption, squid log retention has been reduced from 30 to 3 files.

              Thanks,

              Geovane

              1 Reply Last reply Reply Quote 1
              • M Mixka referenced this topic on Aug 7, 2022, 9:42 PM
              • M Mixka referenced this topic on Aug 7, 2022, 9:44 PM
              • M Mixka referenced this topic on Aug 7, 2022, 9:44 PM
              • N
                noplan
                last edited by Jan 24, 2023, 9:23 AM

                ok run into same thing ...
                gonna have a look into this

                2.6CE

                brNP

                1 Reply Last reply Reply Quote 0
                • P pst referenced this topic on Apr 14, 2024, 9:24 AM
                • S sammiorelli referenced this topic on Jul 31, 2024, 9:20 PM
                61 out of 67
                • First post
                  61/67
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received