GUI services in the system log are filled with nginx messages

fireodo · Feb 19, 2022, 10:36 AM

@willemb said in GUI services in the system log are filled with nginx messages:

Thanks fireodo.

Glad you made it!

moelassus · Feb 19, 2022, 5:52 PM

@fireodo That worked perfectly! Thanks!

troysjanda · Feb 19, 2022, 6:06 PM

@fireodo So this is the line I see

access_log syslog:server=unix:/var/run/log,facility=local5 combined;

I should change it to

access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;

fireodo · Feb 19, 2022, 6:12 PM

@troysjanda said in GUI services in the system log are filled with nginx messages:

should change it to
access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;

Looks OK

areckethennu · Feb 22, 2022, 2:16 AM

I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

In all my other logs, I've got two of them where they've turned over twice (each).

SteveITS · Feb 22, 2022, 4:37 PM

@areckethennu said in GUI services in the system log are filled with nginx messages:

Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

5 times? newsyslog is always listed twice in a row, looking at the times, not sure why and haven't looked into it.

Do you leave your dashboard page visible? The web server logs all HTTP requests so the dashboard will generate a lot as it updates widgets.

Looking at a few routers we manage the log file turnover seems to range between a few days to a week, to several months, so I would think it just depends on how busy the router's web GUI is. As I mentioned above this log existed in prior versions as well. I suppose it's possible the dashboard or GUI makes more web requests in this version but that seems unlikely to be a significant difference to me, especially if the web GUI isn't being used a lot.

areckethennu · Mar 3, 2022, 8:58 AM

@steveits I was actually using the WebGUI yesterday and the day ended with that log turning over 10 times for that day, alone. And, yes, I don't usually use the WebGUI all that much, but there seems to be an awful lot more entries than I remember.

Anyway, I opened a bug report on it:

https://redmine.pfsense.org/issues/12833

But, they explained that it was necessary for security logging and closed it. I understand that perfectly. It's just a bit bothersome.

Gertjan · Mar 3, 2022, 8:58 AM

Other solutions :

Instead of looking at the dashboard page, look somewhere else, like the logs files page.
The dashboard page takes a lot of resource to create.

Also : consider sending the logs to a remote syslog server, create one on your LAN.

Another solution :
Instead of disabling the logging, read what is proposed here :
Enabling Conditional Logging
The example shows how to excludes requests with HTTP status codes 2xx (Success) and 3xx (Redirection).
So the ordinary page requests will not get logged, but errors etc will.

troysjanda · Mar 3, 2022, 9:51 PM

@gertjan how to deploy this in pfsense

map $status $loggable {
    ~^[23]  0;
    default 1;
}

access_log /path/to/access.log combined if=$loggable;

madfuzker · Jan 31, 2023, 4:02 AM

@areckethennu said in GUI services in the system log are filled with nginx messages:

I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

In all my other logs, I've got two of them where they've turned over twice (each).

That answer to keeping these out of syslog is to go to System Logs > Setting, and then uncheck "Everything" at the bottom in the section called "Remote Syslog Contents". You can check everything else, but having Everything checked drops all the GUI to syslog.

Seems there should be a checkbox for GUI service.

GPz1100 · May 13, 2024, 2:17 PM

@troysjanda Did you ever figure out how to implement this? I don't need every page load logged, but logging errors would be useful.

VioletDragon · May 13, 2024, 6:05 PM

@GPz1100 this is an old thread. Consider creating a new post.

Regards.

madfuzker · May 14, 2024, 6:44 AM

I just disabled it and it made the problem go away. I unfortunately can't provide much other info as I moved to OPNsense right after Netgate kindly revoked my "Lifetime" license they granted me 10 months earlier as a home user.... OPN is better supported IMO, open source, and not driven by greed. :)

GPz1100 · May 15, 2024, 5:45 AM

@madfuzker Understood. I disabled it too as it seems the log content isn't very useful unless there's a problem.

As for the license changes; well, that's a topic for another thread :). I passed on opn for other reasons.

@VioletDragon So what if it's an old thread. The concern was never adequately addressed. A welcomed solution would be to have a loglevel option in the gui. Want everything, no problem, want errors only, we can do that too.

GPz1100 · Dec 8, 2024, 7:56 AM

@fireodo , @SteveITS

I assume this does not survive updates and has to be edited each time?

Or has gui log level been added to a gui setting to be managed (set different log level or disable entire)?

fireodo · Dec 12, 2024, 8:28 AM

@GPz1100 said in GUI services in the system log are filled with nginx messages:

@fireodo , @SteveITS

I assume this does not survive updates and has to be edited each time?

That is correct!

Or has gui log level been added to a gui setting to be managed (set different log level or disable entire)?

No, not in 2.7.2 and not in 24.11