GUI services in the system log are filled with nginx messages
-
@willemb said in GUI services in the system log are filled with nginx messages:
Thanks fireodo.
Glad you made it!
-
@fireodo That worked perfectly! Thanks!
-
@fireodo So this is the line I see
access_log syslog:server=unix:/var/run/log,facility=local5 combined;
I should change it to
access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;
-
@troysjanda said in GUI services in the system log are filled with nginx messages:
should change it to
access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;Looks OK
-
-
-
-
-
-
-
I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:
In all my other logs, I've got two of them where they've turned over twice (each).
-
@areckethennu said in GUI services in the system log are filled with nginx messages:
Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:
5 times? newsyslog is always listed twice in a row, looking at the times, not sure why and haven't looked into it.
Do you leave your dashboard page visible? The web server logs all HTTP requests so the dashboard will generate a lot as it updates widgets.
Looking at a few routers we manage the log file turnover seems to range between a few days to a week, to several months, so I would think it just depends on how busy the router's web GUI is. As I mentioned above this log existed in prior versions as well. I suppose it's possible the dashboard or GUI makes more web requests in this version but that seems unlikely to be a significant difference to me, especially if the web GUI isn't being used a lot.
-
@steveits I was actually using the WebGUI yesterday and the day ended with that log turning over 10 times for that day, alone. And, yes, I don't usually use the WebGUI all that much, but there seems to be an awful lot more entries than I remember.
Anyway, I opened a bug report on it:
https://redmine.pfsense.org/issues/12833
But, they explained that it was necessary for security logging and closed it. I understand that perfectly. It's just a bit bothersome.
-
Other solutions :
Instead of looking at the dashboard page, look somewhere else, like the logs files page.
The dashboard page takes a lot of resource to create.Also : consider sending the logs to a remote syslog server, create one on your LAN.
Another solution :
Instead of disabling the logging, read what is proposed here :
Enabling Conditional Logging
The example shows how to excludes requests with HTTP status codes 2xx (Success) and 3xx (Redirection).
So the ordinary page requests will not get logged, but errors etc will. -
@gertjan how to deploy this in pfsense
map $status $loggable { ~^[23] 0; default 1; } access_log /path/to/access.log combined if=$loggable;
-
@areckethennu said in GUI services in the system log are filled with nginx messages:
I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:
In all my other logs, I've got two of them where they've turned over twice (each).
That answer to keeping these out of syslog is to go to System Logs > Setting, and then uncheck "Everything" at the bottom in the section called "Remote Syslog Contents". You can check everything else, but having Everything checked drops all the GUI to syslog.
Seems there should be a checkbox for GUI service.