GUI services in the system log are filled with nginx messages

moelassus

@willemb I'm seeing the same thing. I would love to know how to dial back the nginx logging. I have pfSense configured to rotate up to 10 log files and I'm estimating all 10 nginx logs are rotating several times per day.

SteveITS

@moelassus I think it's only while logged in? The dashboard for instance will make a lot of update calls.

Edit: it doesn't seem to be different than 21.05.x.

troysjanda

I have the same issue on 22.01 and the log is the largest by far than any other log.

moelassus

@steveits Are you aware of a way to dial back the logging? I don't need to see anything but error logging from the WebUI.

areckethennu

@willemb Same thing here. Fresh install of pfSense 22.01.

willemb

I wish I knew, I hope some pfsense guru can tell me.

fireodo

@willemb said in GUI services in the system log are filled with nginx messages:

I wish I knew, I hope some pfsense guru can tell me.

Hi,

I am no pfsense Guru :-) but you can disable the logging by modificating this file: /etc/inc/system.inc.
But be careful and make a backup before. Beside that you have to make this modification each time pfsense gets updated.
With this file open in editor you search for "access_log"
You will find this: "access_log syslog:server=unix:/var/run/log,facility=local5 combined;"
Replace it with this: "access_log off;
#syslog:server=unix:/var/run/log,facility=local5 combined;"
After that do a "Restart webConfigurator" and you should be done.

Nice weekend,
fireodo

willemb

@fireodo
I tried, but after the adjustment the login screen through the browser wouldn't start at all. So put it back.
Thanks but this isn't working for me.

fireodo

@willemb said in GUI services in the system log are filled with nginx messages:

Thanks but this isn't working for me.

OK. Works here on 3 machines very well ...(two with 2.6.0 and one with 22.01) maybe you made a mistake in the modifications ...

willemb

@fireodo Did it again, now with no typo and nginx log notifications are disabled.
Thanks fireodo.

fireodo

@willemb said in GUI services in the system log are filled with nginx messages:

Thanks fireodo.

Glad you made it!

moelassus

@fireodo That worked perfectly! Thanks!

troysjanda

@fireodo So this is the line I see

access_log syslog:server=unix:/var/run/log,facility=local5 combined;

I should change it to

access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;

fireodo

@troysjanda said in GUI services in the system log are filled with nginx messages:

should change it to
access_log off; #syslog:server=unix:/var/run/log,facility=local5 combined;

Looks OK

areckethennu

I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

In all my other logs, I've got two of them where they've turned over twice (each).

SteveITS

@areckethennu said in GUI services in the system log are filled with nginx messages:

Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

5 times? newsyslog is always listed twice in a row, looking at the times, not sure why and haven't looked into it.

Do you leave your dashboard page visible? The web server logs all HTTP requests so the dashboard will generate a lot as it updates widgets.

Looking at a few routers we manage the log file turnover seems to range between a few days to a week, to several months, so I would think it just depends on how busy the router's web GUI is. As I mentioned above this log existed in prior versions as well. I suppose it's possible the dashboard or GUI makes more web requests in this version but that seems unlikely to be a significant difference to me, especially if the web GUI isn't being used a lot.

areckethennu

@steveits I was actually using the WebGUI yesterday and the day ended with that log turning over 10 times for that day, alone. And, yes, I don't usually use the WebGUI all that much, but there seems to be an awful lot more entries than I remember.

Anyway, I opened a bug report on it:

https://redmine.pfsense.org/issues/12833

But, they explained that it was necessary for security logging and closed it. I understand that perfectly. It's just a bit bothersome.

Gertjan

Other solutions :

Instead of looking at the dashboard page, look somewhere else, like the logs files page.
The dashboard page takes a lot of resource to create.

Also : consider sending the logs to a remote syslog server, create one on your LAN.

Another solution :
Instead of disabling the logging, read what is proposed here :
Enabling Conditional Logging
The example shows how to excludes requests with HTTP status codes 2xx (Success) and 3xx (Redirection).
So the ordinary page requests will not get logged, but errors etc will.

troysjanda

@gertjan how to deploy this in pfsense

map $status $loggable {
    ~^[23]  0;
    default 1;
}

access_log /path/to/access.log combined if=$loggable;

madfuzker

@areckethennu said in GUI services in the system log are filled with nginx messages:

I've kept this log activated. I just filtered it on "newsyslog" for the process. Over the last 2 days, my default (500k) sized logs have "turned over" 10 times:

In all my other logs, I've got two of them where they've turned over twice (each).

That answer to keeping these out of syslog is to go to System Logs > Setting, and then uncheck "Everything" at the bottom in the section called "Remote Syslog Contents". You can check everything else, but having Everything checked drops all the GUI to syslog.

Seems there should be a checkbox for GUI service.