Only a couple of hours of DNS reply stats
-
I'm running PFBlockerNG 3.1.0_7 on 22.05 Pfsense.
My DNS reply stats only contains a couple of hours of data.
It doesn't seem to have anything to do with a restart of the unbound service, just tried to both manually restart it, and to run an update with pfblockerNG. The amount of data hours remains the same. Today it is from 4am this morning, but sometimes it starts at different hours.
I have tried to increase the maximum log size in Status > System logs > Settings > Log Rotation Size, but it does not make any difference.
Anyone have an idea what could be the problem?
-
@jesper-1 Have you noticed that there are individual log size limits for pfblocker specifically on the front page/general page of it’s settings. Defaults are 20.000 lines of log.
That’s probably your limiting factor
-
They are here :
/var/unbound/var/log/pfblockerng/The biggest two were created today, on December 2, 2022, around 02h00 AM. Both hover around 100 000 lines already.
Dono what pfblockerng does with them, except for stats parsing, but it is not 'rotating'. So they gets ditched when the time is up, or size to big, I guess.
PHP, and even python, using text files that are that big, that's a performance killer.But, hey, we wanted "pfblockerng" and all the nifty graphs, stats and details.
Now you know why your SSD is 'toast' after only one year or so -
@keyser Thanks for your reply. That sounds very interesting. I've now increased it to 100k. Will wait a couple of days and see if it helps.
-
@gertjan okey, that log was just over 20k lines after I increased it to 100k according to keysers suggestion. So it sounds like this is going to help.
The log I increased to 100k was the dns_reply.log it seems that it is containing only the dns replys, whereas the unified.log contains a lot of other information as well.
Interesting comment on that they will degrade the SSDs. Might be a good idea for me to go for enterprise grade SSD:s when they start to degrade too much then. They should have significantly better lifespan for the amount of writes they can take.