No PFSense Web Logging
-
Can someone help - PFSense logging. I simply cannot to get web logging working, specifically logging of firewall rules. It consistent says “no logs to display” everywhere including the Firewall log.
I have two firewall rules I want to log, they are both set to so do. I have checked log settings general etc. I previously seen entries in the configured syslog server esp IPSEC but never in the pfsense web interface.
Memory use is 25% of 1854 MiB
Any help appreciated
I am currently running the 2.6 release but this has been an issue forever!
Thanks -
@nalasirrom can we see your rules? Your saying pfsense is not logging anything? No default denys being logged? Those are logged out of the box, did you disable that logging?
Or are you saying just your specific rules are not logging? I have all the default logging disabled, bogon, rfc1918 rule, etc. But all of my rules that log, are logging.
If you turned those default logs off, and your rule is not be evaluated because some other rule is allowing or blocking the traffic then no your rule wouldn't log.
if you set a rule to log, but the traffic is being allowed by a state previously created before logging was enabled then no the traffic wouldn't be logged. You would have to kill any existing states, or wait for them to time out so that rule is evaluated and creates the new state with the log flag set on the rule.
-
Do you see any filter.log files in /var/log ?
-
In response to previous. The scenario I am working on involves routed vlans so to make things clearer I did the following: I have an inbound nat/rule to permit in inbound SMTP connection. I temporarily changed to drop rather than pass and switched on logging for it, Result no web log entries, but present in the syslog daemon running on a separate server.
So same issue as previously stated.
Mostly empty fils in /var/log save system setup, mesg,, utx.log.
Thanks your help.
-
I would try resetting the logs if you haven't already. There is a button to do so in Status > System Logs > Settings
-
Have tried that. The weird thing is that the rule log data are generating and log entries that are making it to the syslog server but not to the web interface.
Is it possible that there is a 'rule' is stopping the latter kind of deny all to self (127.0.01) ?Which file in va/log would contain firewall log data
-
Hmm, nope, everything should always be logged locally.
-
OK, my error, two things 1. had at some point i had turned off saving log to disk and then later whilst doing some other testing turned it on again to no effect neglecting the fact that there were probably open sessions that wouldn't have been logged. With greater patience i now have logs.
It does seem odd nomenclature, wouldn't it be better to say "disable local logging"
Thanks to all for help.
-
Hmm, I don't think I've ever seen anyone set that! Good to know it's there....
