Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SG-1100, outages, no DHCP, 10 days log missing

    Scheduled Pinned Locked Moved General pfSense Questions
    26 Posts 3 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cabledude @SteveITS
      last edited by

      @SteveITS said in SG-1100, outages, no DHCP, 10 days log missing:

      For DNSBL I want to say this is on by default? (could be misremembering)
      "DNS Reply Logging 
      Enable the logging of all DNS Replies that were not blocked via DNSBL. "

      So do you uncheck this one on your clients' devices?

      ...and then yeah the lists can be logged too.

      Well here it gets confusing (to me at least). See my previous post and screen shot. I get three options for Logging/Blocking:

      • Null Block (logging)
      • DNSBL Webserver/VIP
      • Null Block (no logging)
        From which I conclude that the third would result in the smallest log files, but I wonder if it will still block anything. Only the "DNSBL Webserver/VIP" option will sinkhole the bad domains.

      Pete
      Home: SG-2100 + UniFi + Synology. SG-1100 retired
      Parents: SG-1100 + UniFi + Synology
      Testing: SG-1100 w/ 120GB SSD via ext USB (eMMC dead). Works great

      S 1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        I have the logs set to the default 20k lines. I have DNSBL set to the default 'No Global mode' and I see:

        [24.03-RELEASE][admin@fw1.stevew.lan]/root: ls -ls /var/log/pfblockerng
total 5524
   0 -rw-------  1 unbound unbound       0 May 24 00:00 dns_reply.log
2324 -rw-------  1 unbound unbound 2375830 May 24 12:05 dnsbl.log
   4 -rw-r--r--  1 root    wheel      1535 Feb 15  2023 dnsbl_error.log
   4 -rw-------  1 root    wheel      1562 May 24 00:00 dnsbl_parsed_error.log
   4 -rw-------  1 root    wheel      1846 May 24 00:00 error.log
 232 -rw-------  1 root    wheel    234766 May 24 04:01 extras.log
   4 -rw-r--r--  1 root    wheel       121 May 24 04:00 maxmind_ver
 628 -rw-------  1 root    wheel    641033 May 24 00:00 pfblockerng.log
2324 -rw-------  1 unbound unbound 2375830 May 24 12:05 unified.log

        So ~5MB of logs.

        I do only use a few small lists though.

        C 1 Reply Last reply Reply Quote 1
        • C
          Cabledude @stephenw10
          last edited by Cabledude

          @stephenw10 said in SG-1100, outages, no DHCP, 10 days log missing:

          I have the logs set to the default 20k lines. I have DNSBL set to the default 'No Global mode'

          Right.

          the default 'No Global mode' setting basically means logging is set to the individual group setting, which is always "DNSBL Webserver/VIP" by default

          This below is my remote 1100:

          total 2056
   0 -rw-------  1 unbound unbound      0 May 24 13:00 dns_reply.log
   8 -rw-------  1 root    wheel      612 May 24 13:00 dnsbl_parsed_error.log
 128 -rw-------  1 unbound unbound  62255 May 24 13:00 dnsbl.log
  24 -rw-------  1 root    wheel     9607 May 24 13:00 error.log
  16 -rw-------  1 root    wheel     5819 May 24 13:00 extras.log
 192 -rw-------  1 root    wheel    94504 May 24 13:00 ip_block.log
   8 -rw-r--r--  1 root    wheel      121 May 24 10:00 maxmind_ver
1368 -rw-------  1 root    wheel   696798 May 24 13:00 pfblockerng.log
 312 -rw-------  1 unbound unbound 157331 May 24 13:00 unified.log

          And here is my home 2100:

          total 4610
 977 -rw-------  1 unbound unbound 3264595 May 24 13:38 dns_reply.log
   9 -rw-------  1 root    wheel      7986 May 24 13:01 dnsbl_parsed_error.log
 793 -rw-------  1 unbound unbound 2978044 May 24 13:37 dnsbl.log
  17 -rw-------  1 root    wheel     57040 May 24 13:01 error.log
  17 -rw-------  1 root    wheel     39429 May 24 13:01 extras.log
1625 -rw-------  1 root    wheel   3437077 May 24 13:01 ip_block.log
   9 -rw-r--r--  1 root    unbound     121 May 17 21:02 maxmind_ver
 169 -rw-------  1 root    wheel    607620 May 24 13:01 pfblockerng.log
   1 -rw-r--r--  1 unbound unbound       0 Oct  2  2023 py_error.log
 993 -rw-------  1 unbound unbound 3277651 May 24 13:38 unified.log

          I have the 2100 Max version with 128GB SSD. Currently no RAMdisks configured because SSD is far less sensitive to rewrites than eMMC. Would you agree? Or would you still set RAMdisks on an SSD unit?

          Pete
          Home: SG-2100 + UniFi + Synology. SG-1100 retired
          Parents: SG-1100 + UniFi + Synology
          Testing: SG-1100 w/ 120GB SSD via ext USB (eMMC dead). Works great

          C 1 Reply Last reply Reply Quote 0
          • C
            Cabledude @Cabledude
            last edited by Cabledude

            Oh my, by reading these figures I notice the "dns_reply.log" is zero, which just made me discover that this unit (my remote 1100) is still running pfB DNSBL unbound mode and not python mode. Oops. This substantially takes more memory. I just changed it to python mode.

            Here is the output after the change to python mode:

            total 2272
 104 -rw-------  1 unbound unbound  52668 May 24 14:13 dns_reply.log
   8 -rw-------  1 root    wheel      860 May 24 14:00 dnsbl_parsed_error.log
 128 -rw-------  1 unbound unbound  62255 May 24 14:00 dnsbl.log
  24 -rw-------  1 root    wheel     9607 May 24 14:00 error.log
  16 -rw-------  1 root    wheel     5819 May 24 14:00 extras.log
 192 -rw-------  1 root    wheel    94504 May 24 14:00 ip_block.log
   8 -rw-r--r--  1 root    wheel      121 May 24 10:00 maxmind_ver
1376 -rw-------  1 root    wheel   700880 May 24 14:00 pfblockerng.log
   0 -rw-r--r--  1 unbound unbound      0 May 24 13:50 py_error.log
 416 -rw-------  1 unbound unbound 209999 May 24 14:13 unified.log

            Pete
            Home: SG-2100 + UniFi + Synology. SG-1100 retired
            Parents: SG-1100 + UniFi + Synology
            Testing: SG-1100 w/ 120GB SSD via ext USB (eMMC dead). Works great

            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              Yeah, I would not use RAM disks on a system with an SSD. You can can always swap out the SSD in the event it fails.

              1 Reply Last reply Reply Quote 1
              • S
                SteveITS Galactic Empire @Cabledude
                last edited by

                @Cabledude said in SG-1100, outages, no DHCP, 10 days log missing:

                So do you uncheck this one on your clients' devices?

                We rarely use DNSBL at a client. I use it at home and it causes enough issues there because my wife works in search so "needs" the add links on her devices. :)

                My thought is, turn on the logging if we are troubleshooting a problem that needs logging. Otherwise it's a few years of disk writes that no one looks at.

                (At clients we have a few layers of protection... DNS forwarding, advanced a/v, etc.)

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 1
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.