Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging default rules

    Scheduled Pinned Locked Moved Firewalling
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      twc
      last edited by

      I have pfsense 1.2.2 and a separate syslog server. I am using the Squid plugin. I have set every user-generated rule to be logged (which is working fine).

      None of the things Squid fetches are showing up in my logs. I think the problem is that /etc/inc/filter.inc creates a bunch of default rules (usually labelled "let out anything from firewall rule itself") which are not logged. Is there a clean way to log these rules?

      I guess I could edit /etc/inc/filter.inc itself, but that will break as soon as I upgrade (which will be really soon now, because I am a release behind). I am also reluctant to mess too much with filter.inc in fear of breaking something. Is there a better way to make logging happen?

      I am also a little worried about unleashing a logging avalanche because a firewall rule triggers and localhost sends a message to my syslog server. Since that is also a packet it will also be logged, but that will in turn send more output to the syslog server. What is the best way to avoid this sort of thing? Should I make an unlogged user rule allowing access to my syslog server?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.