Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    System Logs - VPN not logging

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    20 Posts 2 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      josey
      last edited by

      version

      2.0-BETA4  (i386)
      built on Sun Oct 3 23:44:55 EDT 2010
      FreeBSD 8.1-RELEASE-p1

      it does not log PPTP VPN connections under system logs.

      can it be fixed?
      do you need any additional data?

      thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I thought PPTP logs were under the PPP tab, you just need to press the PPTP button there. I may be wrong though, there's an open ticket for the logging.

        http://redmine.pfsense.org/issues/912

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • J
          josey
          last edited by

          yes, that is open ticket.
          And yes, i know it is under VPN tab, PPTP. But it does not log.

          Thanks

          1 Reply Last reply Reply Quote 0
          • J
            josey
            last edited by

            hm, i found new issue related to sysetm logs
            firewall logs, is clean up daily.
            for example
            I had 20 records in firewall log yesterday, and this morning only one, from today (in 05:xx in morning), no records from yesterday.
            Im up to this issue for couple of days, and every morning same thing.

            can you check this too please?

            thanks

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              The only way that would happen is if the filter log was filling up with data that could not be parsed, or was discarded by the parser.

              Go to Diagnostics > Command and type "clog /var/log/filter.log" and post some of what shows up there.

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • J
                josey
                last edited by

                thnks jimp

                here is part of log file (full file was to big)

                i have only 2 firewall rules turned on for logging on wan interface, and rule for default rules logging is disabled.

                [filter 1.txt](/public/imported_attachments/1/filter 1.txt)

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  Looks like it's almost all IGMP messages logged there. There's probably something about those entries that is making them be discarded by the parser.

                  Were you intending to log those IGMP packets?

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • J
                    josey
                    last edited by

                    im logging only 2 tcp ports…

                    1 Reply Last reply Reply Quote 0
                    • jimpJ
                      jimp Rebel Alliance Developer Netgate
                      last edited by

                      And yet the IGMP traffic is filling up the logs, so something must be causing that to get logged somewhere. It might help to see the contents of /tmp/rules.debug

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • J
                        josey
                        last edited by

                        ok, thanks
                        here is file

                        rules.txt

                        1 Reply Last reply Reply Quote 0
                        • jimpJ
                          jimp Rebel Alliance Developer Netgate
                          last edited by

                          Looking at the logs, you are getting the blocked igmp traffic in on re2 and re3. re2 is VANI and re3 is TELEFONIJA. Something about the traffic is causing it to be blocked but I don't see anything in rules.debug that is making that obvious to see.

                          So if you could please get another chunk of the filter.log, and also the output of "pfctl -vvsr" then it should be a bit clearer what rule is causing the logging.

                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                          Need help fast? Netgate Global Support!

                          Do not Chat/PM for help!

                          1 Reply Last reply Reply Quote 0
                          • J
                            josey
                            last edited by

                            ok, i have rule that blocks some subnets from re3 to re1, but rule is to block any from xy network/24 source to re1 network/24 dest.

                            But i dont see why is that logging because i have turn off default logging, im logging only two rules on wan.
                            So you doubt that there is something causing problem with logging on pptp and deleting logs from firewall rules?

                            here are files, pfctl, and filter logs in 3 parts … this time i didnt want to cut anything from log to make it smaller.

                            pfctl.txt
                            [filter log part1.txt](/public/imported_attachments/1/filter log part1.txt)

                            1 Reply Last reply Reply Quote 0
                            • J
                              josey
                              last edited by

                              part 2 and 3

                              thank you

                              [filter log part2.txt](/public/imported_attachments/1/filter log part2.txt)
                              [filter log part3.txt](/public/imported_attachments/1/filter log part3.txt)

                              1 Reply Last reply Reply Quote 0
                              • jimpJ
                                jimp Rebel Alliance Developer Netgate
                                last edited by

                                Well in the log it's showing that the logged IGMP traffic is passed, and it's being logged as a pass. The odd part is that it shows that rules 72 and 77 are causing the log entry, but they are:

                                @72 pass in quick on re3 all flags S/SA keep state label "USER_RULE"
                                @77 pass in quick on re2 all flags S/SA keep state label "USER_RULE"

                                As you can see, no logging on the rules.

                                Do you have UPnP enabled? If so, does anything show up under Status > UPnP as having anything open to do with IGMP?

                                It's always the same two devices sending the traffic, too, 192.168.1.254 on re3 and 192.168.254.3 on re2.

                                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                Need help fast? Netgate Global Support!

                                Do not Chat/PM for help!

                                1 Reply Last reply Reply Quote 0
                                • J
                                  josey
                                  last edited by

                                  Thanks Jimp,
                                  i think im following you, but still i dont undestand how is this related to not logging PPTP VPN traffic? (its logging, but there are no rules to log  ???)
                                  under
                                  STATUS->SYSTEM LOGS->VPN (tab) -> (click) PPTP, there is nothing…
                                  and on two rules on wan interface that i enable log, it deletes log every day.

                                  also
                                  UPNP is not enabled
                                  192.168.254.3 is one of my hp procurve switches... but i have 7 of them.... and what does it mean, this one is broken?
                                  it is just ip addres of device, switch is in stupid mode it just passes all traffic.
                                  192.168.1.254, i dont know what is it i cant find it :( will take a look.

                                  but again i can get this logging thing with this switch thing? it worked on pfs 1.2.3.

                                  thanks

                                  1 Reply Last reply Reply Quote 0
                                  • jimpJ
                                    jimp Rebel Alliance Developer Netgate
                                    last edited by

                                    The problem is that the log is full of IGMP messages that are being discarded by the parser, so the log messages you want to see are being crowded out by the other log entries.

                                    Say you have your GUI log limit set for 50 lines. The system will usually fetch somewhere around 100 lines in case some are skipped or could not be parsed. If 98 out of 100 of those lines are skipped, you will only see two log entries on the page.

                                    Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                    Need help fast? Netgate Global Support!

                                    Do not Chat/PM for help!

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      josey
                                      last edited by

                                      Is it same thing happening with firewall log and pptp vpn? i mean, is it happening for same reason? (logging igmp traffic)

                                      Is there way to prevent loging so much igmp traffic? can i filter it on pfs machine?

                                      Also, i set number of log entries to show to 100, and i set to show enties in reverse order.
                                      But, logs for pptp vpn are not logging at all… i connect from outside with vpn and im at same time logged on gui of pfs, and nothing, nothing is listed (showed) under pptp vpn logs, and it should list my user name with time when i connect, same thing when i disconnect.

                                      So it is not problem that something is logged, and tomorrow morning is deleted, the problem is that nothing is logged (regardes to pptp vpn).
                                      If this means anything to you, user authentication is done via an external RADIUS server. But same thing when local database is used for auth.

                                      Second problem is with firewall, it is logging, it lists entries, but every morning deletes entries from filter log, but at same time?

                                      At least the first problem seems like bug, dont you think?

                                      thanks jimp for help and your time

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        josey
                                        last edited by

                                        to be honest, i didnt touch any of my configuration and i noticed that logs now stays in log for more than one day.
                                        i dont like things to be fixed this way, but, ok it works now.

                                        But back to the main problem, and reason i open this thread,
                                        PPTP logs, is someone up on this problem?
                                        I didnt try to update to newer version, since everything else works perfect.
                                        Is it fixed in newer version, should i give a try?

                                        thanks

                                        1 Reply Last reply Reply Quote 0
                                        • jimpJ
                                          jimp Rebel Alliance Developer Netgate
                                          last edited by

                                          I completely rewrote the PPTP/L2TP/PPPoE Server logs. They work fine now.

                                          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                                          Need help fast? Netgate Global Support!

                                          Do not Chat/PM for help!

                                          1 Reply Last reply Reply Quote 0
                                          • J
                                            josey
                                            last edited by

                                            @jimp:

                                            I completely rewrote the PPTP/L2TP/PPPoE Server logs. They work fine now.

                                            just to leave feedback, and to thank you for great job!

                                            everything works perfect, thank you one more time
                                            regards

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.