Firewall Rules logging issues…



  • Hi all,

    I am a new user to pfsense, but I have done security work for quite some time now.

    I am having issues with the logging of my rules to show up corrrectly in the web interface.  It seems like when the web interface collects the first 50 log items then it stops displaying any new items.  If I reboot the box, it lists the latest 50 items.  If I restart the web configurator, then it is the same, there are no new log items.

    If I open a shell, I can tail the /var/log/filter.log and get the latest items, so I know that my rules are logging correctly.  I cannot do a tail -f on the file however, it does not increment at all.  The last line of the file is some funky characters: CLOG}|Ð

    This is not happening with the other logs.  For instance my system log and my dhcpd log work just fine through the web interface.

    I am running pfsense 1.0.1 on a PIII with 384MB of Ram.

    Any ideas?  Thanks!



  • My logs seem to be absolutely fine. Try upgrading to the latest snapshot. If that doesn't help try reinstalling from latest snapshot.



  • Under the log settings set it to reverse order thats the way I have mine set up.

    Status -> System logs -> Settings ->Show log entries in reverse order (newest entries on top)



  • @versa:

    Under the log settings set it to reverse order thats the way I have mine set up.

    Status -> System logs -> Settings ->Show log entries in reverse order (newest entries on top)

    That worked… Strange...  It is now updating with the newest entries...  Thanks!



  • @hoba:

    My logs seem to be absolutely fine. Try upgrading to the latest snapshot. If that doesn't help try reinstalling from latest snapshot.

    I don't suppose that the latest snapshot has the new AJAX based log reader that I read about in another thread??



  • No, that's HEAD magic.



  • @hoba:

    No, that's HEAD magic.

    ???

    Are you talking about head vs. tail?



  • No, -HEAD is the "HEAD" of the CVS branch where development takes place.  It's basically slated to become 2.0.



  • @sullrich:

    No, -HEAD is the "HEAD" of the CVS branch where development takes place.  It's basically slated to become 2.0.

    Ahhh thanks!..

    I had just read in another thread that you could install it as part of the latest Beta.  But, I could not get the link in your message to come up.

    http://forum.pfsense.org/index.php/topic,426.msg3362.html#msg3362



  • I've just fixed the file, and added a link to the dynamic view on the filter logging page.

    In about an hour, grab the latest snapshot and you will see the new option.


Log in to reply