Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Another logging question (is everything everything?)

    Scheduled Pinned Locked Moved General pfSense Questions
    12 Posts 3 Posters 3.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      anothereric
      last edited by

      I noticed that when I do use remote syslog, not everything is going over.  In particular, when someone connects to the PPTP server on my pfSense box the client IP address is not logged.  All that's reported is that so-and-so logged on via PPTP and was assigned IP address such-and-such.  The local log does contain the client IP address (I think it's in "PPTP Raw", or some such).

      Here's my question/complaint/request:  It would be nice if, when you check the "Everything" box in the log setup sheet you actually get everything.  I imagine it's possible to do this by rejiggering the syslog.conf file on the pfSense side but, in my case, I run pfSense with just the liveCD and my config file is on a USB stick.  So any changes I make to syslog.conf would be volatile.

      Or does it already do this and I'm just missing something?  BTW, these comments apply to 2.0 final.

      TIA,
      eric

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        The PPTP log, as seen in the GUI with the username and IP, is interpreted from the raw log. If you send everything, it would be sending the raw pptp log.

        Are you seeing that the raw pptp log isn't coming through to the syslog server?

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • A
          anothereric
          last edited by

          @jimp:

          The PPTP log, as seen in the GUI with the username and IP, is interpreted from the raw log. If you send everything, it would be sending the raw pptp log.

          Are you seeing that the raw pptp log isn't coming through to the syslog server?

          That is correct, I only saw "PPTP Logins" and that's with all the checkboxes checked (even "Everything").  Also, after checking everything and Everything it looked like pfSense's syslog.conf was still keeping a lot of information local only (not everything had an @www.xxx.yyy.zzz associated with it).  I should go through it again because the last time I ran it pretty fast so my timeline might be off.

          Thanks,
          eric

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            I noticed a few things in the code that would have been missing the remote server also with 'everything' checked, looks like there may be a need to overhaul that code a bit.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • A
              anothereric
              last edited by

              @jimp:

              I noticed a few things in the code that would have been missing the remote server also with 'everything' checked, looks like there may be a need to overhaul that code a bit.

              Okay, well at least I'm not making stuff up, that's good.  I just ran it again and "PPTP Raw" is not making it over to my remote.  Also noticed that I'm getting a lot of duplicate entries on my remote logfile (I setup my remote side syslog.conf per directions in "The Definitive Guide" though I'm running 2.0 final).

              eric

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Duplicates could happen if you checked "everything" and also checked the other boxes also. It really should be everything or individual. Perhaps a little JS trickery could ensure that selection.

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • jimpJ
                  jimp Rebel Alliance Developer Netgate
                  last edited by

                  https://github.com/bsdperimeter/pfsense/commit/4659f856f96b4f289d3f5de55d6b7d15f7c5351c

                  Cleaned things up a bit and added some more options, checking everything really means everything now, and when you check everything it disables and unchecks the other boxes.

                  Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                  Need help fast? Netgate Global Support!

                  Do not Chat/PM for help!

                  1 Reply Last reply Reply Quote 0
                  • A
                    anothereric
                    last edited by

                    @jimp:

                    https://github.com/bsdperimeter/pfsense/commit/4659f856f96b4f289d3f5de55d6b7d15f7c5351c

                    Cleaned things up a bit and added some more options, checking everything really means everything now, and when you check everything it disables and unchecks the other boxes.

                    Jeez, that was fast.  Thanks.  One thing though, how do I apply those patches?  I've found the involved files and the github thing looks like some kind of rev control thing but after that I'm lost.

                    Also, the build date on my pfSesne is 13 Sept 2011 and there seems to be a bunch of patches since then (according to the commit history).  At what point do you guys push out a new update that incorporates those patches?  Dashboard->Sys Info says I have the latest version.

                    Regards,
                    eric

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      You have to use gitsync if you want to update between snapshots/updates.
                      See: http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

                      However you should know that you could easily get into all sorts of trouble doing this!  ::)

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        We'll be putting out 2.0.1 here in the next couple weeks, gitsyncing to RELENG_2_0 is safe as we keep an eye on the commits there pretty closely.

                        It's gitsyncing to master that can get you into trouble :-)

                        There aren't going to be much in the way of binary changes in 2.0.1, an updated DHCP daemon, a slightly updated pfSense module binary, a new mpd binary… most things will be the same, but there are some important bits that have been fixed.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • A
                          anothereric
                          last edited by

                          @stephenw10:

                          You have to use gitsync if you want to update between snapshots/updates.
                          See: http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

                          However you should know that you could easily get into all sorts of trouble doing this!  ::)

                          Steve

                          Then I won't do that.  I  can wait the couple of weeks so no biggie.  Maybe I'll try fooling with gitsync on my mule just for the cheap thrill.

                          1 Reply Last reply Reply Quote 0
                          • stephenw10S
                            stephenw10 Netgate Administrator
                            last edited by

                            @anothereric:

                            Maybe I'll try fooling with gitsync on my mule just for the cheap thrill.

                            If you have a test box setup then go for it. Once you're happy with the procedure then you can make a decision on your main box.

                            Steve

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.