Another logging question (is everything everything?)

anothereric

I noticed that when I do use remote syslog, not everything is going over.  In particular, when someone connects to the PPTP server on my pfSense box the client IP address is not logged.  All that's reported is that so-and-so logged on via PPTP and was assigned IP address such-and-such.  The local log does contain the client IP address (I think it's in "PPTP Raw", or some such).

Here's my question/complaint/request:  It would be nice if, when you check the "Everything" box in the log setup sheet you actually get everything.  I imagine it's possible to do this by rejiggering the syslog.conf file on the pfSense side but, in my case, I run pfSense with just the liveCD and my config file is on a USB stick.  So any changes I make to syslog.conf would be volatile.

Or does it already do this and I'm just missing something?  BTW, these comments apply to 2.0 final.

TIA,
eric

jimp

The PPTP log, as seen in the GUI with the username and IP, is interpreted from the raw log. If you send everything, it would be sending the raw pptp log.

Are you seeing that the raw pptp log isn't coming through to the syslog server?

anothereric

@jimp:

The PPTP log, as seen in the GUI with the username and IP, is interpreted from the raw log. If you send everything, it would be sending the raw pptp log.

Are you seeing that the raw pptp log isn't coming through to the syslog server?

That is correct, I only saw "PPTP Logins" and that's with all the checkboxes checked (even "Everything").  Also, after checking everything and Everything it looked like pfSense's syslog.conf was still keeping a lot of information local only (not everything had an @www.xxx.yyy.zzz associated with it).  I should go through it again because the last time I ran it pretty fast so my timeline might be off.

Thanks,
eric

jimp

I noticed a few things in the code that would have been missing the remote server also with 'everything' checked, looks like there may be a need to overhaul that code a bit.

anothereric

@jimp:

I noticed a few things in the code that would have been missing the remote server also with 'everything' checked, looks like there may be a need to overhaul that code a bit.

Okay, well at least I'm not making stuff up, that's good.  I just ran it again and "PPTP Raw" is not making it over to my remote.  Also noticed that I'm getting a lot of duplicate entries on my remote logfile (I setup my remote side syslog.conf per directions in "The Definitive Guide" though I'm running 2.0 final).

eric

jimp

Duplicates could happen if you checked "everything" and also checked the other boxes also. It really should be everything or individual. Perhaps a little JS trickery could ensure that selection.

jimp

https://github.com/bsdperimeter/pfsense/commit/4659f856f96b4f289d3f5de55d6b7d15f7c5351c

Cleaned things up a bit and added some more options, checking everything really means everything now, and when you check everything it disables and unchecks the other boxes.

anothereric

@jimp:

https://github.com/bsdperimeter/pfsense/commit/4659f856f96b4f289d3f5de55d6b7d15f7c5351c

Cleaned things up a bit and added some more options, checking everything really means everything now, and when you check everything it disables and unchecks the other boxes.

Jeez, that was fast.  Thanks.  One thing though, how do I apply those patches?  I've found the involved files and the github thing looks like some kind of rev control thing but after that I'm lost.

Also, the build date on my pfSesne is 13 Sept 2011 and there seems to be a bunch of patches since then (according to the commit history).  At what point do you guys push out a new update that incorporates those patches?  Dashboard->Sys Info says I have the latest version.

Regards,
eric

stephenw10

You have to use gitsync if you want to update between snapshots/updates.
See: http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

However you should know that you could easily get into all sorts of trouble doing this!  ::)

Steve

jimp

We'll be putting out 2.0.1 here in the next couple weeks, gitsyncing to RELENG_2_0 is safe as we keep an eye on the commits there pretty closely.

It's gitsyncing to master that can get you into trouble :-)

There aren't going to be much in the way of binary changes in 2.0.1, an updated DHCP daemon, a slightly updated pfSense module binary, a new mpd binary… most things will be the same, but there are some important bits that have been fixed.

anothereric

@stephenw10:

You have to use gitsync if you want to update between snapshots/updates.
See: http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

However you should know that you could easily get into all sorts of trouble doing this!  ::)

Steve

Then I won't do that.  I  can wait the couple of weeks so no biggie.  Maybe I'll try fooling with gitsync on my mule just for the cheap thrill.

stephenw10

@anothereric:

Maybe I'll try fooling with gitsync on my mule just for the cheap thrill.

If you have a test box setup then go for it. Once you're happy with the procedure then you can make a decision on your main box.

Steve