Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Unexpected crash, no logs?

    General pfSense Questions
    2
    2
    1639
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gbelanger last edited by

      I'm using a pf firewall at one of my customer's main office. They use it for VPN, Proxying and Internet routing/nating. It's been running almost flawlessly for the past six months (considering the squid problems that we known, its been running great). For some reason, the firewall stopped working last week-end (no possible remote access, Internet not working in or out).

      My customer arrived on monday morning and found the network not running, so they rebooted it which fixed the problem.

      I then connected to the box and tried to figure out what the problem was, except the log now dated back … monday morning.

      I know there is a syslog aggregation functionality, and I'm aware that log files use drive space so it might be good to keep them short by default. However, having log file rotation is basically what allows one to know what exactly happenned before a crash. Same thing goes for the filter log which, to the best of my knowledge, keeps a very limited amount of material.

      The fact that the log file size is static (again, if I'm wrong there please correct me) means that a potential intruder could easily flood the logs with spoofed data to cover up traces. It also means one only needs to reboot the system in order to cover its traces.

      I could really see a 'log rotation' area in the Status>Logs>Settings section where one could configure the frequency of rotation as well as the maximum individual log size (i.e. daily and 5M).

      Does anybody think this could be a useful option? Or am I not doing things right? Please let me know your ideas ...

      -Guillaume

      1 Reply Last reply Reply Quote 0
      • H
        hoba last edited by

        Keeping logs at embedded systems at least is not possible as we don't write them to disk due to limited writecycles of cf-media. If you really want to have historical data use a remote syslog server. At least in non home environments (and even in those sometimes) there should be a machine around that can capture the systemlogs as this is not a heavy task. I even have a server running at home that has some tasks setup to produce today, yesterday, current week, last week rotating logs.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post