IGMP Proxy logging is clogging my system log
-
Jan 2 23:50:00 igmpproxy: Note: The IGMP message was from myself. Ignoring.
Jan 2 23:50:00 igmpproxy: Note: RECV V2 member report from 88.113.137.223 to 224.0.0.251 (ip_hl 24, data Cool
Jan 2 23:50:00 igmpproxy: Warn: unknown Mode in V3 report (673189920)
Jan 2 23:50:00 igmpproxy: Note: RECV V3 member report from 88.113.137.223 to 224.0.0.22 (ip_hl 24, data 16)
Jan 2 23:50:00 igmpproxy: Note: RECV V2 member report from 172.30.1.205 to 224.0.0.251 (ip_hl 24, data Cool
….etcHow can this noisy application logging be turned off? It's obvious that it works and I don't need any logging for that. This is now messing up all the relevant messages on the log and there for it's also an security and log usability issue. You just don't do any thing with log where 99,99% of the stuff is just from the one working application.
I know that this issue has been up here before, but I must really agree on this. This logging "feature" makes System log unusable! Any relevant idea or workaround to get this fixed?
You could edit /etc/inc/system.inc and edit the function that makes syslog.conf and have it direct those logs to somewhere else (or /dev/null)
In response to the quoted thread above (http://forum.pfsense.org/index.php/topic,44632.0.html)
My problem is the igmp proxy is clogging my system log, making it virtually unusable.
There is a reference in the above thread on how to redirect the igmp proxy log from system to /dev/null or some other location. Can anybody elaborate on how to do this? I looked through system.inc and I'm not seeing any obvious way.
-
The best way to do that depends on a couple factors.
If the source IP of the IGMP traffic is private, and you have block private networks on, you'll need to disable that - that's what is logging it.
Then add a block rule without log checked on your WAN to block the IGMP traffic.
If the source of the IGMP traffic is a public IP, you only need the firewall rule.
-
I think you're referencing Status -> System Logs -> Firewall Tab but the section I'm concerned about is Status -> System Logs -> System tab. Unless I'm misunderstanding what you mean. None of my firewall rules that allow or block IGMP are set to log.
Messages like this are flooding the system tab:
Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from xx.xx.xx.xx to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:46 igmpproxy: Warn: unknown Mode in V3 report (10502176)
Dec 20 19:00:46 igmpproxy: Note: RECV V3 member report from xx.xx.xx.xx to 224.0.0.22 (ip_hl 24, data 16)
Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from 10.0.0.111 to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:42 igmpproxy: Note: Adding MFC: 207.228.xx.xx -> 232.239.0.10, InpVIf: 0
Dec 20 19:00:42 igmpproxy: Note: New origin for route 232.239.0.10 is 207.228.xx.xx, flood -1
Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.1 (ip_hl 24, data 12)
Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:38 igmpproxy: Note: The IGMP message was from myself. Ignoring.