Log files
-
I know there's a few log parsers out there, but I really like the way pfense does it. I believe one of the more popular ones is kiwi but after mucking around with it I didn't like the way the information was presented.
Does pfsense retain all logs and only "show" up to a point on the logs tab? I have number of logs to show set for 300 only because I'm hoping to at least keep 300 worth but I suspect it retains more. Is there a hard limit to how much it'll keep, is there a way for me to increase it? While not super large, I do have a 30gb drive in there that's used for nothing else.
If this is an ignorant way of log diving is there anyone using something that they can export settings for us humble laymen?
-
pfSense uses a binary circular log (clog) format, and they only keep up to a certain number of bytes. The log files never grow or shrink, when they "fill up" they simply roll over and start back at the beginning and the log parser (clog) keeps a pointer to know where the first entry really is.
They aren't meant to be long-term storage.
There may eventually be an option in the GUI to use a more traditional log file, but we have always recommended offloading the logs to a "real" syslog server to keep them indefinitely.
If you're interested in the firewall log view, you could always run any logs you want through pfSense's filterparsrer.php command-line script to have it simplify the output.
-
Would I just need to take that one php file, stick it behind an apache service and modify the php code to pull from the log file I specify? From what little I gather from the php file, it has a few dependencies :-(
$filter_logfile = "{$g['varlog_path']}/filter.log";
^ I should just change this or simply have syslog name my log file?