Logging Bug
-
Hey guys, Im running Snapshot 2-19, and I have several rules set to Log activity. It appears the rules that are set to allow the traffic are not correctly logging traffic. The rules that are set to deny and log actually do appear in the log. The check box to log default block rules is turned off and I have other rules set to log the denied activity. I didn't see any bugs listed in the tracker, unless this falls under the dynamic log. Anyone else seeing this sort of bug?
-
Can you look at /tmp/rules.debug and find the rules in question and make sure that "log" appears in it?
-
Yep, it says log. Example of a rule:
pass in log quick on $lan proto tcp from { ...166 ...167 } to any port = 80 flags S/SA keep state queue (qLANdef, qLANacks) label "USER_RULE: Allow LAN->WAN: HTTP"
In theory this rule should be injecting log traffic when any web traffic from my lan goes out the WAN. However it is not. One thing I did notice while investigating this further is that it appears to be only doing this on the LAN interface. I tested this logging on my OPT interface and it did log the rule I specified. Appears to be interface specific.
-
And this rule appears before the default allow rule?
-
I dont have a default allow rule. I use a default deny all, but this allow 80 rule is above it.
-
Okay, do this from a shell:
cp /etc/inc/globals.inc ~/globals.inc
fetch -o /etc/inc/globals.inc http://www.pfsense.com/~sullrich/globals.incNow view the log file. Go to the system log tab, you may see something like: "There was a error parsing rule: "… If so, paste the line.
When done, issue this from a shell
cp ~/globals.inc /etc/inc/
-
Bah, I did what you told me to and it still didnt work. So I thought I would try something. I disabled the logging option, saved and applied the changes, and then went back into the rule and enabled logging and it works now. Go figure. Maybe it didn't save properly at first for some reason. Thank for your help though Scott.