Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging Bug

    General pfSense Questions
    2
    7
    3.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yoda715
      last edited by

      Hey guys, Im running Snapshot 2-19, and I have several rules set to Log activity. It appears the rules that are set to allow the traffic are not correctly logging traffic. The rules that are set to deny and log actually do appear in the log. The check box to log default block rules is turned off and I have other rules set to log the denied activity. I didn't see any bugs listed in the tracker, unless this falls under the dynamic log. Anyone else seeing this sort of bug?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        Can you look at /tmp/rules.debug and find the rules in question and make sure that "log" appears in it?

        1 Reply Last reply Reply Quote 0
        • Y
          yoda715
          last edited by

          Yep, it says log. Example of a rule:

          pass in log quick on $lan proto tcp from {  ...166 ...167 }  to any port = 80 flags S/SA keep state  queue (qLANdef, qLANacks)  label "USER_RULE: Allow LAN->WAN: HTTP"

          In theory this rule should be injecting log traffic when any web traffic from my lan goes out the WAN. However it is not. One thing I did notice while investigating this further is that it appears to be only doing this on the LAN interface. I tested this logging on my OPT interface and it did log the rule I specified. Appears to be interface specific.

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by

            And this rule appears before the default allow rule?

            1 Reply Last reply Reply Quote 0
            • Y
              yoda715
              last edited by

              I dont have a default allow rule. I use a default deny all, but this allow 80 rule is above it.

              1 Reply Last reply Reply Quote 0
              • S
                sullrich
                last edited by

                Okay, do this from a shell:

                cp /etc/inc/globals.inc ~/globals.inc
                fetch -o /etc/inc/globals.inc http://www.pfsense.com/~sullrich/globals.inc

                Now view the log file.    Go to the system log tab, you may see something like: "There was a error parsing rule: "… If so, paste the line.

                When done, issue this from a shell

                cp ~/globals.inc /etc/inc/

                1 Reply Last reply Reply Quote 0
                • Y
                  yoda715
                  last edited by

                  Bah, I did what you told me to and it still didnt work. So I thought I would try something. I disabled the logging option, saved and applied the changes, and then went back into the rule and enabled logging and it works now. Go figure. Maybe it didn't save properly at first for some reason. Thank for your help though Scott.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.