Firewall Log Missing



  • In the GUI, System Logs, firewall tab, nothing is displayed whatsoever.
    I checked and the log exists and is being populated.
    Checking "show raw filter logs", the GUI properly displays its contents.

    Would like a solution, not seriously crucial; just bringing this to attention.


  • Rebel Alliance Developer Netgate

    That area is being worked on.

    We're moving to a custom log daemon to take the pf logs and put them into an easy-to-parse one line CSV style.



  • Is there any place we can track progress on this?  Or even possibly help out?

    If not, is there any rough ETA?

    Thanks!



  • This is apparently fixed now, however after just installing the latest snapshot it doesn't seem to be functioning.
    I still have to have raw logs enabled.



  • So you have raw logs configured?



  • Yes, that's correct.

    I saw from a post made later than mine, where you Ermal, said that it's working now. I installed the snapshot from last night.
    However, upon my own trial the only way I can see any output in the firewall log is to have raw logs enabled.


  • Rebel Alliance Developer Netgate

    It's working for me on the latest snapshot(s), I get more than I really need :-)

    Lots of rules we have set to pass log out for some reason on 2.2, but it's definitely working to parse the logs. The device and VM I was testing are amd64 though. Are you running amd64 or i386?



  • i386, Mr. Sir.



  • Still no log as of the 4th of May build on AMD64.



  • @m3usv0x:

    Still no log as of the 4th of May build on AMD64.

    Same here, x86-64 build.  Log file is normal, but nothing in the gui.  What daemon debugging do you want?



  • 2.2-ALPHA (amd64)
    built on Tue May 06 04:01:46 CDT 2014

    Something is indeed still wrong, no firewall log output on the GUI. If I enable 'raw logs' there are entries in the 'normal view'; 'dynamic view' & 'summary view' stay empty.

    I also seem to have problems with the 'system log: settings'. I changed the log file size to 1000000 bytes to experiment, on one of the earlier snapshots. Now whatever I put in as size (including 0) it always comes back to 1000000. Whenever I try to change this setting I get: 'Do you really want to reset the log files? This will erase all local log data.' and click 'OK'. After a second or so, a message appears telling:'The log files have been reset.' The log file size mentioned in the same section never changes however, It always stays on 18M. The 'reset log file' button on the same page also doesn't seem to change anything.


  • Rebel Alliance Developer Netgate

    I haven't see that issue with the file size adjustment. You would not want to set it to zero, but it should let you leave it blank.

    (posted this part in another thread, but copying here)
    [The rules were] working but had broken again… This morning it appears to be OK. The rule lookup code is fixed in the repo now, the current snapshot will do rule lookups when you click on the action icon, but the row/column description display doesn't work until the commit I pushed a few minutes ago.

    So by the next snapshot (or current snap + gitsync to master) it should be OK all around.


  • Rebel Alliance Developer Netgate

    @NeverSimple:

    I also seem to have problems with the 'system log: settings'. I changed the log file size to 1000000 bytes to experiment, on one of the earlier snapshots. Now whatever I put in as size (including 0) it always comes back to 1000000. Whenever I try to change this setting I get: 'Do you really want to reset the log files? This will erase all local log data.' and click 'OK'. After a second or so, a message appears telling:'The log files have been reset.' The log file size mentioned in the same section never changes however, It always stays on 18M. The 'reset log file' button on the same page also doesn't seem to change anything.

    OK I think I see what you're doing. The "Reset Log Files" button does not save the setting. You change the value, press save, then press Reset Log Files to clear the logs. The description on the option doesn't specifically say you have to save first, so I'll change the description.



  • @jimp:

    The "Reset Log Files" button does not save the setting. You change the value, press save, then press Reset Log Files to clear the logs. The description on the option doesn't specifically say you have to save first, so I'll change the description.

    That does seem to work. With your explanation it seems perfectly logical, but maybe not very intuitive? Adding to the description would be a good idea.

    @jimp:

    I haven't see that issue with the file size adjustment. You would not want to set it to zero, but it should let you leave it blank.

    I was just trying different values, but I'm almost 100% sure that 'zero' was in there as default. If a value like zero isn't allowed, then maybe there could be a check for it?

    Anyway, thanks for the explanation.



  • I had also recently changed the note to "Reset Log Files" button to add "Use the Save button first if you have made any setting changes."
    Hopefully with JimP's added explanation in the other spot also, there is enough text there for people to know what to do.



  • Any word on the status of this?


  • Rebel Alliance Developer Netgate

    It's working on i386 but not amd64.

    As a reminder, 2.2 is still alpha so we're working on bigger things right now (e.g. captive portal, ipsec) and some things like this can wait a bit.

    There is a ticket here: https://redmine.pfsense.org/issues/3648



  • @jimp:

    It's working for me on the latest snapshot(s), I get more than I really need :-)

    Lots of rules we have set to pass log out for some reason on 2.2, but it's definitely working to parse the logs. The device and VM I was testing are amd64 though. Are you running amd64 or i386?

    @jimp:

    It's working on i386 but not amd64.

    As a reminder, 2.2 is still alpha so we're working on bigger things right now (e.g. captive portal, ipsec) and some things like this can wait a bit.

    There is a ticket here: https://redmine.pfsense.org/issues/3648

    Regardless of alpha state, imagine my confusion until you clarified versions.
    That was way more helpful than reminding me it's in alpha.
    There's enough disclaimers that it's alpha, posting in the alpha section of the forum is kind of a prerequisite of understanding.
    Also, maybe it was helpful for someone to understand it works on 86 but not on 64 in the dev team.

    I'm anxiously awaiting this being solved whenever someone has time to rectify it.
    I'll monitor the bugtracker, thanks.



  • @jimp:

    It's working on i386 but not amd64.

    As a reminder, 2.2 is still alpha so we're working on bigger things right now (e.g. captive portal, ipsec) and some things like this can wait a bit.

    There is a ticket here: https://redmine.pfsense.org/issues/3648

    Thanks for the issue link.


  • Rebel Alliance Developer Netgate

    The alpha reminder was mainly aimed at the repeated status queries. We know there are issues yet but we have to prioritize/triage.



  • @jimp:

    It's working on i386 but not amd64.

    As a reminder, 2.2 is still alpha so we're working on bigger things right now (e.g. captive portal, ipsec) and some things like this can wait a bit.

    There is a ticket here: https://redmine.pfsense.org/issues/3648

    Just to be clear, aren't there two separate problems?

    • broken pflog output: OK on i386 but broken on x86-64
    • Firewall logs missing from the gui unless 'raw logs' is enabled.

    My filter.log (AMD64) has tons of "May 14 10:49:32 pfsense filterlog: 84,16777216,,1000004861,bge1,match,pass,out,8,error='truncated-ip 16328 bytes missing!',0x4a,0,24,16134,60656,none,74,wsn,16384,38.102.xxx.159,214.yyy.0.80,8" which is the broken log output.


  • Rebel Alliance Developer Netgate

    No, one problem.

    The pflog output is broken on amd64, so the log entries are ignored by the parser as invalid, so none are shown in the GUI.

    Logs are completely OK on i386, they are OK in raw and in the GUI.



  • Firewall Logs on x64 seem to be fixed at least as of May 17 build (without raw log enabled)!

    Yay!

    Regards,
    Sean


Log in to reply