Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Possible to roll logs?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      ck42
      last edited by

      I realize I can push my logs to a syslog server, but I'd rather keep a copy on pfsense, locally, which I'm doing now.  The problem though of course is the drive consumption.
      So, the question is:  Is there a way to have pfsense log locally and then roll the logs once they reach a certain size or age?  I don't see anywhere in the GUI a way to do this.

      Is there maybe a package for this?

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.

        1 Reply Last reply Reply Quote 0
        • C
          cneep
          last edited by

          @Harvy66:

          I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.

          What would happen then when the RAM drive gets filled up? Is the system smart enough to delete the oldest logs to make room for the newer ones, or does logging come to a sudden halt?

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.

            Looks like they're generated here in /etc/rc

            DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml`
            ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml`
            LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing"
            for logfile in $LOG_FILES; do
            	if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then 
            		/usr/bin/touch /var/log/$logfile.log
            	else 
            		if [ ! -f /var/log/$logfile.log ]; then
            			if [ "$ENABLEFIFOLOG" -gt "0" ]; then
            				# generate fifolog files
            				/usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log
            			else 
            				/usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log
            			fi
            		fi
            	fi 
            done
            
            

            There is a package for running a syslog server on the pfSense box you might also look at.

            Steve

            1 Reply Last reply Reply Quote 0
            • C
              ck42
              last edited by

              You're right.  Looks like it's rolling 500KB log files!  Thanks!

              @stephenw10:

              The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.

              Looks like they're generated here in /etc/rc

              DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml`
              ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml`
              LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing"
              for logfile in $LOG_FILES; do
              	if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then 
              		/usr/bin/touch /var/log/$logfile.log
              	else 
              		if [ ! -f /var/log/$logfile.log ]; then
              			if [ "$ENABLEFIFOLOG" -gt "0" ]; then
              				# generate fifolog files
              				/usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log
              			else 
              				/usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log
              			fi
              		fi
              	fi 
              done
              
              

              There is a package for running a syslog server on the pfSense box you might also look at.

              Steve

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.