4. Possible to roll logs?

Possible to roll logs?

  • C

    I realize I can push my logs to a syslog server, but I'd rather keep a copy on pfsense, locally, which I'm doing now.  The problem though of course is the drive consumption.
    So, the question is:  Is there a way to have pfsense log locally and then roll the logs once they reach a certain size or age?  I don't see anywhere in the GUI a way to do this.

    Is there maybe a package for this?

    0
  • H

    I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.

    0
  • C

    @Harvy66:

    I'm not sure it's the best answer, but you can have PFSense store logs on a RAM drive, and limit the size of that drive.

    What would happen then when the RAM drive gets filled up? Is the system smart enough to delete the oldest logs to make room for the newer ones, or does logging come to a sudden halt?

    0
  • Netgate Administrator

    The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.

    Looks like they're generated here in /etc/rc

    DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml`
ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml`
LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing"
for logfile in $LOG_FILES; do
	if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then 
		/usr/bin/touch /var/log/$logfile.log
	else 
		if [ ! -f /var/log/$logfile.log ]; then
			if [ "$ENABLEFIFOLOG" -gt "0" ]; then
				# generate fifolog files
				/usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log
			else 
				/usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log
			fi
		fi
	fi 
done

    There is a package for running a syslog server on the pfSense box you might also look at.

    Steve

    0
  • C

    You're right.  Looks like it's rolling 500KB log files!  Thanks!

    @stephenw10:

    The pfSense logs are already kept in a rotating format with a fixed size. I wouldn't have thought it would be that difficult to increase that size. Not tried it though.

    Looks like they're generated here in /etc/rc

    DISABLESYSLOGCLOG=`/usr/bin/grep -c disablesyslogclog /cf/conf/config.xml`
ENABLEFIFOLOG=`/usr/bin/grep -c usefifolog /cf/conf/config.xml`
LOG_FILES="system filter dhcpd vpn pptps poes l2tps openvpn portalauth ipsec ppp relayd wireless lighttpd ntpd gateways resolver routing"
for logfile in $LOG_FILES; do
	if [ "$DISABLESYSLOGCLOG" -gt "0" ]; then 
		/usr/bin/touch /var/log/$logfile.log
	else 
		if [ ! -f /var/log/$logfile.log ]; then
			if [ "$ENABLEFIFOLOG" -gt "0" ]; then
				# generate fifolog files
				/usr/sbin/fifolog_create -s 511488 /var/log/$logfile.log
			else 
				/usr/local/sbin/clog -i -s 512144 /var/log/$logfile.log
			fi
		fi
	fi 
done

    There is a package for running a syslog server on the pfSense box you might also look at.

    Steve

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy