• 2.2-RELEASE (amd64)
    built on Thu Jan 22 14:03:54 CST 2015
    FreeBSD 10.1-RELEASE-p4

    On https://mydomain/diag_confbak.php I see a number of entries for the various changes made to the firewall, but many finish with "made unknown change".

    eg.
    2/3/15 16:18:50 11.6 105 KB someuser@mydomain: /interfaces_ppps_edit.php made unknown change
    2/3/15 15:39:29 11.6 104 KB someuser@mydomain: /diag_logs_settings.php made unknown change
    2/3/15 15:35:40 11.6 104 KB someuser@mydomain: /firewall_aliases_edit.php made unknown change

    Has something broken or are these just standard messages perhaps not worded the best?

    Edit.

    There is one entry which appears to be self descriptive.
    (system): Snort pkg: saved changes to XMLRPC sync configuration.


  • That is normal. A lot of the code just knows what PHP script made the change, and the user name, but there is no fancy code to log which particular entry/settings were modified. I guess all that could be enhanced if someone cares.


  • Just view the diffs in that case?  Though sometimes it can be hard to get the context and decipher what actually changed, so I view the diffs in the web gui, and download / view the whole xml file in another window to get the context by scrolling.


  • I~~'d be happy with a button to show the diff between the current version and a selected past version. Sounds like less work that tweaking every place in the code that doesn't already do it to show what changed.~~

    Didn't say what I meant, fixed now.

    I'd be happy with a way to show to show the diff between the current version and a selected past version from the console. Sounds like less work that tweaking every place in the code that doesn't already do it to show what changed.


  • @firewalluser:

    There is one entry which appears to be self descriptive.
    (system): Snort pkg: saved changes to XMLRPC sync configuration.

    These messages originate from the pfSense system function write_config().  This is called to save changes to the config.xml file.  As a programmer, you have the option of passing an audit history message as a parameter when you call the function.  Unfortunately, 99% of the time programmers don't take advantage of the feature.  When no audit history message is passed, the function prints a default message instead (that is not very helpful).

    I made a conscious effort a few revisions back in both the Snort and Suricata packages to add the audit history messages each time my code calls the write_config() function.  That's why you see the tagged message from Snort.

    Bill


  • @stan-qaz:

    I'd be happy with a button to show the diff between the current version and a selected past version.

    But that's already there!  Well, with one extra click:

    To view the differences between an older configuration and a newer configuration, select the older configuration using the left column of radio options and select the newer configuration in the right column, then press the Diff button

    Or did you mean something else?  I find this method helpful, ie 'what changes were made when I was on vacation, and who made them?'


  • Sorry, something else, edited my original post to hopefully be a bit better. Didn't mean button but menu option on the console.

    I was thinking of accessing the diff from the console, when you do option 15 - Restore Recent Configuration. You get options to list, restore or quit and list gets you similar change listings to the web interface, some are helpful others aren't and it can be hard to guess how far you need to go back to fix the issue. Going back one at a time works but unless you know what you are undoing putting the wanted changes back becomes a problem.

    If I don't manage to lock myself out of the GUI the diff there is helpful but I seem to manage to do that from time to time.

    It is amazing how idiot proof pfSense is, I have never messed it up to the point I've had to do a wipe and reinstall yet. I've been able to back out my errors to the point it starts working again every time.


  • "It is amazing how idiot proof pfSense is, I have never messed it up to the point I've had to do a wipe and reinstall yet."

    Now you are just making me feel bad…


  • @stan-qaz:

    It is amazing how idiot proof pfSense is, I have never messed it up to the point I've had to do a wipe and reinstall yet. I've been able to back out my errors to the point it starts working again every time.

    What steps do you take, do you do this via the console?

    I think I know why people dont recommend usb nics  :), the usb interfaces ie ue0 ue1 etc change around if you add new ones (havent tried taking one away yet), but I always insure the lan is used just by just one machine to access pfsense and the pf lan nic happens to be the onboard/motherboard nic, everything else goes over usb nics so I have to go back in an reassign the usb nics in Interfaces, Assign before everything matches up again. pfsense also threw an error around when I added a new usb nic earlier.


  • Just pick option "15) Restore recent configuration" from the menu and then "1) List Backups" to see what is available. Then either go with the one you hope will fix your latest goof or just try the newest one and be prepared to go though several of them if your error wasn't recent. The entries have some info available but nowhere what you can see from the GUI view diff option.

    Here are a few of my entries for an example:

    30. 2/3/15 01:27:52    v11.6  admin@172.16.1.14
        /services_dhcp_edit.php made unknown change

    29. 2/3/15 01:28:35    v11.6  admin@172.16.1.14
        /services_dhcp_edit.php made unknown change

    <snip>07. 2/4/15 13:00:46    v11.6  admin@172.16.0.16
        /services_dhcp_edit.php made unknown change

    06. 2/4/15 13:02:46    v11.6  admin@172.16.0.16
        /services_dhcp_edit.php made unknown change

    05. 2/4/15 13:14:41    v11.6  admin@172.16.0.16
        /services_dhcp_edit.php made unknown change

    04. 2/4/15 15:33:56    v11.6  admin@172.16.0.16
        /services_dhcp.php made unknown change

    03. 2/4/15 15:35:31    v11.6  admin@172.16.0.16
        System:

    02. 2/4/15 15:36:40    v11.6  admin@172.16.0.16
        /services_dnsmasq_edit.php made unknown change

    01. 2/4/15 15:36:50    v11.6  admin@172.16.0.16
        /services_dnsmasq.php made unknown change

    –--------------

    kejianshi, I'm sure with a bit more experience I'll learn to make worse messes but so far things are good.</snip>