Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Filter Logs not showing in WebGui- Pfsense 2.2

    Firewalling
    5
    12
    2680
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsenseack last edited by

      Hi All,

      Q:1

      I have pfsense 2.2 installed and working fine. Until few weeks ago filter logs were being displayed properly in the web gui, but since the last few days it won't show any thing.

      if i access the command line and use option - 10, it displays firewall / filter log but not in the web gui.

      Q2:

      Squid Package : 2.7.9 pkg v.4.3.6
      LightSquid Package 1.8.2 pkg v.2.35

      Light Squid : I also have squid proxy running with logging enabled, however, whenever i try to generate a report with light squid it gives a 404.

      will be grateful for your suggestions / assistance in getting this resolved.

      kind regards
      Ack

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        Q1: give us some sample output from the console menu and:

        clog /var/log/filter.log
        

        And then a screenshot of the webGUI firewall log display.

        One possibility is the IGMP logging issue: https://github.com/pfsense/pfsense/commit/091195f09e627f575bb195006d255ad4e85dfef7

        In 2.2 (and earlier) the webGUI Firewall Log display does not display IGMP lines from filter.log
        There is another underlying issue, that sometimes many IGMP packets are seen and logged to filter.log even though the rules they match do not have logging on. That can put a lot of unwanted stuff in filter.log. And then because tyhe webGUI Firewall Log does not display those entries, it looks empty or shorter than requested.

        In 2.2.1 the webGUI Firewall Log display should match what is in filter.log - but there is still the issue of unwanted IGMP packets "clog"ging up filter.log (pardon the pun).

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • P
          pfsenseack last edited by

          Thank you phil.davis for your response.

          attached are the images / output you requested.

          even though I have rules enabled with logging nothing is being displayed in the webgui when i select "Status > System Logs > Firewall (Normal, Summary, Dynamic View) all empty.

          I browsed to the igmp issue at github but not sure how would i apply that?

          also can i install nano on pfsense via pkg manager ?

          Many thanks for your prompt response -




          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            @phil.davis:

            https://github.com/pfsense/pfsense/commit/091195f09e627f575bb195006d255ad4e85dfef7
            In 2.2.1 the webGUI Firewall Log display should match what is in filter.log - but there is still the issue of unwanted IGMP packets "clog"ging up filter.log (pardon the pun).

            Thank you very much. I have unfixed your fix via System Patches on all affected boxes – because it made my firewall log literally useless.

            1 Reply Last reply Reply Quote 0
            • P
              phil.davis last edited by

              You have the "feature" where unwanted IGMP packets are being logged in filter.log
              The webGUI display is finding the last 100 records in filter.log - but the display has the bug that it will not display any IGMP entries from the log. That is why it says "Last 0 firewall log entries. Max (100)".
              If you apply the patch then the webGUI firewall log table will display the entries from filter.log
              You should be able to do that with System Patches package and add an entry referring to the URL above. Or upgrade to 2.2.1.

              It won't get rid of the underlying problem - filter.log can still get filled with loads of IGMP messages.

              As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
              If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

              1 Reply Last reply Reply Quote 0
              • P
                phil.davis last edited by

                @doktornotor:

                @phil.davis:

                https://github.com/pfsense/pfsense/commit/091195f09e627f575bb195006d255ad4e85dfef7
                In 2.2.1 the webGUI Firewall Log display should match what is in filter.log - but there is still the issue of unwanted IGMP packets "clog"ging up filter.log (pardon the pun).

                Thank you very much. I have unfixed your fix via System Patches on all affected boxes – because it made my firewall log literally useless.

                Always happy to help ;)
                Whichever way you go with this, if you are getting the underlying problem of filter.log being flooded with IGMP packet messages then it is a pain. It would be good if the underlying issue can also be solved!

                As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
                If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned last edited by

                  @phil.davis:

                  if you are getting the underlying problem of filter.log being flooded with IGMP packet messages then it is a pain.

                  On one network, we have a couple of "smart" LG TVs, each of those is producing tens of these items logged per minute.  >:(

                  @phil.davis:

                  It would be good if the underlying issue can also be solved!

                  Yeah, indeed, ASAP.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsenseack last edited by

                    @phil.davis:

                    You have the "feature" where unwanted IGMP packets are being logged in filter.log
                    The webGUI display is finding the last 100 records in filter.log - but the display has the bug that it will not display any IGMP entries from the log. That is why it says "Last 0 firewall log entries. Max (100)".
                    If you apply the patch then the webGUI firewall log table will display the entries from filter.log
                    You should be able to do that with System Patches package and add an entry referring to the URL above. Or upgrade to 2.2.1.

                    It won't get rid of the underlying problem - filter.log can still get filled with loads of IGMP messages.

                    Thank you for your guidance - filter logs are now being displayed, but with IGMP only. I do have rules with logging enabled but it isn't showing that.

                    I will upgrade this box to pfsense 2.2.1 tonight and report back.

                    Also, Lightsquid report is giving a 404 not found - any suggestions for that will be helpful? - Thanks

                    Many thanks for your assistance

                    1 Reply Last reply Reply Quote 0
                    • D
                      doktornotor Banned last edited by

                      @pfsenseack:

                      Thank you for your guidance - filter logs are now being displayed, but with IGMP only.

                      You need to upgrade and revert the patch if you are getting so many IGMP log entries.

                      @pfsenseack:

                      Also, Lightsquid report is giving a 404 not found - any suggestions for that will be helpful? - Thanks

                      New thread in the proper forum section, please.

                      1 Reply Last reply Reply Quote 0
                      • jimp
                        jimp Rebel Alliance Developer Netgate last edited by

                        Part of the issues likely stems from IGMP packets having ip options set. So if you pass traffic, but the IGMP packets have ip options set, it will still block/log those. So try adding a rule to pass or block igmp without logging but make sure the rule has "allows packets with IP options to pass" checked in advanced features/advanced options.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • D
                          doktornotor Banned last edited by

                          @jimp:

                          Part of the issues likely stems from IGMP packets having ip options set. So if you pass traffic, but the IGMP packets have ip options set, it will still block/log those.

                          I do not see them blocked. I see them passed. And every passed packet creates a log entry. This thing is extremely annoying to put it mildly. No amount of manual messing with rules (floating or not, pass or block, allow-opts or not) did not manage to get rid of this log spam. The best I can do I to hide it from the GUI by reverting the patch mentioned above.

                          1 Reply Last reply Reply Quote 0
                          • BBcan177
                            BBcan177 Moderator last edited by

                            @jimp:

                            Part of the issues likely stems from IGMP packets having ip options set. So if you pass traffic, but the IGMP packets have ip options set, it will still block/log those. So try adding a rule to pass or block igmp without logging but make sure the rule has "allows packets with IP options to pass" checked in advanced features/advanced options.

                            Thanks jimp,

                            In v.2.2.1, I was getting IGMP Spam on the LAN interface, so I "Checked" the

                            "This allows packets with IP options to pass." in the Default Lan Allow Rule in the Adv. Options.

                            The IGMP Spamming stopped for me…

                            "Experience is something you don't get until just after you need it."

                            Website: http://pfBlockerNG.com
                            Twitter: @BBcan177  #pfBlockerNG
                            Reddit: https://www.reddit.com/r/pfBlockerNG/new/

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post