Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Firewall logging

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      b08maz
      last edited by

      This is a fresh install as of yesterday. Previous installed logging worked squidguard did not. I have rebooted pfsense 1.2 three times, run GRC ShieldsUP! to test the firewall logging and not one thing is shown in the log, completely empty. How do I start the logging manually? I cannot find anything in the system log either:

      May 4 15:53:37 dhclient[262]: DHCPREQUEST on vlan0 to 255.255.255.255 port 67
      May 4 15:53:43 last message repeated 2 times
      May 4 15:53:52 dhclient[262]: DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 2
      May 4 15:53:54 dhclient[262]: DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 3
      May 4 15:53:57 dhclient[262]: DHCPDISCOVER on vlan0 to 255.255.255.255 port 67 interval 6
      May 4 15:53:57 dhclient[262]: DHCPOFFER from 10.33.0.1
      May 4 15:53:59 dhclient[262]: DHCPREQUEST on vlan0 to 255.255.255.255 port 67
      May 4 15:53:59 dhclient[262]: DHCPACK from 10.33.0.1
      May 4 15:54:00 dhclient[262]: bound to 68.2.73.178 – renewal in 43200 seconds.
      May 4 15:54:00 kernel: pflog0: promiscuous mode enabled
      May 4 15:54:08 php: : SQUID is installed but not started. Not installing redirect rules.
      May 4 15:54:11 dhcpd: Internet Systems Consortium DHCP Server V3.0.5
      May 4 15:54:11 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
      May 4 15:54:11 dhcpd: All rights reserved.
      May 4 15:54:11 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
      May 4 15:54:11 dnsmasq[667]: started, version 2.39 cachesize 150
      May 4 15:54:11 dnsmasq[667]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
      May 4 15:54:11 dnsmasq[667]: reading /etc/resolv.conf
      May 4 15:54:11 dnsmasq[667]: using nameserver 68.105.28.12#53
      May 4 15:54:11 dnsmasq[667]: using nameserver 68.105.29.11#53
      May 4 15:54:11 dnsmasq[667]: using nameserver 68.105.28.11#53
      May 4 15:54:11 dnsmasq[667]: read /etc/hosts - 2 addresses
      May 4 15:54:08 php: : SQUID is installed but not started. Not installing redirect rules.
      May 4 15:54:11 php: : DynDns: Running updatedns()
      May 4 15:54:11 php: : DynDns: updatedns() starting
      May 4 15:54:11 php: : DynDns: _detectChange() starting.
      May 4 15:54:11 php: : DynDns: Current WAN IP: 68.2.73.178
      May 4 15:54:11 php: : DynDns: Cached IP: 68.2.73.178
      May 4 15:54:11 php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
      May 4 15:54:11 kernel: ipfw2 (+ipv6) initialized, divert loadable, rule-based forwarding enabled, default to accept, logging disabled
      May 4 15:54:14 php: : Creating rrd update script
      May 4 15:54:14 dhcpd: Internet Systems Consortium DHCP Server V3.0.5
      May 4 15:54:14 dhcpd: Copyright 2004-2006 Internet Systems Consortium.
      May 4 15:54:14 dhcpd: All rights reserved.
      May 4 15:54:14 dhcpd: For info, please visit http://www.isc.org/sw/dhcp/
      May 4 15:54:17 php: : Resyncing configuration for all packages.
      May 4 15:54:18 php: : Reloading Squid for configuration sync
      May 4 15:54:19 last message repeated 6 times
      May 4 15:54:19 squid[1119]: Squid Parent: child process 1121 started
      May 4 15:54:20 ntop[1116]: THREADMGMT[t134610944]: ntop RUNSTATE: PREINIT(1)
      May 4 15:54:20 ntop[1116]: THREADMGMT[t134610944]: ntop RUNSTATE: INIT(2)
      May 4 15:54:20 kernel: fxp0: promiscuous mode enabled
      May 4 15:54:20 kernel: vlan1: promiscuous mode enabled
      May 4 15:54:20 kernel: vlan2: promiscuous mode enabled
      May 4 15:54:20 check_reload_status: check_reload_status is starting
      May 4 15:54:21 check_reload_status: rc.newwanip starting
      May 4 15:54:21 ntop[1156]: THREADMGMT[t134610944]: Now running as a daemon
      May 4 15:54:21 ntop[1156]: THREADMGMT[t134610944]: Now running as a daemon
      May 4 15:54:22 ntop[1156]: ASN: Checking for Autonomous System Number table file
      May 4 15:54:22 ntop[1156]: ASN: Checking for Autonomous System Number table file
      May 4 15:54:22 ntop[1156]: ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz'
      May 4 15:54:22 ntop[1156]: ASN: Loading file '/usr/local/etc/ntop/AS-list.txt.gz'
      May 4 15:54:22 login: login on ttyv0 as root
      May 4 15:54:23 ntop[1156]: ASN: …found 111435 lines
      May 4 15:54:23 ntop[1156]: ASN: …found 111435 lines
      May 4 15:54:23 ntop[1156]: ASN: ….Used 3780 KB of memory (12 per entry)
      May 4 15:54:23 ntop[1156]: ASN: ….Used 3780 KB of memory (12 per entry)
      May 4 15:54:23 ntop[1156]: I18N: This instance of ntop does not support multiple languages
      May 4 15:54:23 ntop[1156]: I18N: This instance of ntop does not support multiple languages
      May 4 15:54:23 ntop[1156]: IP2CC: Checking for IP address <-> Country Code mapping file
      May 4 15:54:23 ntop[1156]: IP2CC: Checking for IP address <-> Country Code mapping file
      May 4 15:54:23 ntop[1156]: IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
      May 4 15:54:23 ntop[1156]: IP2CC: Loading file '/usr/local/etc/ntop/p2c.opt.table.gz'
      May 4 15:54:23 ntop[1156]: IP2CC: …found 52395 lines
      May 4 15:54:23 ntop[1156]: IP2CC: …found 52395 lines
      May 4 15:54:23 ntop[1156]: GDVERCHK: Guessing at libgd version
      May 4 15:54:23 ntop[1156]: GDVERCHK: Guessing at libgd version
      May 4 15:54:23 ntop[1156]: GDVERCHK: … as 2.0.21+
      May 4 15:54:23 ntop[1156]: GDVERCHK: … as 2.0.21+
      May 4 15:54:23 ntop[1156]: Initializing external applications
      May 4 15:54:23 ntop[1156]: Initializing external applications
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134612992]: NPA: Started thread for network packet analyzer
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134612992]: NPA: Started thread for network packet analyzer
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Started thread for fingerprinting
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Started thread for fingerprinting
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Started thread for idle hosts detection
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Started thread for idle hosts detection
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614528]: DNSAR(1): Started thread for DNS address resolution
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614528]: DNSAR(1): Started thread for DNS address resolution
      May 4 15:54:23 ntop[1156]: Calling plugin start functions (if any)
      May 4 15:54:23 ntop[1156]: Calling plugin start functions (if any)
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134612992]: NPA: network packet analyzer (packet processor) thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134612992]: NPA: network packet analyzer (packet processor) thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Idle host scan thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Idle host scan thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614528]: DNSAR(1): Address resolution thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614528]: DNSAR(1): Address resolution thread running [p1156]
      May 4 15:54:23 ntop[1156]: SSL is present but https is disabled: use -W <https port="">for enabling it
      May 4 15:54:23 ntop[1156]: SSL is present but https is disabled: use -W <https port="">for enabling it
      May 4 15:54:23 ntop[1156]: INITWEB: Initializing web server
      May 4 15:54:23 ntop[1156]: INITWEB: Initializing web server
      May 4 15:54:23 ntop[1156]: INITWEB: Initializing tcp/ip socket connections for web server
      May 4 15:54:23 ntop[1156]: INITWEB: Initializing tcp/ip socket connections for web server
      May 4 15:54:23 ntop[1156]: INITWEB: Initialized socket, port 3000, address (any)
      May 4 15:54:23 ntop[1156]: INITWEB: Initialized socket, port 3000, address (any)
      May 4 15:54:23 ntop[1156]: INITWEB: Waiting for HTTP connections on port 3000
      May 4 15:54:23 ntop[1156]: INITWEB: Waiting for HTTP connections on port 3000
      May 4 15:54:23 ntop[1156]: INITWEB: Starting web server
      May 4 15:54:23 ntop[1156]: INITWEB: Starting web server
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: INITWEB: Started thread for web server
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: INITWEB: Started thread for web server
      May 4 15:54:23 ntop[1156]: Listening on [vlan1,vlan2]
      May 4 15:54:23 ntop[1156]: Listening on [vlan1,vlan2]
      May 4 15:54:23 ntop[1156]: Loading Plugins
      May 4 15:54:23 ntop[1156]: Loading Plugins
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: WEB: Server connection thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: WEB: Server connection thread starting [p1156]
      May 4 15:54:23 ntop[1156]: Note: SIGPIPE handler set (ignore)
      May 4 15:54:23 ntop[1156]: Note: SIGPIPE handler set (ignore)
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: WEB: Server connection thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157052928]: WEB: Server connection thread running [p1156]
      May 4 15:54:23 ntop[1156]: WEB: ntop's web server is now processing requests
      May 4 15:54:23 ntop[1156]: WEB: ntop's web server is now processing requests
      May 4 15:54:23 ntop[1156]: Searching for plugins in /usr/local/lib/ntop/plugins
      May 4 15:54:23 ntop[1156]: Searching for plugins in /usr/local/lib/ntop/plugins
      May 4 15:54:23 ntop[1156]: ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
      May 4 15:54:23 ntop[1156]: ICMP: Welcome to ICMP Watch. (C) 1999-2005 by Luca Deri
      May 4 15:54:23 ntop[1156]: LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
      May 4 15:54:23 ntop[1156]: LASTSEEN: Welcome to Host Last Seen. (C) 1999 by Andrea Marangoni
      May 4 15:54:23 ntop[1156]: NETFLOW: Welcome to NetFlow.(C) 2002-05 by Luca Deri
      May 4 15:54:23 ntop[1156]: NETFLOW: Welcome to NetFlow.(C) 2002-05 by Luca Deri
      May 4 15:54:23 ntop[1156]: PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
      May 4 15:54:23 ntop[1156]: PDA: Welcome to PDA. (C) 2001-2005 by L.Deri and W.Brock
      May 4 15:54:23 ntop[1156]: RRD: Welcome to Round-Robin Databases. (C) 2002-04 by Luca Deri.
      May 4 15:54:23 ntop[1156]: RRD: Welcome to Round-Robin Databases. (C) 2002-04 by Luca Deri.
      May 4 15:54:23 ntop[1156]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
      May 4 15:54:23 ntop[1156]: SFLOW: Welcome to sFlow.(C) 2002-04 by Luca Deri
      May 4 15:54:23 ntop[1156]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina
      May 4 15:54:23 ntop[1156]: SNMP: Welcome to SNMP. (C) 2004 by F.Fusco and G.Giardina
      May 4 15:54:23 ntop[1156]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss
      May 4 15:54:23 ntop[1156]: XMLDUMP: Welcome to XML data dump. (C) 2003-2004 by Burton Strauss
      May 4 15:54:23 ntop[1156]: Calling plugin start functions (if any)
      May 4 15:54:23 ntop[1156]: Calling plugin start functions (if any)
      May 4 15:54:23 ntop[1156]: RRD: Welcome to the RRD plugin
      May 4 15:54:23 ntop[1156]: RRD: Welcome to the RRD plugin
      May 4 15:54:23 ntop[1156]: RRD: Mask for new directories is 0700
      May 4 15:54:23 ntop[1156]: RRD: Mask for new directories is 0700
      May 4 15:54:23 ntop[1156]: RRD: Mask for new files is 0066
      May 4 15:54:23 ntop[1156]: RRD: Mask for new files is 0066
      May 4 15:54:23 ntop[1156]: THREADMGMT: RRD: Started thread (t157053952) for data collection
      May 4 15:54:23 ntop[1156]: THREADMGMT: RRD: Started thread (t157053952) for data collection
      May 4 15:54:23 ntop[1156]: Now running as requested user 'root' (0:0)
      May 4 15:54:23 ntop[1156]: Now running as requested user 'root' (0:0)
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157053952]: RRD: Data collection thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157053952]: RRD: Data collection thread starting [p1156]
      May 4 15:54:23 ntop[1156]: INIT: Created pid file (/var/run/ntop.pid)
      May 4 15:54:23 ntop[1156]: INIT: Created pid file (/var/run/ntop.pid)
      May 4 15:54:23 ntop[1156]: Note: Reporting device initally set to 1 [vlan2]
      May 4 15:54:23 ntop[1156]: Note: Reporting device initally set to 1 [vlan2]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4)
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134610944]: ntop RUNSTATE: RUN(4)
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1): Started thread for network packet sniffing
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1): Started thread for network packet sniffing
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2): Started thread for network packet sniffing
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2): Started thread for network packet sniffing
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134613504]: SFP: Fingerprint scan thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t134614016]: SIH: Idle host scan thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1,vlan1): pcapDispatch thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1,vlan1): pcapDispatch thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1,vlan1): pcapDispatch thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054464]: NPS(1,vlan1): pcapDispatch thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2,vlan2): pcapDispatch thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2,vlan2): pcapDispatch thread starting [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2,vlan2): pcapDispatch thread running [p1156]
      May 4 15:54:23 ntop[1156]: THREADMGMT[t157054976]: NPS(2,vlan2): pcapDispatch thread running [p1156]
      May 4 15:54:24 php: : Informational: rc.newwanip is starting vlan0.
      May 4 15:54:24 php: : rc.newwanip working with (IP address: 68.2.73.178) (interface: wan) (interface real: vlan0).
      May 4 15:54:24 Squid_Alarm[1195]: Squid has exited. Reconfiguring filter.
      May 4 15:54:24 Squid_Alarm[1197]: Attempting restart…
      May 4 15:54:24 squid[1204]: Squid Parent: child process 1207 started
      May 4 15:54:27 Squid_Alarm[1223]: Reconfiguring filter…
      May 4 15:54:29 Squid_Alarm[1406]: Squid has resumed. Reconfiguring filter.
      May 4 15:54:32 php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - 68.2.73.178.
      May 4 15:54:32 php: : Creating rrd update script
      May 4 15:54:32 php: : Configuring slbd
      May 4 15:54:32 check_reload_status: reloading filter
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Started thread for throughput data collection
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Started thread for throughput data collection
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157053952]: RRD: Data collection thread running [p1156]
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157053952]: RRD: Data collection thread running [p1156]
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Throughput data collection: Thread starting [p1156]
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Throughput data collection: Thread starting [p1156]
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Throughput data collection: Thread running [p1156]
      May 4 15:54:33 ntop[1156]: THREADMGMT[t157956096]: RRD: Throughput data collection: Thread running [p1156]
      May 4 15:54:36 check_reload_status: updating dyndns
      May 4 15:54:39 php: : DynDns: Running updatedns()
      May 4 15:54:39 php: : DynDns: updatedns() starting
      May 4 15:54:39 php: : DynDns: _detectChange() starting.
      May 4 15:54:39 php: : DynDns: Current WAN IP: 68.2.73.178
      May 4 15:54:39 php: : DynDns: Cached IP: 68.2.73.178
      May 4 15:54:39 php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry.
      May 4 15:54:44 check_reload_status: reloading filter
      May 4 15:56:29 dnsmasq[667]: reading /etc/resolv.conf
      May 4 15:56:29 dnsmasq[667]: using nameserver 68.105.28.12#53
      May 4 15:56:29 dnsmasq[667]: using nameserver 68.105.29.11#53
      May 4 15:56:29 dnsmasq[667]: using nameserver 68.105.28.11#53</https></https>

      1 Reply Last reply Reply Quote 0
      • B
        b08maz
        last edited by

        Ok it will log the extended information, but when I deselect that option it leaves the firewall log empty.

        I tried /etc/rc.d/syslogd stop / start

        No effect.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.