This is happened twice in the past month. Log files in /var/log/filter grow and take over the entire disk.
Questions:
1) what subsystem is creating the log entries (shown below) in such volume? Is this a bug or a mistake I made?
2) what tool in opnsense cleans up log files and why didn't it detect the growth of these files and remove them before they overflowed the file system?
<134>1 2022-09-27T14:30:07+00:00 fw.xx.com filterlog 97605 - [meta sequenceId="70307"] 149,,,4323e97f6be45a912e1dde65bee932a7,igb1,match,pass,in,4,0x0,,128,52704,0,DF,6,tcp,972,192.168.3.60,18.210.236.123,53138,443,932,PA,475949628:475950560,3790384092,1025,,
Under System -> Settings -> Logging -> Preserve logs (Days) what do you have there? Some have stated the default changed to 31 days with the 22.* series. Some have needed to decrease this to 7 days or less.
thanks! what subsystem is generating these logs?
that one looks like a firewall rule log entry.
System : Setting: Logging, disable logging of allowed packets to if not needed
Thanks. I really appreciate the time you took to help with this. FWIW, the option I unchecked was "Log packets matched from the default pass rules put in the ruleset" in a couple weeks a look at the log files and see if the levels are more reasonable.
This experience also taught me one thing. If you are using opnsense in an enterprise environment, the local disk should be at least 512 GB. I know the hardware specs say 120 GB but with the default logging settings, my 256 GB SSD overflowed.
You may want to try a ZFS install and turn compression on, this helps tremendously in these cases.