Under heavy load, the log files in /var/log/filter are sometimes filling up all my disk space.
I have already configured the "maximum file size" and the "maximum preserved files" under System / Settings / Local, but the filter logs are getting much larger than they should, so this setting does not seem to have any effect on the number and size of the filter logs.
Is this behavior intended? If so, is there another way to rotate filter logs so that there is no risk of running out of disk space?
Shutting off the logs completely is no option for me.
I am using OPNsense 25.1.5_5-amd64
How heavy is your load vs. disk space?
For context, I have all filter logging enabled with a 200 file limit on a 1.6TB SSD, and over ~5 months it's written ~367GB according to SMART, equating to (apparently, via df) ~1.9GB in logs. My firewall filters for 13 static IPs on a 500Mb Internet link and varies between 150 to 4000 sessions, with pfrate varying between 5 and 40 (from Reporting: Health / System / States) (instantaneous stats will vary more). This seems like a very light logging load to me, as I designed the system to handle... well, a lot more.
On average the filter logs are only 2 GBytes per day, but I have already observed 5 GBytes per hour on some occasions. When I get a disk space warning from my network management it is usually already too late and the GUI is inoperable because of low disk space.
I would expect that local logging is intelligent enough to just delete the oldest log files if the disk is in danger of running out of space, but apparently this is not the case.