pf log for 20.1?

[dgktkr]

Hi,

I'm running OPNsense 20.1 built from source for an arm device and things generally seem to work.

One thing that doesn't seem to work is logging for pf. It can be enabled in the web GUI, but nothing shows up when using the GUI to view the pf logs.

pf seems to be working properly because

Code Select Expand

tcpdump -n -e -ttt -i pflog0 shows the expected information on filtered packets.

On the other hand, the usual logger daemon doesn't seem to be running:

Code Select Expand

# ps -auxww | grep pflogd
root    37336   0.0  0.2  4632  2088  0  S+   12:33    0:00.01 grep pflogd and there isn't any apparent log file for pf in /var/log. There's a bunch of other log files, for instance dhcpd.log, that are 511488B in size that look like circular logs.

Has a circular log for pf been implemented in 20.1 source code yet?

Edit: Further investigation seems to reveal that pf logging in OPNsense doesn't use the usual log daemon or log file. Instead, it looks like /usr/local/sbin/filterlog and /var/log/filter.log are used:

Code Select Expand

# ps -auxww | grep filterlog
root    73740   0.0  0.2  5152  2104  -  Ss   12:14     0:02.73 /usr/local/sbin/filterlog -i pflog0 -p /var/run/filterlog.pid
root    64192   0.0  0.2  4640  2096  0  S+   16:06     0:00.01 grep filterlog

But no info is shown up in filter.log:

Code Select Expand

root@OPNsense:/var/log # clog filter.log
root@OPNsense:/var/log # even thought tcpdump shows pflog0 pushing out info at a good rate.

So, is filterlog not working as expected? If not, why not?

[franco]

Hi,

Since this is 20.1 and likely 12.1 and maybe not even the only supported platform amd64 there is no dev build to accommodate... you're on your own for the moment.


Cheers,
Franco