Log Drops

Started by aerkaya, October 31, 2022, 07:04:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 31, 2022, 07:04:19 AM Last Edit: October 31, 2022, 07:06:13 AM by aerkaya
I switched to opnsense at my company. I am using SentiLOG(SiberSAN) as remote log server. SiberSAN company reported missing logs. When I examined in detail in the tests we conducted with SiberSAN company, I saw that opnsense was missing logs in the filter log files.

I wrote a script file on our Debian server:

now=$(date)
curl=$(curl -s -o /dev/null -w "%{http_code}" -k https://10.*.*9.1)
echo "$now - Firewall gui curl http response code: $curl" >> /root/log.ae

I have configured this script file to run every minute with crontab.

After a while, I compared this /root/log.ae file with OPNsense's /var/log/filter/latest.log file and saw that there was a log loss in OPNsense.

We encountered the same problem in external tests by the SiberSAN (SentiLOG) company.





OPNsense 22.7.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022
32 Virtual Core
64GB Virtual Memory
Host Server: Intel(R) Xeon(R) Gold 6348 CPU @ 2.60GHz
October 31, 2022, 11:11:06 AM #1
Have you checked if setting SentiLog as a log target would work?
System > Settings > Logging/Targets
October 31, 2022, 12:48:47 PM #2
I wrote sentilog as information. I'm not looking at the remote syslog server right now. I'm looking at the log files on opnsense itself.

PS:Logs are coming to the remote syslog server (sentilog). But there are log drops.
November 07, 2022, 08:51:28 AM #3
We provide free public internet service. log is very important to us. do you have any advice?
November 07, 2022, 10:49:07 AM #4
Have you played with the logging level ie. WARN, INFO, DEBUG, etc.
November 07, 2022, 11:52:34 AM #5
I could not see such a setting in the "System->Setting->Logging" section.

It's worth repeating. I don't have a problem with sending to the remote server. I'm checking with local log files.
November 07, 2022, 12:23:45 PM #6
Firewall > Log Files > General. Top right drop down list. It might only be used to select what to show in the UI rather than change verbosity.
In any case, /var/log/filter/latest.log is the master. I read that you are saying log entries there are missing because they don't match your script-generated one. I fail to see why the another source is taken as master instead. But maybe I'm missing the point.
Anyway, good luck with your search. Hopefully someone knowledgeable will be giving you a hint.
November 08, 2022, 08:41:46 AM #7
I check that the log is generated with the script I wrote. I'm pretty sure the script works, because my http request to the opnsense interface returns a 200 response. Therefore, I would like to see this in the opnsense logs. If I can't see the logs of the request I made, I may not be able to see the more important logs.

Anyone want to give another idea? I don't see any bottlenecks in my system resources.
Print
Go Up Pages1
User actions