Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Log Drops
« previous
next »
Print
Pages: [
1
]
Author
Topic: Log Drops (Read 1664 times)
aerkaya
Newbie
Posts: 5
Karma: 0
Log Drops
«
on:
October 31, 2022, 07:04:19 am »
I switched to opnsense at my company. I am using SentiLOG(SiberSAN) as remote log server. SiberSAN company reported missing logs. When I examined in detail in the tests we conducted with SiberSAN company, I saw that opnsense was missing logs in the filter log files.
I wrote a script file on our Debian server:
now=$(date)
curl=$(curl -s -o /dev/null -w "%{http_code}" -k
https://10
.*.*9.1)
echo "$now - Firewall gui curl http response code: $curl" >> /root/log.ae
I have configured this script file to run every minute with crontab.
After a while, I compared this /root/log.ae file with OPNsense's /var/log/filter/latest.log file and saw that there was a log loss in OPNsense.
We encountered the same problem in external tests by the SiberSAN (SentiLOG) company.
OPNsense 22.7.7.6-amd64
FreeBSD 13.1-RELEASE-p2
OpenSSL 1.1.1q 5 Jul 2022
32 Virtual Core
64GB Virtual Memory
Host Server: Intel(R) Xeon(R) Gold 6348 CPU @ 2.60GHz
«
Last Edit: October 31, 2022, 07:06:13 am by aerkaya
»
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Log Drops
«
Reply #1 on:
October 31, 2022, 11:11:06 am »
Have you checked if setting SentiLog as a log target would work?
System > Settings > Logging/Targets
Logged
aerkaya
Newbie
Posts: 5
Karma: 0
Re: Log Drops
«
Reply #2 on:
October 31, 2022, 12:48:47 pm »
I wrote sentilog as information. I'm not looking at the remote syslog server right now. I'm looking at the log files on opnsense itself.
PS:Logs are coming to the remote syslog server (sentilog). But there are log drops.
Logged
aerkaya
Newbie
Posts: 5
Karma: 0
Re: Log Drops
«
Reply #3 on:
November 07, 2022, 08:51:28 am »
We provide free public internet service. log is very important to us. do you have any advice?
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Log Drops
«
Reply #4 on:
November 07, 2022, 10:49:07 am »
Have you played with the logging level ie. WARN, INFO, DEBUG, etc.
Logged
aerkaya
Newbie
Posts: 5
Karma: 0
Re: Log Drops
«
Reply #5 on:
November 07, 2022, 11:52:34 am »
I could not see such a setting in the "System->Setting->Logging" section.
It's worth repeating. I don't have a problem with sending to the remote server. I'm checking with local log files.
Logged
cookiemonster
Hero Member
Posts: 1823
Karma: 95
Re: Log Drops
«
Reply #6 on:
November 07, 2022, 12:23:45 pm »
Firewall > Log Files > General. Top right drop down list. It might only be used to select what to show in the UI rather than change verbosity.
In any case, /var/log/filter/latest.log is the master. I read that you are saying log entries there are missing because they don't match your script-generated one. I fail to see why the another source is taken as master instead. But maybe I'm missing the point.
Anyway, good luck with your search. Hopefully someone knowledgeable will be giving you a hint.
Logged
aerkaya
Newbie
Posts: 5
Karma: 0
Re: Log Drops
«
Reply #7 on:
November 08, 2022, 08:41:46 am »
I check that the log is generated with the script I wrote. I'm pretty sure the script works, because my http request to the opnsense interface returns a 200 response. Therefore, I would like to see this in the opnsense logs. If I can't see the logs of the request I made, I may not be able to see the more important logs.
Anyone want to give another idea? I don't see any bottlenecks in my system resources.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Log Drops