25.7.6 "Firewall: Log Files: Live View" delayed response on "Auto-refresh"

[pfry]

Un-truncated subject: On OPNsense 25.7.6, "Firewall: Log Files: Live View" occasional delayed response when unchecking/checking "Auto-refresh" in Brave browser.

Not much more to it. I don't know what all was changed under the hood, but this seems to be a new behavior. The browser seems unhappy - its UI stalls and stutters a bit, and occasionally times out (with a "page not responding") dialog. FYI, I'm not sure if this will be easily reproducible or considered an issue if it is. It occurs most consistently if I run the full 100 lines, uncheck "Auto-refresh", scroll to the bottom, and check "Auto-refresh".

By the way, the staggered shades are nice, and the default 100 line display is adequate (typically what I would choose).

[pfry]

By the way, regarding 2.5.7.6 Firewall: Log Files: Live View Lookup hostnames - that's a good way to make Brave (1.83.118) very unhappy.

Caveats:
Rather embarrassingly, I'm using an i5-2600k running Win10.
~100 sessions/s, public servers (so lots of blocked trash).

Let's try...

Firefox (128.7.0esr): Better - toggling "Auto-refresh" works well (initially); name lookup actually works... for a while. Then the page gags and I have to switch out and back to recover (with a lot of "page not responding" delays).

Edge (141.0.3537.92): Toggling "Auto-refresh" works well; name lookup displays sessions with rollers, but resolution is very slow. Never completes, in fact - no names displayed after several minutes. UI is not frozen, so I can still toggle "Auto-refresh", click other links, etc. Quick edit II: Edge does not survive long either - it gags after a few repetitions.

Note that I do not expect to look up names, given that half of the lookups are going to be the firewall and nameserver (as I have the default outbound pass rule logged). Just a data point.

Quick edit: Firewall itself is not affected. CPU idles along normally, even when executing piles of name lookups.

[Kets_One]

I can see the same behavior when selecting "Lookup hostnames". This has been a problem for me since March 2025.
However, since last update (25.7.6) the auto-refresh is very slow. this used to be quick, even with hundreds of lines per second.
What can cause this? Something changed in FW backend or is there something else?

[hharry]

+1 here, i've been testing OPNsense 25.7.6-amd64 in LAB sandbox pre-production environment, and find when there are a number of firewall denies, the page just locks up and becomes completely unresponsive, using fully upto date brave and chrome browser's etc...

The issue is 100% reproducible on OPNsense 25.7.6-amd64, very easy to replicate....on demand...one just needs to run a wan side initiated penetration test using nmap from a host on the wan side of OPNsense, destined to OPNsense wan interface IP address to replicate the issue....


Running the same test on OPNsense 25.7.5-amd64  completely resolves the issue, so it's a clear regression.

[beh]

Same here, the client side code of "live view" has been modified in version 25.7.6, since then the UI of "Firewall: Log Files: Live View" screen completely became unresponsive (and may cause browser tabs crash) even without interacting with any option of this screen.

Tested on Brave and Firefox. Only client side CPU is hit hard.

I cannot use this Live View feature anymore on any of my firewalls 😭
Please fix this issue 🙏

BTW thanks for this great product !

[franco]

# opnsense-patch https://github.com/opnsense/core/commit/2abca1ccde42f
# opnsense-patch https://github.com/opnsense/core/commit/25fee9b05b7f8
# opnsense-patch https://github.com/opnsense/core/commit/08c88a1f3e19a

In that order. Try after each one to evaluate the effect is has.


Cheers,
Franco

[pfry]

opnsense-patch https://github.com/opnsense/core/commit/2abca1ccde42f

Brave (1.83.120): Some improvement. Manipulation of the "Auto-refresh" is pretty good, but manipulation of "Lookup hostnames" causes issues (until page is reloaded). Name resolution never completes.

opnsense-patch https://github.com/opnsense/core/commit/25fee9b05b7f8

Brave: Reduced the number of displayed lines to 25; caused double popup info displays for (e.g.) "Time" column (where info cannot fit within the column limits) - one immediate, directly above the carat (pointer), in a "cartoon" style (with pointer); the second, after a delay, in a rectangular popup below and to the right of the carat. The first popup (one only) would occasionally hang until page refresh. Response overall seems OK. Name resolution never completes.

Firefox (128.7.0esr and 140.4.0esr): Similar performance.

opnsense-patch https://github.com/opnsense/core/commit/08c88a1f3e19a

Brave: Still 25 lines. Name lookup is very sporadic, initially; eventually it completes when "Auto refresh" is toggled off. Oddly, resolution, while still sporadic for new lookups, is much faster when "Auto refresh" is toggled on. Overall responsiveness is good. Double info popup/hang is (apparently) gone with this patch.

Firefox: Similar performance. Name resolution does not complete as evenly, but does eventually complete when selected against a paused display (i.e. "Auto-refresh" de-selected, then "Lookup hostnames" selected). Name resolution does not complete within a reasonable interval the first time the sequence "Lookup hostnames" is selected then "Auto-refresh" de-selected; subsequent sequences complete.

New note: "Firewall: Log Files: General" under Firefox (128.7.0esr) displays more logs than selected under the time ("Last day", etc.) pulldown. The severity pulldown works. This seems consistent for all log displays. Updated Firefox to 140.4.0esr, issue remains. Friggin' browsers. Shall I open an issue for it?

[pfry]

New issue: Live log applied filter "bubble" is blank under both browsers. Filters still work, and filters may be deleted by poking where the "X" would normally be. Friggin' browsers! Heh.

[pfry]

By the way: With all three patches, performance looks good.

Issues that remain:
- no "lines" selection, default 25 (too few);
- applied filter bubble display anomaly;
- no "dir" column; no ability to select or persistently resize columns.

[hharry]

# opnsense-patch https://github.com/opnsense/core/commit/2abca1ccde42f
# opnsense-patch https://github.com/opnsense/core/commit/25fee9b05b7f8
# opnsense-patch https://github.com/opnsense/core/commit/08c88a1f3e19a

In that order. Try after each one to evaluate the effect is has.


Cheers,
Franco

I applied https://github.com/opnsense/core/commit/2abca1ccde42f to OPNsense 25.7.6-amd64,, and re-run several penetration nmap scan tests, and looking much better, the browser TAB CPU utilization is looking much lower, and the live view never froze or became unresponsive....I haven't applied any other patch...

[fearz]

I have the same issue, how to apply these patches?

[pfry]

I have the same issue, how to apply these patches?

From a shell, console or ssh. Paste 'em in as above (minus the "#", of course).

[Nachbar]

# opnsense-patch https://github.com/opnsense/core/commit/2abca1ccde42f
# opnsense-patch https://github.com/opnsense/core/commit/25fee9b05b7f8
# opnsense-patch https://github.com/opnsense/core/commit/08c88a1f3e19a

In that order. Try after each one to evaluate the effect is has.


Cheers,
Franco

Solved the problems for my 4 firewalls. Thanks

But i agree

By the way: With all three patches, performance looks good.

Issues that remain:
- no "lines" selection, default 25 (too few);
- applied filter bubble display anomaly;
- no "dir" column; no ability to select or persistently resize columns.

[franco]

Yep, Stephan is working on it. Thanks for the valuable and swift feedback!


Cheers,
Franco

[dfw3xam1n3r]

New issue: Live log applied filter "bubble" is blank under both browsers. Filters still work, and filters may be deleted by poking where the "X" would normally be. Friggin' browsers! Heh.

Mine were "blank" when using dark mode (white text on white background), but using default theme, it shows this text in the bubbles (as an example):