Bug #12833
closedGUI Service Log Filling Up with Cruft
0%
Description
Starting with 2.6.0 (but I've updated to 22.1 and it's still happening), the GUI Service log at:
Status > System Logs > System > GUI Service
is filling up rapidly with log entries.
Files
Updated by David Lessnau almost 3 years ago
Sorry. Filling up with nginx messages. Here's a link to the forum thread:
https://forum.netgate.com/topic/170081/gui-services-in-the-system-log-are-filled-with-nginx-messages
Updated by Viktor Gurov almost 3 years ago
Currently, pfSense syslog uses the "-c -c" option to disable the compression of repeated instances of the same line into a single line of the form "last message repeated N times".
https://github.com/pfsense/pfsense/blob/master/src/etc/inc/syslog.inc#L473:
$retval = mwexec_bg("/usr/sbin/syslogd {$syslogd_format} -s -c -c {$syslogd_sockets} -P {$g['varrun_path']}/syslog.pid {$syslogd_extra}");
We can disable this option, but this may affect third party log analysis software,
or allow to enable/disable this option on the status_logs_settings.php page
Updated by Viktor Gurov almost 3 years ago
we can also use the nginx log filtering feature:
map $request_uri $loggable { default 1; ~(ifstats.php|getstats.php|getqueuestats.php)$ 0; } access_log /var/log/nginx.log if=$loggable;
see https://docs.nginx.com/nginx/admin-guide/monitoring/logging#enabling-conditional-logging
Updated by Jim Pingle almost 3 years ago
- Status changed from New to Not a Bug
It's doing exactly what it's should be doing and logging every request. It's a security concern. If you have no idea what is hitting your GUI making requests that end up in the log, you should be looking into why that is happening, not trying to suppress the logs.
Maybe we could add an option to disable that behavior but it should be enabled by default.
Updated by David Lessnau almost 3 years ago
OK. I'm certainly not an expert and it doesn't seem to be causing problems. But, from my point of view, I guess I'd want to see just exceptional things in the log. Seeing every POST and GET just seems a bit excessive. For instance, yesterday, my GUI Service log turned over 10 times.
Updated by Jim Pingle almost 3 years ago
That is a raw web server log, it's not meant to only show notable events, but every access of the web server. That's why it's off on its own tab.
Updated by Daryl Morse over 1 year ago
Jim Pingle wrote in #note-6:
That is a raw web server log, it's not meant to only show notable events, but every access of the web server. That's why it's off on its own tab.
In my case, I have increased the log size from the default to 2000 entries. If I recall correctly, the default is 500 entries.
Here are the log files:
8 drwxr-xr-x 2 root wheel 512 Jun 15 2019 nginx
192 rw------ 1 root wheel 96066 Aug 17 13:18 nginx.log
24 rw------ 1 root wheel 9972 Aug 17 11:33 nginx.log.0.bz2
24 rw------ 1 root wheel 10340 Aug 17 00:40 nginx.log.1.bz2
16 rw------ 1 root wheel 8027 Aug 16 20:12 nginx.log.2.bz2
24 rw------ 1 root wheel 8218 Aug 16 19:43 nginx.log.3.bz2
24 rw------ 1 root wheel 8393 Aug 16 19:14 nginx.log.4.bz2
24 rw------ 1 root wheel 9997 Aug 16 18:45 nginx.log.5.bz2
24 rw------ 1 root wheel 10174 Aug 16 15:05 nginx.log.6.bz2
I'm not clear how the rollover mechanism works, but if the system holds a maximum of 2000 messages, then that appears to be two days of messages for my small system. If I wanted to know if there was a noteworthy message in the log, I would have to scroll through the log every day or other day. With all due respect, this is not a feature. There should be a mechanism to turn off routine messages if they not of interest. I would prefer to only see notable messages (i.e., errors), rather than every access of the web server.
Updated by Daryl Morse 9 months ago
- File Capture 2.PNG Capture 2.PNG added
In Status / System Logs / Settings, there is the setting "Web Server Log".
I take this setting literally, that if it is checked, errors will be logged. If it's not checked, errors will not be logged. There is no setting for non-errors (e.g., usage) to be logged or not.
If there was a setting to enable or disable logging of non-errors, they could be disabled and it would prevent at least this one log from wrapping so often.