Bug #15754
closed
log file size growing despite settings
0%
Description
Hi all
I have a problem with log file for firewall.
Despite these settings, log file keeps growing and growing.
What can be wrong?
Files
Updated by Jim Pingle 8 months ago
You have "Log Retention Count" set to 0, which might be the problem. Don't change it on the tab in your screenshot, change it in the main logging options under Status > System Logs , Settings tab.
0 doesn't mean keep an infinite number of logs, I suspect it's throwing off the rotation configuration and making it not rotate at all. Try changing that to the default (7) and see if it starts rotating again.
We may need to add validation to prevent that from being set to 0, or document that it disables retention.
Updated by Jim Pingle 8 months ago
Maybe it's the way your theme or the browser is rendering those settings. There have been cases where the dark theme wasn't properly distinguishing enabled/disabled form elements.
Try typing a 7 in there and pressing Save, then check the settings on the other log tabs. If the others all show a 7 except filter, it may need to be manually set on the Filter tab, too. Or blank the field and press Save and see what happens.
Updated by Jim Pingle 8 months ago
- Status changed from New to Feedback
OK, let us know if that started it rotating again. And be sure to check the setting on the Firewall log tab as well to be sure it's showing 7 there.
Either way there is a little bug in the code handling the rotation, just a matter of figuring out specifically what it might be.
Updated by Jim Pingle 8 months ago
What version are you seeing this problem on?
I've been trying to replicate it on a lab system but I can't make it misbehave in the way you describe. If I set it to 0/empty it resets the setting to the system default. If I hand edit the config to have a value of 0, it sets the count to 0, but it still rotates by erasing the current log and restarting it. In no case does it fail to rotate.
I'll need to see a copy of /var/etc/newsyslog.conf.d/pfSense.conf and the <syslog> ... </syslog> section of your config.xml settings to determine what might be happening in your case.
Updated by Tomas B. 8 months ago
- File clipboard-202410010919-ea5w6.png clipboard-202410010919-ea5w6.png added
- File clipboard-202410010919-hxfwh.png clipboard-202410010919-hxfwh.png added
- File clipboard-202410010921-xovdc.png clipboard-202410010921-xovdc.png added
Hello.
Providing the info you asked for:
I should point out that the configuration was imported form version 2.x
Updated by Jim Pingle 8 months ago
Nothing there looks out of sorts.
Check in /etc/crontab and see if you have a line there for newsyslog. It should look like this:
*/1 * * * * root /usr/sbin/newsyslog
If you don't, then that may be the problem. It might be something happened when importing your old configuration and the cron job to handle log rotation didn't get added.
Updated by Jim Pingle 8 months ago
- Status changed from Feedback to Not a Bug
OK, there does not appear to be a bug in how the settings themselves are handled. Your configuration is broken. Either it wasn't restored properly or the configuration upgrade failed somehow, but it's missing several important cron jobs and who knows what else.
This isn't the place to diagnose what happened there, however. For assistance in correcting your configuration file contents, please post on the Netgate Forum