Bug #7323


More user friendly defaults for firewall logs view

Added by Kill Bill about 6 years ago. Updated about 6 years ago.

Web Interface
Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
Affected Architecture:


One of the 'Display as column' or 'Display as second row' options should be the default. From the forums, it's very much clear that the settings are virtually invisible for users (who keep posting either the unreadable raw logs crap, or useless screenshots without any hint on what blocked what).

If performance is still an issue with large rule sets, users can turn that off by explicit action, but the defaults should be usable for the majority of users. The current defaults waste everyone's time.

Actions #1

Updated by Jim Pingle about 6 years ago

I had initially insisted that option default to off because it was horribly slow on ALIX and other low-end platforms at the time it was introduced, but most of those have gone EOL or won't be supported on 2.4 anyhow. Also the formatting left some things to be desired on 2.2.x.

On 2.4 the output being in another column seems to be the best-looking option, and it doesn't seem to be too bad on SG-1000 speed-wise at the default 50 lines of output. Also using a second row seems to be a tad slower.

Some envelope style calculations for 10 iterations at 50 (default) and 500 lines of firewall log data on an SG-1000, which is for all intents and purposes the minimum specs for 2.4:

Setting         Lines   Avg Time (sec)
No Descr        50      1.673
Descr Col       50      1.918
Descr Row       50      1.935
No Descr        500     6.099
Descr Col       500     6.435
Descr Row       500     6.514       

So overall it only adds 1/4 to 1/2 sec on average to load them in a second column on the slowest hardware we have on hand that runs 2.4. The 50 line case takes the bigger hit at a 14.64% increase vs 5.51% increase on 500 lines, but either way it's probably worth it now to default it on for new configs.

Actions #2

Updated by Jim Pingle about 6 years ago

It is worth noting that the above numbers were with a minimal ruleset, it would be worth repeating the test with a more complicated ruleset that had a wider variety of log data to work with. The speed result was what was displayed by using Firebug's net panel while clicking the tab name to refresh the log (F5 caused it to refresh more page assets/content rather than only reloading the page)

Actions #3

Updated by Kill Bill about 6 years ago

Nice timings. ;) Just for a giggle, I tried with Alix and 2.3.3: the times are ~ 6.5s with 50 lines and ~25s with 500 lines (with the description column view and pretty small ruleset, using the Google Chrome timeline.)

Actions #4

Updated by Jim Pingle about 6 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #5

Updated by Jim Pingle about 6 years ago

  • Assignee set to Jim Pingle

I changed the default value in the stock config.xml rather than trying to do any sort of complicated shuffling of config parameter interpretation.

This way new users will get the column and existing users have their preference preserved.

If we decide that we want to turn it on for everyone, then we could add upgrade code to set $config['syslog']['filterdescriptions'] = 1 so we don't have to change the way the setting is interpreted or stored.

Actions #6

Updated by Jim Pingle about 6 years ago

  • Status changed from Feedback to Resolved

A fresh install has the column active in the firewall log as expected.

Actions #7

Updated by John Murphy about 6 years ago

Just verified as well, but a little late to the plate it appears. fresh install of CE from 20170302( within a VM has default selection of "Display as Column". Existing install that was updated to 2.4 (on SG-2220) preserved pre-existing selection for the drop down in question.


Also available in: Atom PDF