Bug #7323
closedMore user friendly defaults for firewall logs view
100%
Description
One of the 'Display as column' or 'Display as second row' options should be the default. From the forums, it's very much clear that the settings are virtually invisible for users (who keep posting either the unreadable raw logs crap, or useless screenshots without any hint on what blocked what).
If performance is still an issue with large rule sets, users can turn that off by explicit action, but the defaults should be usable for the majority of users. The current defaults waste everyone's time.
Updated by Jim Pingle over 7 years ago
I had initially insisted that option default to off because it was horribly slow on ALIX and other low-end platforms at the time it was introduced, but most of those have gone EOL or won't be supported on 2.4 anyhow. Also the formatting left some things to be desired on 2.2.x.
On 2.4 the output being in another column seems to be the best-looking option, and it doesn't seem to be too bad on SG-1000 speed-wise at the default 50 lines of output. Also using a second row seems to be a tad slower.
Some envelope style calculations for 10 iterations at 50 (default) and 500 lines of firewall log data on an SG-1000, which is for all intents and purposes the minimum specs for 2.4:
Setting Lines Avg Time (sec) No Descr 50 1.673 Descr Col 50 1.918 Descr Row 50 1.935 No Descr 500 6.099 Descr Col 500 6.435 Descr Row 500 6.514
So overall it only adds 1/4 to 1/2 sec on average to load them in a second column on the slowest hardware we have on hand that runs 2.4. The 50 line case takes the bigger hit at a 14.64% increase vs 5.51% increase on 500 lines, but either way it's probably worth it now to default it on for new configs.
Updated by Jim Pingle over 7 years ago
It is worth noting that the above numbers were with a minimal ruleset, it would be worth repeating the test with a more complicated ruleset that had a wider variety of log data to work with. The speed result was what was displayed by using Firebug's net panel while clicking the tab name to refresh the log (F5 caused it to refresh more page assets/content rather than only reloading the page)
Updated by Kill Bill over 7 years ago
Nice timings. ;) Just for a giggle, I tried with Alix and 2.3.3: the times are ~ 6.5s with 50 lines and ~25s with 500 lines (with the description column view and pretty small ruleset, using the Google Chrome timeline.)
Updated by Jim Pingle over 7 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 88aceb2573acab8fbc7e4d467e31280f701ba9cd.
Updated by Jim Pingle over 7 years ago
- Assignee set to Jim Pingle
I changed the default value in the stock config.xml rather than trying to do any sort of complicated shuffling of config parameter interpretation.
This way new users will get the column and existing users have their preference preserved.
If we decide that we want to turn it on for everyone, then we could add upgrade code to set $config['syslog']['filterdescriptions'] = 1
so we don't have to change the way the setting is interpreted or stored.
Updated by Jim Pingle over 7 years ago
- Status changed from Feedback to Resolved
A fresh install has the column active in the firewall log as expected.
Updated by John Murphy over 7 years ago
Just verified as well, but a little late to the plate it appears. fresh install of CE from 20170302(https://snapshots.pfsense.org/amd64/pfSense_master/installer/pfSense-CE-2.4.0-BETA-amd64-20170302-0727.iso.gz) within a VM has default selection of "Display as Column". Existing install that was updated to 2.4 (on SG-2220) preserved pre-existing selection for the drop down in question.