Bug #7323
closed
More user friendly defaults for firewall logs view
Added by Kill Bill over 7 years ago.
Updated over 7 years ago.
Affected Architecture:
All
Description
One of the 'Display as column' or 'Display as second row' options should be the default. From the forums, it's very much clear that the settings are virtually invisible for users (who keep posting either the unreadable raw logs crap, or useless screenshots without any hint on what blocked what).
If performance is still an issue with large rule sets, users can turn that off by explicit action, but the defaults should be usable for the majority of users. The current defaults waste everyone's time.
I had initially insisted that option default to off because it was horribly slow on ALIX and other low-end platforms at the time it was introduced, but most of those have gone EOL or won't be supported on 2.4 anyhow. Also the formatting left some things to be desired on 2.2.x.
On 2.4 the output being in another column seems to be the best-looking option, and it doesn't seem to be too bad on SG-1000 speed-wise at the default 50 lines of output. Also using a second row seems to be a tad slower.
Some envelope style calculations for 10 iterations at 50 (default) and 500 lines of firewall log data on an SG-1000, which is for all intents and purposes the minimum specs for 2.4:
Setting Lines Avg Time (sec)
No Descr 50 1.673
Descr Col 50 1.918
Descr Row 50 1.935
No Descr 500 6.099
Descr Col 500 6.435
Descr Row 500 6.514
So overall it only adds 1/4 to 1/2 sec on average to load them in a second column on the slowest hardware we have on hand that runs 2.4. The 50 line case takes the bigger hit at a 14.64% increase vs 5.51% increase on 500 lines, but either way it's probably worth it now to default it on for new configs.
It is worth noting that the above numbers were with a minimal ruleset, it would be worth repeating the test with a more complicated ruleset that had a wider variety of log data to work with. The speed result was what was displayed by using Firebug's net panel while clicking the tab name to refresh the log (F5 caused it to refresh more page assets/content rather than only reloading the page)
Nice timings. ;) Just for a giggle, I tried with Alix and 2.3.3: the times are ~ 6.5s with 50 lines and ~25s with 500 lines (with the description column view and pretty small ruleset, using the Google Chrome timeline.)
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Assignee set to Jim Pingle
I changed the default value in the stock config.xml rather than trying to do any sort of complicated shuffling of config parameter interpretation.
This way new users will get the column and existing users have their preference preserved.
If we decide that we want to turn it on for everyone, then we could add upgrade code to set $config['syslog']['filterdescriptions'] = 1 so we don't have to change the way the setting is interpreted or stored.
- Status changed from Feedback to Resolved
A fresh install has the column active in the firewall log as expected.
Also available in: Atom
PDF
Updated by 
Updated by Kill Bill 
Updated by