Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - crevettedragon

Pages: [1]
1
General Questions / How to use pfsense as a transparent sniffer only
« on: February 01, 2018, 06:49:18 pm »
Hi,

Here is my use case: I want to upgrade my current internet box with a pfsense box. However, the traffic between the tv box and the internet box is special and I want to investigate it to be able to properly configure my pfsense box.


As such I want a "sneaky" pfsense that will simply log all traffic and act as a simple Ethernet cable from the internet and tv box perspective.

What would be the best way to do it ?

2
General Questions / Re: max size logs ?
« on: February 09, 2017, 05:24:17 am »
Ok so I thought that it might have been hardware/bad config on my pfsense so i tried on another pfsense ( spoiler : it was the same ).

So I go on that pfsense, all logs are 1 000 000 000 B, and i test the size of dhcpd.log, all fine.
I then change the specific size of filter.log ( then reset of course ) to 5 000 000 000 B and check : it is working and size is 705032740. Now some maths :
5 000 000 000 - 705032740 = 4294967260 = 2^32

I then change the specific size of filter.log ( then reset of course ) to 2 000 000 000 B and check : it is working and size is 2 000 000 000 B


I then change the specific size of filter.log ( then reset of course ) to 5 000 000 000 B and check : it is working and size is 1410065408. Now some maths :
10 000 000 000 - 1410065408= 8589934592= 2^33

I then change the specific size of filter.log ( then reset of course ) to 3 000 000 000 B and check : it is NOT working : syslogd : /var/log/filter.log : Operation not supported by device and size is 7239303168 . Donít see what it adds up to.


I then change the specific size of filter.log ( then reset of course ) to 3 000 000 000 B AGAIN ( after changing it back to a working 2000000000) and check : it is NOT working : syslogd : /var/log/filter.log : Operation not supported by device and size is 7239467008 . Donít see what it adds up to neither.
But same asked size 3 000 000 00 and different ę error size Ľ.

I then change the specific size of filter.log ( then reset of course ) to 2147483647 B and check : it is working and size is 2147483647 B

I then change the specific size of filter.log ( then reset of course ) to  2147483648 B and check : it is NOT working : syslogd : /var/log/filter.log : Operation not supported by device and size is 7178878976 . Donít see what it adds up to.

What i can ę conclude Ľ is that max size is 2 147 483 647 B = 2^31 -1

However i donít understand the Operation not supported by device and the fact that i get different ę error sizes Ľ for same 3000000000B.

To answer the remarks saying i should use graylog you are right I already use it on an other pfsense but for that particular pfsense logs will not be used at all and only kept for legal reasons ( if some sick pedophile crack my wifi passwd for example I need to be able to provide 2 years or so of logs to defend myself ).

3
General Questions / Re: max size logs ?
« on: February 07, 2017, 07:37:03 pm »
I think the problem is elswhere, on this topic : https://forum.pfsense.org/index.php?topic=82078.0 they create a 1GB with no issue ( an futhermore different sizes before you could do it with the GUI ) of 1GB and the "limit" ( didn't find anything about a limit tho ) if there is one must be even greater, mine is capped at 700MB even tho I did ask for more, and it didnt give me any warning in the GUI.

4
General Questions / Re: max size logs ?
« on: February 07, 2017, 07:03:07 pm »
Thing is I'm not even close to 100GB, I ask for 5GB i get 700MB, something must be wrong with my config yet I can't point it out

5
General Questions / max size logs ?
« on: February 07, 2017, 03:17:01 pm »
Hi,

I'm having a hard time with setting up my logs file. i tried setting up a special size only for filter.log using the GUI, but it failed and after i reset log to apply it either it doesn't log anymore or it has a strange very inferior size.
So I am trying to roll back to same size for those ~20 logs.
So i go to   Status /System Logs /Settings / General Logging Options and try to set up 5GB for each clog ( which is not ideal I would want 1GB for all and 100GB for filter.log but at this point i'm just trying to get it to work).
Here is a screenshot

I save then reset log files on that page ( blue then red button ).
All is logging fine but then i connect with ssh and perform a wc to check and i see i get very little file size ( 705032704 ), here is a screenshot:


I have ample size and dedicated that 250GB SSD to logging, is there no way i can use that space to have big log files ?

Thanks for helping :)

Pages: [1]