Netgate SG-1000 microFirewall

Author Topic: dpinger alerts suggestion  (Read 1988 times)

0 Members and 1 Guest are viewing this topic.

Offline esseebee

  • Jr. Member
  • **
  • Posts: 44
  • Karma: +4/-0
    • View Profile
dpinger alerts suggestion
« on: May 11, 2016, 07:23:20 pm »
Hello,

I have noticed since updating to pfsense 2.3, when the WAN connection drops it doesn't put the alert in the System Logs > Gateways list.  Latency alerts are put in system logs > gateways, but not when a gateway goes down.  When a gateway goes down, it is entered in the general System Logs list as

"3236   /rc.filter_configure_sync: MONITOR: Gateway is down, omitting from routing group TELSTRA_DSL_DHCP". 

When the gateway comes back up, there also isn't a definitive "gateway alert is cleared" message in the system logs, which would be helpful. My suggestions would be -

1. All gateway alerts be put in the system logs > gateway fields.  It simplifies things for me, as I can choose to only send syslog alerts from the gateways.
2. When a gateway alert is cleared, an "all clear" entry in the system logs > gateways field to be entered.

Cheers

Offline dennypage

  • Hero Member
  • *****
  • Posts: 729
  • Karma: +143/-0
    • View Profile
Re: dpinger alerts suggestion
« Reply #1 on: May 12, 2016, 05:34:49 pm »
Dpinger itself logs an alarm when one or more of the alarm thresholds are crossed. The alarm could be triggered by latency, loss, or both. Another log entry occurs when all alarm thresholds have cleared. Regardless of the trigger for the log entry, current values for latency, stddev, and loss are included in the log message.

In the first example below, the alarm was triggered by loss alone. The second was triggered by latency, and the third by latency and loss simultaneously.

Code: [Select]
May 6 01:23:45 dpinger Wan X.X.X.X: Alarm latency 8558us stddev 0us loss 50%
May 6 01:23:55 dpinger Wan X.X.X.X: Clear latency 10303us stddev 2179us loss 0%

Apr 2 09:20:35 dpinger Wan X.X.X.X: Alarm latency 7348934us stddev 9549263us loss 0%
Apr 2 09:21:28 dpinger Wan X.X.X.X: Clear latency 46087us stddev 75340us loss 0%

Apr 2 09:08:46 dpinger Wan X.X.X.X: Alarm latency 9501506us stddev 11277451us loss 22%
Apr 2 09:10:05 dpinger Wan X.X.X.X: Clear latency 39669us stddev 56618us loss 1%

Note that the alarm threshold and alarm decay for latency and loss are tracked independently, so it is also possible to see multiple alarm messages without an intervening clear message. I don't have a good example of that to hand.

If you are seeing alarm messages in the gateway log, but no corresponding clear messages, it is likely that the system is restarting the dpinger instance prior to the clear message being logged. If this is the case, you should see the dpinger startup entry in the log.