The pfSense Store

Author Topic: System logs time interval?  (Read 194 times)

0 Members and 1 Guest are viewing this topic.

Offline robi

  • Hero Member
  • *****
  • Posts: 998
  • Karma: +77/-2
    • View Profile
System logs time interval?
« on: December 12, 2017, 01:54:53 pm »
I see that Sytem logs there's a filter functionality, but the 'Regular expression reference' doesn't contain any sensible information on how to simply filter out a time interval.
For example, I'dl like to see logs beween 2AM and 4AM. Any quick and dirty hints to check this out?

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: System logs time interval?
« Reply #1 on: December 12, 2017, 02:23:05 pm »
What day in the logs.. So for example if I wanted to look at Dec 10-12 between 0200 and 0400 You could do this

Dec 1[0-2] 0[2-4]

In the time box...  If you know the specific DAY then say Dec 11 0[2-4]
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline robi

  • Hero Member
  • *****
  • Posts: 998
  • Karma: +77/-2
    • View Profile
Re: System logs time interval?
« Reply #2 on: December 15, 2017, 10:14:42 am »
Thanks. How long are the system logs kept by the way? I tried to search for log entries from Dec 11, and no results... (logs from today appear fine).

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: System logs time interval?
« Reply #3 on: December 15, 2017, 10:32:45 am »
the logs are there but the gui defaults to only like last 50 lines..  you can up the gui to show more logs... I have mine to set 2000 last entries..  If you want to view the full logs with clog

https://doc.pfsense.org/index.php/Why_can%27t_I_view_view_log_files_with_cat/grep/etc%3F_(clog)

There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link... If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Metrick

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: System logs time interval?
« Reply #4 on: December 15, 2017, 11:05:42 am »
There will be more logs there that you can load once they roll over, you can also adjust the size of the rollover.. See the above link... If you really want log history your prob better sending to external syslog.. Then you could store years and parse through them with ease, etc..

Do you have suggestions for an external log server?  Docker, VM, etc.?  Hardest part I have found is finding updated filters/extractors for latest pfSense version.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14753
  • Karma: +1372/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: System logs time interval?
« Reply #5 on: December 15, 2017, 02:45:59 pm »
There are quite a few threads about using a elk stack  with pfsense.  I was playing with that for a while.. But other priorities in my home network/lab I have not gotten back to that..

But simple google you find this great site
http://pfelk.3ilson.com/2017/10/pfsense-v24xkibanaelasticsearchlogstash.html

This guy has put up great info on using pfsense with elk stack with very detailed instructions... I know for sure last time I played with this back when 2.3 was new his instructions were spot on..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline ianrenton

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
    • livescore
Re: System logs time interval?
« Reply #6 on: December 15, 2017, 04:22:37 pm »
Thanks for that link johnpoz, was looking for something like that

Offline Metrick

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: System logs time interval?
« Reply #7 on: December 18, 2017, 07:56:39 am »
Thank you for the link, even has 2.4 GROK patterns!  Much appreciated.