Netgate SG-1000 microFirewall

Author Topic: Logging Bug  (Read 2444 times)

0 Members and 1 Guest are viewing this topic.

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Logging Bug
« on: February 20, 2006, 07:16:17 pm »
Hey guys, Im running Snapshot 2-19, and I have several rules set to Log activity. It appears the rules that are set to allow the traffic are not correctly logging traffic. The rules that are set to deny and log actually do appear in the log. The check box to log default block rules is turned off and I have other rules set to log the denied activity. I didn't see any bugs listed in the tracker, unless this falls under the dynamic log. Anyone else seeing this sort of bug?

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #1 on: February 20, 2006, 07:19:07 pm »
Can you look at /tmp/rules.debug and find the rules in question and make sure that "log" appears in it?

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #2 on: February 20, 2006, 08:01:15 pm »
Yep, it says log. Example of a rule:

pass in log quick on $lan proto tcp from {  ***.***.***.166 ***.***.***.167 }  to any port = 80 flags S/SA keep state  queue (qLANdef, qLANacks)  label "USER_RULE: Allow LAN->WAN: HTTP"

In theory this rule should be injecting log traffic when any web traffic from my lan goes out the WAN. However it is not. One thing I did notice while investigating this further is that it appears to be only doing this on the LAN interface. I tested this logging on my OPT interface and it did log the rule I specified. Appears to be interface specific.
« Last Edit: February 20, 2006, 08:04:42 pm by yoda715 »

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #3 on: February 20, 2006, 08:25:02 pm »
And this rule appears before the default allow rule?

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #4 on: February 20, 2006, 09:34:31 pm »
I dont have a default allow rule. I use a default deny all, but this allow 80 rule is above it.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
  • Karma: +7/-2348
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #5 on: February 20, 2006, 10:03:45 pm »
Okay, do this from a shell:

cp /etc/inc/globals.inc ~/globals.inc
fetch -o /etc/inc/globals.inc http://www.pfsense.com/~sullrich/globals.inc

Now view the log file.    Go to the system log tab, you may see something like: "There was a error parsing rule: "... If so, paste the line.

When done, issue this from a shell

cp ~/globals.inc /etc/inc/

Offline sdale

  • Sr. Member
  • ****
  • Posts: 377
  • Karma: +0/-0
    • View Profile
    • pfSense
Re: Logging Bug
« Reply #6 on: February 20, 2006, 10:17:55 pm »
Bah, I did what you told me to and it still didnt work. So I thought I would try something. I disabled the logging option, saved and applied the changes, and then went back into the rule and enabled logging and it works now. Go figure. Maybe it didn't save properly at first for some reason. Thank for your help though Scott.
« Last Edit: February 20, 2006, 10:28:54 pm by yoda715 »