Re: [pfSense-discussion] clog size
RB wrote: I've had a request to increase logging duration on systems that have no access to an external syslog server, so am making the necessary changes to maintain much larger ring-log files. Incredibly larger - what we've done is to make a few tweaks and install syslog-ng 1/ change the system include file so that it starts syslog with -b 127.0.0.1 so that it doesn't bind to an external IP. 2/ add some lines to /etc/rc.conf.local to make a restart of syslog also bind only to localhost: syslogd_enable=YES syslogd_flags= -s -f /var/etc/syslog.conf -b 127.0.0.1 3/ install syslog-ng and write config so that it does full logging to local file system as well as copying to a main log server 3a/ pkg_add -r syslog-ng 3b/ config file is /usr/local/etc/syslog-ng/syslog-ng.conf (if interested, I can provide ours after sanitisation) 3c/ make syslog-ng listen on, say, the sync interface or lan. 4/ add some lines to /etc/rc.conf.local to make sure that syslog-ng starts up 5/ use the pfsense gui to tell it to log to the syslog-ng IP address this works for us, and the key thing is that apart from having to fix the /etc/inc/system.inc file when upgrading pfsense (I offered the diffs/patch, I think it might have been accepted), you don't have to bend the system too far as you don't have to hack any other part of pfsense. HTH Paul
Re: [pfSense-discussion] clog size
what we've done is to make a few tweaks and install syslog-ng I seriously considered that, but for the added 'complexity' and not everyone on the team being on the same page, the most supportable approach is simply increasing the sizes clog initializes its files to. Some experimentation indicates that, although the displayed size in bytes doesn't come out exactly, 2GB is indeed the limit. There isn't any overflow that I can tell, but something, whether it be the signedness or something in init_log, is cutting things off there. RB
Re: [pfSense-discussion] clog size
On 4/14/08, Paul M [EMAIL PROTECTED] wrote: RB wrote: I've had a request to increase logging duration on systems that have no access to an external syslog server, so am making the necessary changes to maintain much larger ring-log files. Incredibly larger - what we've done is to make a few tweaks and install syslog-ng 1/ change the system include file so that it starts syslog with -b 127.0.0.1 so that it doesn't bind to an external IP. 2/ add some lines to /etc/rc.conf.local to make a restart of syslog also bind only to localhost: syslogd_enable=YES syslogd_flags= -s -f /var/etc/syslog.conf -b 127.0.0.1 3/ install syslog-ng and write config so that it does full logging to local file system as well as copying to a main log server 3a/ pkg_add -r syslog-ng 3b/ config file is /usr/local/etc/syslog-ng/syslog-ng.conf (if interested, I can provide ours after sanitisation) 3c/ make syslog-ng listen on, say, the sync interface or lan. 4/ add some lines to /etc/rc.conf.local to make sure that syslog-ng starts up 5/ use the pfsense gui to tell it to log to the syslog-ng IP address this works for us, and the key thing is that apart from having to fix the /etc/inc/system.inc file when upgrading pfsense (I offered the diffs/patch, I think it might have been accepted), you don't have to bend the system too far as you don't have to hack any other part of pfsense. I have commited some code to help with this: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup Scott
Re: [pfSense-discussion] clog size
Scott Ullrich wrote: On 4/14/08, Scott Ullrich [EMAIL PROTECTED] wrote: I have commited some code to help with this: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.50;content-type=text%2Fx-cvsweb-markup Woops, wrong URL: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/usr/local/www/guiconfig.inc?rev=1.90.2.49;content-type=text%2Fx-cvsweb-markup if clog is turned off, does it then use tail -N and look at a normal log file instead of using clog to view?
Re: [pfSense-discussion] clog size
a few other things we'd like to see as well, if you would be willing to rewrite the logging system we can discuss further. Any progress on an Hg feed or at least anonymous CVS (cvsup hasn't built on Linux for quite some time)? I'd be a lot more gung-ho about development and submitting patches if there were a clean way of getting a copy of the pfSense tree into a development environment _I_ am comfortable with. I can do VMs and all that goop (and would to test), but especially since this is all PHP/csh, there's no reason I shouldn't be able to use my own environment. RB