Log Export Issue

When I export the logs using the export button the exported # of logs exported does not match what is indicated in the ip log section. IP fire says there was1359 logs but when put into Excel it shows only 1318? Where did the other 40 logs go ?

See screenshots…


when I export the log, I see 3 add’l lines at the top (which I delete)

importing to Calc is ok (no rows missing). delimiter is just space.

Paul, can you take a screenshot of the counts.

Sure, logs > Firewall logs

save as log.dat, remove top 3 lines, open with calc, delimiter space


Thanks that verified my error wish there was an automated way to send lol files like this to another system, syslog requires to much additional in my mind is reinventing the wheel and I just need day log reports from the host might have to try and write a script so they can be compared to other logs.

Be safe out there :wink:

Use rsyslog and send logs to a remote system for analysis. Uses port 514

I configured a ubuntu18 server to accept UDP remote logs.
On ipfire, Log settings, enabled rsyslog,, save.
After a while, I start getting data on the remote system.

1 Like

Ok so looking at the code for the log export I need some help in trying to pass the options to the cgi script so I can get the output without the form so I can run wget and then do some post processing to get this data INTO a SQL database that is hosted off the machine.

I am trying but it does not seem to work and looking at the form in the firewalllog.dat it shows

Blockquote if ($cgiparams{‘ACTION’} eq $Lang::tr{‘export’})

but if I try and append ?action=export to the CGI it does not return the log like clicking the export button, I dont think I fully understand the code…

It would really be helpful to have this in a CSV format and that what I am trying to do…

This is what I want to do is use wget to snag the info…

wget --user=username --password=password --no-check-certificate --post-data ‘WHAT IS THE CORRECT POST DATA?’

Looking at the form and still trying to figure out the correct post data for the flat logs… any ideas?

I don’t understand what you’re trying to do … the output is just space-separated log file. If you want a comma, you can change the output to have a comma instead of space as a delimiter (eventhough SQL would easily import space-separated data).


I am trying to get the data out without hitting the export button as I want to automate some things…

wget --user=XXXX --password=XXXXXX --no-check-certificate https://ipfire.lan:444/cgi-bin/logs.cgi/firewalllog.dat?action=export

You may get a warning if the CN cert does not match the hostname.

WARNING: cannot verify ipfire.lan’s certificate, issued by ‘CN=ipfire.lan’:
Self-signed certificate encountered.

This will create a “firewalllog.dat?action=export” file, html format, it contains all the ipfire links and then a table of the logs. Here’s a partial screenshot …