Hello,
I have a problem with the ipfire logs.
When I have a large amount of logs, the options such as logs by countries or by ports give me an Out of Memory error.
In order to continue observing the day’s logs, I need to empty the message file from the var / log path …
Is there a solution to this other than deleting logs?
Normally the logfile should rotated by logrotate to prevent too large files.
Have you a problem with disc space that run out or insufficient ram to parse the log?
How do I get the logs to rotate with logrotate?
The memory thing, I think it will be a problem with Apache or some service, because I can continue browsing the interface but I cannot access the logs that show the graph pie …
The error is shown in the browser when it is trying to load the page for a while, and in the error logs it shows me the out of memory.
Which logs do want to look at?
‘Fw-Loggraphs (Port)’ ?
Fw-Loographs (port) Fw-Loographs (IP) Fw-Loographs (Country), all of the pie chart. I see them at the beginning of the day, but as the records grow, it takes longer to update, and there comes a time when I get an error and I can’t see them until the next day or deleting the entire message file.
What system do you use? ( RAM size, swap on/off )
I just checked the source. All firewall messages of the day are read to an internal array, first. Then the graphs and tables are produced from this data. If you have many messages but few RAM and no swap space, the process may run out of memory.
1 GigaByte (1024 MB)
This should be enough.
How many hits are logged before the out-of-memory error?
To be sure, just another question: which Core Update do you use? There was an issue with the Perl module for the Location database.
About 500K or 600K hits, more or less.
And the update, system version is:
IpFire Version 2.25 (x86_64) - core157
Packfire Version 2.25-x86_64
500K hits per day is much a lot.
What FW rules do produce such a great number?
Does it help to switch off some in the firewall options or switch off the logging for some rules?
I can’t imagine how this big bunch is analysed every day,
Well, in my company located in Spain they connect from Colombia through Windows remote desktop. Therefore I have the blockade of all countries other than Colombia to the network, and they do not stop trying to attack through certain ports …
Then these attacks don’t really have information. After checking that the block is functioning, you can switch off the logging. The messages only document expected behaviour ( news, but no information, theoretically spoken ).
2 Likes
I take advantage of another question … where do I have to look to find out how much physical memory I have left? I assigned 10 GB but to see if with so much log I run out quickly and I have a big problem…
I have seen in physical media, but there is a lot of directory / paths…
go to the IPFire WebGUI → menu Status → Memory.
3 Likes