We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this?
pfSense uses clog rather than the usual BSD newsyslog.
I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.
There are several ways to do this. Why don't you read the excellent and useful mailing archives for pfsense, or check their forums?
Anyway, there are two ways to increase logs. First, you can increase the size of the clog files by re-initializing them. Another way is to install a regular syslogger which captures logs in the regular way. You can then use that syslogger to forward logs to a central point. If you are in a secure environment where you have to guarantee to retain all logs, then having the clog + local syslog + remote syslog is best.
and for the syslog-ng.conf: http://forum.pfsense.org/index.php/topic,7793.0.html
Log rotation on FreeBSD is typically controlled with 'newsyslog'. You can edit the config file (/etc/newsyslog.conf) to control various aspects of how long logs are kept and how big the files may be kept. Read the man page for newsyslog for full details.
Modern pfsense versions have both the option to increase the file size and to log to a remote syslog server at
Status>System Logs>SettingsYou can use an other server to receive and store files. First you must determine remote Server IP in your pfsense to send event on remote machine. in Server side you must enable remote log fetching in rsyslog.conf ( help : http://www.rsyslog.com/storing-and-forwarding-remote-messages/). in this scenario I more explain:
Pfasense(A) Remote Server (B) --------- ----------- Set to send syslog to B Config rsyslog.con help link