Where are pfsense log files?

pfsense
54,505

Solution 1

As of pfSense 2.5+, logging has changed. There is no longer a clog utility; they're all just plain-text files., though they're still all located at /var/log. It appears that all existing/prior logs are deleted during the upgrade; at least I couldn't find the old logs after the upgrade (and this behavior doesn't seem to be referenced in the ticket).

pfSense® software version 2.5.0 uses plain text log files which can be used by a variety of traditional shell utilities.

The firewall periodically rotates log files to keep their size in check. The rotation behavior is controlled by the log settings (Log Rotation Settings). There is one main log file, plus a number of rotated log files. The rotated log files are compressed by default. The GUI understands each compression option and will display and search contents of rotated log files in addition to the main log file. This adds processing time but vastly increases the amount of log data available to the GUI.

pfSense® software versions older than 2.5.0 use a binary circular log format known as clog to maintain a constant log size without the need for rotation. As syslogd writes new entries to a clog file, it removes older entries automatically. As such, the older data is lost.

Solution 2

In the nanobsd 2.0.3 release at least, they are found by going to:

  • cd /var/log (not plural logs ;)
  • clog system.log | less
    • Replace system.log with name of any log in the directory.
    • Because these log files are not regular text files, but are actually binary circular logs, then the clog utility is used to view them and | less pipes the output to less so that you can scroll up and down through the logs using page up/down keys. Press q to exit.
  • When you are done viewing logs and want to return from the shell prompt back to the pfsense menu, type exit at the command prompt.

Solution 3

pfSense stores its log files in the /var/log directory.

The logs are not stored in the standard text-based format. Instead they are stored in a 'circular logging' format. Use the clog tool to view the logs. You can use it similarly to the tail command. i.e. clog -f /var/log/system.log will display the entire log and then continue to 'follow' it.

Solution 4

Simpler way of looking at logs - log into the pfsense web console and Select 'Edit File' within 'Diagnostics'. Here you can browse the directory /var/log/system.log.

Example:

pfsense logs

Share:
54,505

Related videos on Youtube

AaronLS
Author by

AaronLS

Updated on September 18, 2022

Comments

  • AaronLS
    AaronLS about 1 year

    Where can the pfsense log files be located and viewed?

    I have searched the documentation and it doesn't indicate the log files location for the various components of pfsense.

  • mwfearnley
    mwfearnley about 6 years
    This answer is almost too beginner-friendly for someone I'd trust with console access to a pfSense device.
  • AaronLS
    AaronLS about 6 years
    @mwfearnley Guess you don't have to worry since no one here is asking you for access. That said, circular logs aren't super common that I'd expect everyone to be familiar with them off the cuff.
  • mwfearnley
    mwfearnley about 6 years
    Yes, the clog info is helpful.
  • mwfearnley
    mwfearnley almost 5 years
    Looking back, my initial comment wasn't very constructive.. Giving the location (indirectly) and advising to use clog / less are very useful. But using cd to change directories should be known already, and is actually not needed, since you can do clog /var/log/system.log directly. Also, just to say this is information still works up to at least v2.4 on FreeBSD.
  • mwfearnley
    mwfearnley over 4 years
    Yes, the log file is mostly plain text, but it's actually stored in a "circular log" - it's a fixed-size file - with a small binary footer. There is a "cursor position" tracked in the file, that resets to the start when the file reaches the end. This means that the oldest entry will likely be somewhere in the middle of the file, and the first line will be wrapped around from the end. The clog tool is the recommended way to view them.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to redirect custom urls to some local IPs with pfSense
PFSense IPSec connection established, wan works, lan not
IPsec on pfSense: Tunnel is up, but I can't connect to remote host
Voip phones losing registration from external SIP PBX
Cannot log in to pfSense web configurator on fresh install
Active Directory Domain Controller with pfSense as DHCP and DNS server
How do I set up a OpenVPN server on pfsense
Does pFsense support web caching?
pfSense Captive Portal page to require 'agree to terms'?
How to block an IP address from sending or receiving traffic?