diff --git a/source/firewall.rst b/source/firewall.rst index 5993437c..ed69c067 100644 --- a/source/firewall.rst +++ b/source/firewall.rst @@ -26,6 +26,7 @@ These are all combined in the firewall section. manual/firewall_scrub manual/how-tos/shaper manual/how-tos/carp + manual/logging_firewall manual/diagnostics diff --git a/source/interfaces.rst b/source/interfaces.rst index 995d814f..bd0bc6da 100644 --- a/source/interfaces.rst +++ b/source/interfaces.rst @@ -21,6 +21,7 @@ All traffic flowing through your appliance is using (virtual) interfaces, this i manual/other-interfaces manual/mobile_wan manual/ipv6 + manual/logging_interfaces --------------- Setup guides diff --git a/source/manual/logging.rst b/source/manual/logging.rst deleted file mode 100644 index 99da3711..00000000 --- a/source/manual/logging.rst +++ /dev/null @@ -1,151 +0,0 @@ -============== -System Logging -============== - -When troubleshooting problems with your firewall, it is very likely you have to check -the logs available on your system. In the UI of OPNsense, the log files are generally grouped -with the settings of the component they belong to. The log files can be found here: - ------- -System ------- - -============================= =================================================== ============================================================= - **System Log** :menuselection:`System --> Log Files --> General` *Most of all system related events go here* - **Backend / config daemon** :menuselection:`System --> Log Files --> Backend` *Here you can find logs for config generation of API usage* - **Web GUI** :menuselection:`System --> Log Files --> Web GUI` *Lighttpd, the webserver of OPNsense itself, logs here* - **Firmware** :menuselection:`System --> Firmware --> Log File` *Updates from the packaging system go here* - **Gateways** :menuselection:`System --> Gateways --> Log File` *Lists Dpinger gateway tracking related log messages* - **Routing** :menuselection:`System --> Routes --> Log File` *Routing changes or interface events* -============================= =================================================== ============================================================= - -.. Note:: - Log files on file system: - /var/log/system.log (clog) - /var/log/configd.log (clog) - /var/log/lighttpd.log (clog) - /var/log/pkg.log (clog) - /var/log/gateways.log (clog) Note: By default gateway monitoring is disabled, so the log will be empty. - /var/log/routing.log (clog) - ----------- -Interfaces ----------- - -==================== ============================================================== =================================================================== - **Wireless** :menuselection:`Interfaces --> Wireless --> Log File` *When using wireless features of OPNsense you find the logs here* - **Point-to-Point** :menuselection:`Interfaces --> Point-to-Point --> Log File` *PPP dialup logs like PPPoE are found here* -==================== ============================================================== =================================================================== - -.. Note:: - Log files on file system: - /var/log/wireless.log (clog) - /var/log/ppps.log (clog) - --------- -Firewall --------- - -================ ======================================================== ============================================================================= - **Live View** :menuselection:`Firewall --> Log Files --> Live View` *View firewall logs in realtime, smart filtering can be applied* - **Plain View** :menuselection:`Firewall --> Log Files --> Plain View` *Just the plain contents how **pf** logs into **filter.log** * -================ ======================================================== ============================================================================= - -.. Note:: - Log files on file system: - /var/log/filter.log (clog) - -Live View ---------- - -Live view updates itself in realtime if a rule is matched that has logging enabled or one of the global logging options is enabled under: -:menuselection:`System --> Settings --> Logging` - -For better troubleshooting you can provide a filter string. This filter may include regular expressions. -Lets assume one logging entry as one single string without special separators. - -So for just displaying packets that match DNS replies from wan to your lan clients in segment 192.168.1.0/24, you have to use: - -.. code-block:: sh - - WAN.*:53.*192.168.1 - -or to be even more correct - -.. code-block:: sh - - WAN.*:53.*192\.168\.1\. - -========== ====================== ===================== ====================== ======================== - **WAN** **.*** **:53** **.*** **192\.168\.1\.** - Interface 1 or more characters first match of port 1 or more characters destination ip address -========== ====================== ===================== ====================== ======================== - ---- -VPN ---- - -================= =============================================== ===================================== - **IPsec Log** :menuselection:`VPN --> IPsec --> Log File` *Everything around IPsec goes here* - **OpenVPN Log** :menuselection:`VPN --> OpenVPN --> Log File` *OpenVPN logs everything here* -================= =============================================== ===================================== - -.. Note:: - Log files on file system: - /var/log/ipsec.log (clog) - /var/log/openvpn.log (clog) - --------- -Services --------- - -========================= ================================================================ ============================================= - **Captive Portal** :menuselection:`Services --> Captive Portal --> Log File` *Events from Captive Portal go here* - **DHCPv4** :menuselection:`Services --> DHCPv4 --> Log File` *DHCP events get logged here* - **Dnsmasq DNS** :menuselection:`Services --> Dnsmasq DNS --> Log File` *The DNSmasq Forwarder logs* - **HAProxy** :menuselection:`Services --> HAProxy --> Log File` *The logs of the Reverse Proxy* - **Intrusion Detection** :menuselection:`Services --> Intrusion Detection --> Log File` *Suricata Logs are here* - **Network Time** :menuselection:`Services --> Network Time --> Log File` *NTP daemon logs* - **Unbound DNS** :menuselection:`Services --> Unbound DNS --> Log File` *Unbound resolver logs can be found here* - **Web Proxy** :menuselection:`Services --> Web Proxy --> Log File` *Squid access.log, store.log and cache.log* -========================= ================================================================ ============================================= - -.. Note:: - Log files on file system: - /var/log/portalauth.log (clog) - /var/log/dhcpd.log (clog) - /var/log/dnsmasq.log (clog) - /var/log/haproxy.log (clog) - /var/log/ntpd.log (clog) - /var/log/suricata.log (clog) - /var/log/resolver.log (clog) - /var/log/squid/access.log (text) - /var/log/squid/cache.log (text) - /var/log/squid/store.log (text) - -------------- -Circular Logs -------------- - -Most of the core features log to circular log files so they will not grow bigger -than a predefined size. You can tune this value via :menuselection:`System --> Settings --> Logging`. -There, you can also disable the writing of logs to disk or reset them all. - -You can view the contents via CLI with: - -.. code-block:: sh - - clog /path/to/log - -or follow the contents via: - -.. code-block:: sh - - clog -f /path/to/log - ------------ -Plugin Logs ------------ - -Many plugins have their own logs. In the UI, they are grouped with the settings of that plugin. -They mostly log to /var/log/ in text format, so you can view or follow them with *tail*. diff --git a/source/manual/logging_firewall.rst b/source/manual/logging_firewall.rst new file mode 100644 index 00000000..5e4970ae --- /dev/null +++ b/source/manual/logging_firewall.rst @@ -0,0 +1,42 @@ +============== +Log Files +============== + +When troubleshooting problems with your firewall, it is very likely you have to check +the logs available on your system. In the UI of OPNsense, the log files are generally grouped +with the settings of the component they belong to. The log files can be found here: + +================ ======================================================== ============================================================================= + **Live View** :menuselection:`Firewall --> Log Files --> Live View` *View firewall logs in realtime, smart filtering can be applied* + **Plain View** :menuselection:`Firewall --> Log Files --> Plain View` *Just the plain contents how **pf** logs into **filter.log** * +================ ======================================================== ============================================================================= + +.. Note:: + Log files on file system: + /var/log/filter.log (clog) + +Live View +--------- + +Live view updates itself in realtime if a rule is matched that has logging enabled or one of the global logging options is enabled under: +:menuselection:`System --> Settings --> Logging` + +For better troubleshooting you can provide a filter string. This filter may include regular expressions. +Lets assume one logging entry as one single string without special separators. + +So for just displaying packets that match DNS replies from wan to your lan clients in segment 192.168.1.0/24, you have to use: + +.. code-block:: sh + + WAN.*:53.*192.168.1 + +or to be even more correct + +.. code-block:: sh + + WAN.*:53.*192\.168\.1\. + +========== ====================== ===================== ====================== ======================== + **WAN** **.*** **:53** **.*** **192\.168\.1\.** + Interface 1 or more characters first match of port 1 or more characters destination ip address +========== ====================== ===================== ====================== ======================== diff --git a/source/manual/logging_interfaces.rst b/source/manual/logging_interfaces.rst new file mode 100644 index 00000000..f2ba366c --- /dev/null +++ b/source/manual/logging_interfaces.rst @@ -0,0 +1,17 @@ +============== +Log Files +============== + +When troubleshooting problems with your firewall, it is very likely you have to check +the logs available on your system. In the UI of OPNsense, the log files are generally grouped +with the settings of the component they belong to. The log files can be found here: + +==================== ============================================================== =================================================================== + **Wireless** :menuselection:`Interfaces --> Wireless --> Log File` *When using wireless features of OPNsense you find the logs here* + **Point-to-Point** :menuselection:`Interfaces --> Point-to-Point --> Log File` *PPP dialup logs like PPPoE are found here* +==================== ============================================================== =================================================================== + +.. Note:: + Log files on file system: + /var/log/wireless.log (clog) + /var/log/ppps.log (clog) diff --git a/source/manual/logging_services.rst b/source/manual/logging_services.rst new file mode 100644 index 00000000..67e53691 --- /dev/null +++ b/source/manual/logging_services.rst @@ -0,0 +1,31 @@ +============== +Log Files +============== + +When troubleshooting problems with your firewall, it is very likely you have to check +the logs available on your system. In the UI of OPNsense, the log files are generally grouped +with the settings of the component they belong to. The log files can be found here: + +========================= ================================================================ ============================================= + **Captive Portal** :menuselection:`Services --> Captive Portal --> Log File` *Events from Captive Portal go here* + **DHCPv4** :menuselection:`Services --> DHCPv4 --> Log File` *DHCP events get logged here* + **Dnsmasq DNS** :menuselection:`Services --> Dnsmasq DNS --> Log File` *The DNSmasq Forwarder logs* + **HAProxy** :menuselection:`Services --> HAProxy --> Log File` *The logs of the Reverse Proxy* + **Intrusion Detection** :menuselection:`Services --> Intrusion Detection --> Log File` *Suricata Logs are here* + **Network Time** :menuselection:`Services --> Network Time --> Log File` *NTP daemon logs* + **Unbound DNS** :menuselection:`Services --> Unbound DNS --> Log File` *Unbound resolver logs can be found here* + **Web Proxy** :menuselection:`Services --> Web Proxy --> Log File` *Squid access.log, store.log and cache.log* +========================= ================================================================ ============================================= + +.. Note:: + Log files on file system: + /var/log/portalauth.log (clog) + /var/log/dhcpd.log (clog) + /var/log/dnsmasq.log (clog) + /var/log/haproxy.log (clog) + /var/log/ntpd.log (clog) + /var/log/suricata.log (clog) + /var/log/resolver.log (clog) + /var/log/squid/access.log (text) + /var/log/squid/cache.log (text) + /var/log/squid/store.log (text) diff --git a/source/manual/logging_system.rst b/source/manual/logging_system.rst new file mode 100644 index 00000000..ccddde34 --- /dev/null +++ b/source/manual/logging_system.rst @@ -0,0 +1,25 @@ +============== +Log Files +============== + +When troubleshooting problems with your firewall, it is very likely you have to check +the logs available on your system. In the UI of OPNsense, the log files are generally grouped +with the settings of the component they belong to. The log files can be found here: + +============================= =================================================== ============================================================= + **System Log** :menuselection:`System --> Log Files --> General` *Most of all system related events go here* + **Backend / config daemon** :menuselection:`System --> Log Files --> Backend` *Here you can find logs for config generation of API usage* + **Web GUI** :menuselection:`System --> Log Files --> Web GUI` *Lighttpd, the webserver of OPNsense itself, logs here* + **Firmware** :menuselection:`System --> Firmware --> Log File` *Updates from the packaging system go here* + **Gateways** :menuselection:`System --> Gateways --> Log File` *Lists Dpinger gateway tracking related log messages* + **Routing** :menuselection:`System --> Routes --> Log File` *Routing changes or interface events* +============================= =================================================== ============================================================= + +.. Note:: + Log files on file system: + /var/log/system.log (clog) + /var/log/configd.log (clog) + /var/log/lighttpd.log (clog) + /var/log/pkg.log (clog) + /var/log/gateways.log (clog) Note: By default gateway monitoring is disabled, so the log will be empty. + /var/log/routing.log (clog) diff --git a/source/manual/settingsmenu.rst b/source/manual/settingsmenu.rst index 1fbbe293..9af5ce5e 100644 --- a/source/manual/settingsmenu.rst +++ b/source/manual/settingsmenu.rst @@ -237,6 +237,36 @@ Remote Syslog Contents Can be used to selectively log event categories The remote logging feature will likely be removed in OPNsense 20.1, since the new **Logging / targets** offers more flexibility and has overlapping functionality. We advise to switch as soon as possible. + + +..................... +Circular Logs +..................... + +Most of the core features log to circular log files so they will not grow bigger +than a predefined size. You can tune this value via :menuselection:`System --> Settings --> Logging`. +There, you can also disable the writing of logs to disk or reset them all. + +You can view the contents via CLI with: + +.. code-block:: sh + + clog /path/to/log + +or follow the contents via: + +.. code-block:: sh + + clog -f /path/to/log + +..................... +Plugin Logs +..................... + +Many plugins have their own logs. In the UI, they are grouped with the settings of that plugin. +They mostly log to /var/log/ in text format, so you can view or follow them with *tail*. + + ---------------------- Logging / targets ---------------------- diff --git a/source/manual/vpnet.rst b/source/manual/vpnet.rst index c562f02e..5ac75ba2 100644 --- a/source/manual/vpnet.rst +++ b/source/manual/vpnet.rst @@ -58,6 +58,25 @@ Via plugins additional VPN technologies are offered, including: * **Zerotier** - seamlessly connect everything, requires account from zerotier.com, free for up to 100 devices. +------------- +Log Files +------------- + +When troubleshooting problems with your firewall, it is very likely you have to check +the logs available on your system. In the UI of OPNsense, the log files are generally grouped +with the settings of the component they belong to. The log files can be found here: + +================= =============================================== ===================================== + **IPsec Log** :menuselection:`VPN --> IPsec --> Log File` *Everything around IPsec goes here* + **OpenVPN Log** :menuselection:`VPN --> OpenVPN --> Log File` *OpenVPN logs everything here* +================= =============================================== ===================================== + +.. Note:: + Log files on file system: + /var/log/ipsec.log (clog) + /var/log/openvpn.log (clog) + + ------------- Configuration ------------- diff --git a/source/services.rst b/source/services.rst index 387c7295..6de0275d 100644 --- a/source/services.rst +++ b/source/services.rst @@ -26,6 +26,7 @@ Your security appliance comes with quite some services to ease network operation manual/proxy manual/radvd manual/dynamic_routing + manual/logging_services --------------- diff --git a/source/system.rst b/source/system.rst index 2489dd96..fccc352c 100644 --- a/source/system.rst +++ b/source/system.rst @@ -26,7 +26,7 @@ activities. manual/routes manual/settingsmenu manual/certificates - manual/logging + manual/logging_system manual/diagnostics