No firewall logs at host level with log level debug

Discussion in 'Proxmox VE: Networking and Firewall' started by CSoellinger, May 25, 2018.

Tags:
  1. CSoellinger

    CSoellinger New Member

    Joined:
    May 25, 2018
    Messages:
    4
    Likes Received:
    0
    Hi,

    I have a strange problem and can't find the solution at the moment, so maybe you can give me a hint where i have a problem :)

    First i want say the firewall is working like expected, only VPN Port is open, all others(like SSH or Proxmox GUI) are only reachable from internal network which is NATed to the VPN net.

    But i don't see any logs from the firewall at host level... for example the only logs from today are:

    Code:
    0 5 - 25/May/2018:06:25:02 +0200 starting pvefw logger
    0 5 - 25/May/2018:15:48:19 +0200 received terminate request (signal)
    0 5 - 25/May/2018:15:48:19 +0200 stopping pvefw logger
    0 5 - 25/May/2018:15:49:21 +0200 starting pvefw logger
    0 5 - 25/May/2018:16:08:36 +0200 received terminate request (signal)
    0 5 - 25/May/2018:16:08:36 +0200 stopping pvefw logger
    0 5 - 25/May/2018:16:09:29 +0200 starting pvefw logger
    0 5 - 25/May/2018:17:42:17 +0200 received terminate request (signal)
    0 5 - 25/May/2018:17:42:17 +0200 stopping pvefw logger
    0 5 - 25/May/2018:17:42:17 +0200 starting pvefw logger
    0 5 - 25/May/2018:18:34:57 +0200 received terminate request (signal)
    0 5 - 25/May/2018:18:34:57 +0200 stopping pvefw logger
    0 5 - 25/May/2018:18:34:59 +0200 starting pvefw logger
    0 5 - 25/May/2018:18:38:24 +0200 received terminate request (signal)
    0 5 - 25/May/2018:18:38:24 +0200 stopping pvefw logger
    0 5 - 25/May/2018:18:39:24 +0200 starting pvefw logger
    Can't believe this, cause the only open port is the VPN port. Espeacially with log_level_in debug i expected some more logging output ;) .

    So for example if i try to login by SSH at public IP, i only want to see somewhere that it is blocked.

    cheers
    Chris
     
  2. floh

    floh New Member

    Joined:
    Jul 19, 2018
    Messages:
    16
    Likes Received:
    0
    Hello CSoellinger!
    Have you found any type of log file?
    I'm searching for about a few hours and haven't found anything.
    I know that there is no Live-Log-GUI like OPNsense/pfsense but a firewall.log file should be somewhere, right?

    Hopefully you or someone else have found the file.

    Best regards,
    Flo

    EDIT:
    Sorry, found it a few mins after this post:
    /var/log/pve-firewall.log
     
    #2 floh, Sep 5, 2018
    Last edited: Sep 5, 2018
  3. Shawn Fitzpatrick

    Shawn Fitzpatrick New Member

    Joined:
    Oct 4, 2018
    Messages:
    3
    Likes Received:
    0
    Has anyone found a solution to the lack of firewall logs? The log file only shows the starting, stopping and termination requests as shown by Chris above. My firewalls are working but the lack of a functional log makes troubleshooting and alerting impossible. I'm particularly interested in IPSET lists at both the cluster level and the VM level. I'm using the IPSET mail-attackers-blacklist at the cluster level as a DROP rule in my "mail services" Security Group. The configuration successfully blocks all IPs and CIDR blocks listed in the IPSET but I get no logging either on the GUI or in the /var/log/pve-firewall.log file.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice