No firewall logs at host level with log level debug

CSoellinger

New Member
May 25, 2018
4
0
1
37
Hi,

I have a strange problem and can't find the solution at the moment, so maybe you can give me a hint where i have a problem :)

First i want say the firewall is working like expected, only VPN Port is open, all others(like SSH or Proxmox GUI) are only reachable from internal network which is NATed to the VPN net.

But i don't see any logs from the firewall at host level... for example the only logs from today are:

Code:
0 5 - 25/May/2018:06:25:02 +0200 starting pvefw logger
0 5 - 25/May/2018:15:48:19 +0200 received terminate request (signal)
0 5 - 25/May/2018:15:48:19 +0200 stopping pvefw logger
0 5 - 25/May/2018:15:49:21 +0200 starting pvefw logger
0 5 - 25/May/2018:16:08:36 +0200 received terminate request (signal)
0 5 - 25/May/2018:16:08:36 +0200 stopping pvefw logger
0 5 - 25/May/2018:16:09:29 +0200 starting pvefw logger
0 5 - 25/May/2018:17:42:17 +0200 received terminate request (signal)
0 5 - 25/May/2018:17:42:17 +0200 stopping pvefw logger
0 5 - 25/May/2018:17:42:17 +0200 starting pvefw logger
0 5 - 25/May/2018:18:34:57 +0200 received terminate request (signal)
0 5 - 25/May/2018:18:34:57 +0200 stopping pvefw logger
0 5 - 25/May/2018:18:34:59 +0200 starting pvefw logger
0 5 - 25/May/2018:18:38:24 +0200 received terminate request (signal)
0 5 - 25/May/2018:18:38:24 +0200 stopping pvefw logger
0 5 - 25/May/2018:18:39:24 +0200 starting pvefw logger

Can't believe this, cause the only open port is the VPN port. Espeacially with log_level_in debug i expected some more logging output ;) .

So for example if i try to login by SSH at public IP, i only want to see somewhere that it is blocked.

cheers
Chris
 
Hello CSoellinger!
Have you found any type of log file?
I'm searching for about a few hours and haven't found anything.
I know that there is no Live-Log-GUI like OPNsense/pfsense but a firewall.log file should be somewhere, right?

Hopefully you or someone else have found the file.

Best regards,
Flo

EDIT:
Sorry, found it a few mins after this post:
/var/log/pve-firewall.log
 
Last edited:
Has anyone found a solution to the lack of firewall logs? The log file only shows the starting, stopping and termination requests as shown by Chris above. My firewalls are working but the lack of a functional log makes troubleshooting and alerting impossible. I'm particularly interested in IPSET lists at both the cluster level and the VM level. I'm using the IPSET mail-attackers-blacklist at the cluster level as a DROP rule in my "mail services" Security Group. The configuration successfully blocks all IPs and CIDR blocks listed in the IPSET but I get no logging either on the GUI or in the /var/log/pve-firewall.log file.
 
I've been doing some testing and here is what I have found thus far.
I cannot get the firewall at the VM level to log any activity regardless of the configuration but the FW functions.
I have, however, got logging at the host level to report based on entries in the Datacenter >> Firewall >> IPSET >> Blacklist. Entries placed here report to the Host Firewall Log.
Entries placed in the Mail-attackers-blacklist do not report to the log. Functionally they work...but do not seem to report to the log.
Any new IPSET groups created do not log to the host FW,
For now...my solution is to put all offending hosts into the Datacenter Blacklist and create DROP groups in the VM firewalls that specify +Blacklist in the Rule "Source".
 
have / had same thing- but I also had a lot of martians being logged in the system log- do you have log martians on? if I recall it worked several releases ago- but I am still wet behind my ears..so I may be mistaken
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!