Welcome, Guest. Please login or register.
Did you miss your activation email?
Thursday 05 December 2024, 02:32:31 pm

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  20 GB of Logs Per Week?
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: 20 GB of Logs Per Week?  (Read 13079 times)
Syntax42
Full Member
***
Offline Offline

Posts: 19


« on: Friday 10 May 2013, 12:36:09 am »

I have been preparing to deploy EFW Community for my small business.  After configuring nearly every aspect to my liking, I noticed the log partition was full.  I haven't had it running for a full week in my test environment.

After further investigation, I found two major issues.

First, OpenVPN is the source of the full logs partition.  I was using it to do most of my configuration so I could stay connected to my primary network.  The OpenVPN log file is 12 GB in size in /var/log/openvpn and the /var/log/archives/openvpn log file is most of the rest of the 8 GB of my partition..  I'm fairly sure the logs only started to do this when I switched OpenVPN to run on TCP port 443 with the anticipation of remote users needing to make their traffic look close enough to HTTPS to bypass most firewalls.  I'm still looking in to how to decrease the verbosity for OpenVPN so this doesn't happen in the future.

The second issue is that EFW was not set up to automatically delete older logs in order to free up space.  Referring to ( help.endian.com/entries/21457211-How-to-avoid-running-out-of-disk-space-to-store-log-files ) , Endian should be doing that automatically.  However, the settings file referenced did not exist until after I went into Logs -> Settings and saved the settings for the first time.  Even then, the "LOGS_FREE_PERCENTAGE=10" line did not exist.  I added it manually and rebooted, but it didn't seem to trigger the process which frees up space.

After I reduce OpenVPN's verbosity, my logs should fill up much slower.  I should have plenty of time to delete old logs manually if the system isn't able to do so.  I will post here again after I figure out how to reduce the verbosity.  I'm thinking it is a simple setting in the config file.
Logged
Syntax42
Full Member
***
Offline Offline

Posts: 19


« Reply #1 on: Friday 10 May 2013, 12:53:36 am »

This is not making much sense.  The only thing I changed was the creation of the /var/efw/logging/settings file by saving the settings once, and I manually deleted the 12 GB and 8 GB OpenVPN log files.  I also re-made the live log file as an empty file. 

Before doing that, my CPU load on the status page was 30% for both cores whenever I had an OpenVPN connection active.  Now, the CPU load is near zero and my OpenVPN logs are not being filled at a rate I would consider excessive or even close to something that would produce 100 MB in a day, let alone 10 GB. 

If the creation of the log settings file fixed it, I don't understand how.  Another thought is the permissions on the OpenVPN log were not right, but that doesn't make much sense either.  My final thought is someone was trying to break in to my system last night and caused the logs to fill rapidly.

Has anyone experienced this issue?
Logged
Syntax42
Full Member
***
Offline Offline

Posts: 19


« Reply #2 on: Saturday 11 May 2013, 05:17:32 am »

It happened again today, but I finally figured it out.  A different program on my client computer was attempting to access the VPN interface.  The program was MxTunnel and is another VPN client used with a BarracudaDrive server.  I don't know why it was trying to connect to the Endian OpenVPN server.  It should have only been running in the background, waiting for me to turn it on, but it seemed to activate itself when I locked my desktop.

Hopefully someone else who comes across this will be able to resolve their issue faster.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com