diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index c69747653..0b6d60fb4 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -334,6 +334,8 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
}
}
+ openlog("firewall", LOG_DAEMON, LOG_LOCAL4);
+
$aliases = filter_generate_aliases();
$aliases .= "\n# Plugins tables\n";
$aliases .= $fw->tablesToText();
@@ -450,7 +452,7 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
}
if (!@file_put_contents('/tmp/rules.debug', $rules, LOCK_EX)) {
- log_error("WARNING: Could not write new rules!");
+ syslog(LOG_ERR, 'ERROR: Could not write new rules!');
unlock($filterlck);
if ($verbose) {
echo "failed.\n";
@@ -486,13 +488,13 @@ function filter_configure_sync($verbose = false, $load_aliases = true)
/* Brutal ugly hack but required -- PF is stuck, unwedge */
if (strstr("$rules_error[0]", "busy")) {
exec('/sbin/pfctl -d; /sbin/pfctl -e; /sbin/pfctl -f /tmp/rules.debug');
- log_error('PF was wedged/busy and has been reset.');
+ syslog(LOG_WARNING, 'PF was wedged/busy and has been reset.');
file_notice(gettext('PF was wedged/busy and has been reset.'));
} else {
exec('/sbin/pfctl -f /tmp/rules.debug.old 2>&1');
}
- log_error(sprintf('There were error(s) loading the rules: %s%s', $rules_error[0], $config_line));
+ syslog(LOG_ERR, sprintf('There were error(s) loading the rules: %s%s', $rules_error[0], $config_line));
file_notice(sprintf(gettext('There were error(s) loading the rules: %s%s'), $rules_error[0], $config_line));
unlock($filterlck);
@@ -671,7 +673,7 @@ function filter_generate_aliases()
# a bit of a hack, but prevents the ruleset from not being able to load if these types are in
# the configuration.
$aliases .= "{$aliased['name']} = \"{ 0 <> 65535 }\"\n";
- log_error(sprintf('URL port aliases types not supported [%s]', $aliased['name']));
+ syslog(LOG_ERR, sprintf('URL port aliases types not supported [%s]', $aliased['name']));
file_notice(sprintf(gettext('URL port aliases types not supported [%s]'), $aliased['name']));
break;
case "port":
diff --git a/src/etc/inc/plugins.inc.d/core.inc b/src/etc/inc/plugins.inc.d/core.inc
index baa6514ec..84041ae24 100644
--- a/src/etc/inc/plugins.inc.d/core.inc
+++ b/src/etc/inc/plugins.inc.d/core.inc
@@ -253,7 +253,6 @@ function core_syslog()
$logfacilities['audit'] = array('facility' => array('audit'));
$logfacilities['configd'] = array('facility' => array('configd.py'));
$logfacilities['dhcpd'] = array('facility' => array('dhcpd', 'dhcrelay'));
- $logfacilities['filter'] = array('facility' => array('filterlog'));
$logfacilities['gateways'] = array('facility' => array('dpinger'));
$logfacilities['lighttpd'] = array('facility' => array('lighttpd'));
$logfacilities['pkg'] = array('facility' => array('pkg', 'pkg-static'));
diff --git a/src/etc/inc/plugins.inc.d/pf.inc b/src/etc/inc/plugins.inc.d/pf.inc
index dbd894911..62fb02f0e 100644
--- a/src/etc/inc/plugins.inc.d/pf.inc
+++ b/src/etc/inc/plugins.inc.d/pf.inc
@@ -170,6 +170,16 @@ function pf_firewall($fw)
}
}
+function pf_syslog()
+{
+ $logfacilities = [];
+
+ $logfacilities['firewall'] = ['facility' => ['firewall']];
+ $logfacilities['filter'] = ['facility' => ['filterlog']];
+
+ return $logfacilities;
+}
+
function pf_xmlrpc_sync()
{
$result = array();
diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml b/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
index 2fb504157..c5953c45e 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Core/ACL/ACL.xml
@@ -310,6 +310,13 @@
firewall_virtual_ip.php*
+
+ Diagnostics: Log: Firewall: General
+
+ ui/diagnostics/log/core/firewall/*
+ api/diagnostics/log/core/firewall/*
+
+
Diagnostics: Logs: Firewall: Plain View
diff --git a/src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml b/src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
index d2c0a19d8..9e067615c 100644
--- a/src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/Core/Menu/Menu.xml
@@ -187,6 +187,7 @@
+
diff --git a/src/opnsense/scripts/filter/update_tables.py b/src/opnsense/scripts/filter/update_tables.py
index 3326739e0..7aabbfce8 100755
--- a/src/opnsense/scripts/filter/update_tables.py
+++ b/src/opnsense/scripts/filter/update_tables.py
@@ -120,6 +120,7 @@ if __name__ == '__main__':
parser.add_argument('--output', help='output type [json/text]', default='json')
parser.add_argument('--source_conf', help='configuration xml', default='/usr/local/etc/filter_tables.conf')
inputargs = parser.parse_args()
+ syslog.openlog('firewall', logoption=syslog.LOG_DAEMON, facility=syslog.LOG_LOCAL4)
# make sure our target directory exists
if not os.path.isdir('/var/db/aliastables'):
os.makedirs('/var/db/aliastables')