pfsense log file retention

We have a pfSense firewall in our datacentre. By default, pfSense is only storing 500K of firewall filter logs, which is only a few hours for us. How can I increase this?

pfSense uses clog rather than the usual BSD newsyslog.

I only want the log for debugging firewall rules, not compliance or anything, and the firewall has 100GB of spare disk space, so I'd rather have the logs on the firewall itself than set up a syslog server.

Solution 1:

There are several ways to do this. Why don't you read the excellent and useful mailing archives for pfsense, or check their forums?

Anyway, there are two ways to increase logs. First, you can increase the size of the clog files by re-initializing them. Another way is to install a regular syslogger which captures logs in the regular way. You can then use that syslogger to forward logs to a central point. If you are in a secure environment where you have to guarantee to retain all logs, then having the clog + local syslog + remote syslog is best.

and for the syslog-ng.conf: http://forum.pfsense.org/index.php/topic,7793.0.html

Solution 2:

Log rotation on FreeBSD is typically controlled with 'newsyslog'. You can edit the config file (/etc/newsyslog.conf) to control various aspects of how long logs are kept and how big the files may be kept. Read the man page for newsyslog for full details.