Filter Logs - all connections
-
I have recently discovered the "filter logs" functionality when you ssh into the pfsense console.
Its really nice to see on a secondary monitor, and replicates something that I have not been able to do since using an old dubbelle net bsd firewall. I was just wondering how, or if it is possible (feature request?) to have not just the blocked connections, but all the connections and ideally their state. I realize that this exsists in pftop, but i would like a scrolling display, just for when the connections are established and also when they are torn down.
It seems as if it is reporting the blocks, it could also easily report the allows. I understand that there are alot more allows than there are blocks, but for a small site or troubleshooting specific issues, it would be usefull. Not to mention looking super cool having a scrolling list of connections on a secondary monitor :P
anyone know if pfsense stock, or with an addon can do this?
-
I suppose the "filter logs" displays the same as when you view the page "diag_logs_filter.php" (status –> system logs --> firewall).
In this case you could simply tick the checkbox "Log packets that are handled by this rule" when creating a rule in the gui. -
That option just starts a tcpdump on the pflog interface, so anything logged by pf will show up. As GruensFroeschli says, changing your pass rules such that they log (just check the log checkbox on the rule) will make entries show up in that output.
It won't log each packet, but it will log each connection.
If you want something a little more readable, install the dashboard package and then from a shell, do this:
clog -f /var/log/filter.log | /usr/local/www/filterparser.php