• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Logging all data on an interface to a syslog server

Scheduled Pinned Locked Moved General pfSense Questions
6 Posts 4 Posters 3.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    tnine
    last edited by Aug 21, 2009, 2:55 AM

    Hi all,
      I'm sorry if this has already been asked, but I can't find an answer anywhere.  I would like to log all data flowing across my WAN interface to an internal syslog server.  I'd prefer to do this without enabling logging on all the firewall rules.  Is this possible?  I'm getting data in my syslog server (I downloaded Splunk) and it seems to be working on the syslog config, but I'm not getting my traffic data.  If I can get this sorted with some help it would be greatly appreciated.  I pay for DSL usage and I've gone from 20 GB a month to 300GB so it's costing me a small fortune!

    Thanks,
    Todd
    syslog.jpg
    syslog.jpg_thumb

    1 Reply Last reply Reply Quote 0
    • C Offline
      cmb
      last edited by Aug 21, 2009, 9:31 AM

      Best you can do with syslog is logging firewall rule matches, which won't show traffic, just the connection. One of the packages is what you'll need, either Netflow exports to a collector, bandwidthd, or ntop.

      1 Reply Last reply Reply Quote 0
      • C Offline
        Coldfirex
        last edited by Sep 26, 2009, 10:09 PM

        @cmb:

        Best you can do with syslog is logging firewall rule matches, which won't show traffic, just the connection. One of the packages is what you'll need, either Netflow exports to a collector, bandwidthd, or ntop.

        Is this a limitation of the pfsense gui or something deeper?  We would love to be able to use an external system (Splunk, etc) for more detailed traffic\log analysis.

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by Sep 27, 2009, 6:21 PM

          @Coldfirex:

          Is this a limitation of the pfsense gui or something deeper?  We would love to be able to use an external system (Splunk, etc) for more detailed traffic\log analysis.

          That's what Netflow is for, it's the standard for such traffic analysis. If you want something deeper, like including payload, you better have a ton of storage, and you'll need some collection mechanism that doesn't currently exist in base or as a package. There are add on options for FreeBSD there though.

          1 Reply Last reply Reply Quote 0
          • C Offline
            Cry Havok
            last edited by Sep 28, 2009, 5:41 PM

            If you want full packet logging then you'll really want to install a network tap and a separate box to receive that feed of packets.

            1 Reply Last reply Reply Quote 0
            • C Offline
              Coldfirex
              last edited by Sep 29, 2009, 2:59 PM

              Thanks for the help.  I appreciate it.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                [[user:consent.lead]]
                [[user:consent.not_received]]