Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filter Logs - all connections

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 3 Posters 9.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I Offline
      ipfftw
      last edited by

      I have recently discovered the "filter logs" functionality when you ssh into the pfsense console.

      Its really nice to see on a secondary monitor, and replicates something that I have not been able to do since using an old dubbelle net bsd firewall. I was just wondering how, or if it is possible (feature request?) to have not just the blocked connections, but all the connections and ideally their state. I realize that this exsists in pftop, but i would like a scrolling display, just for when the connections are established and also when they are torn down.

      It seems as if it is reporting the blocks, it could also easily report the allows. I understand that there are alot more allows than there are blocks, but for a small site or troubleshooting specific issues, it would be usefull. Not to mention looking super cool having a scrolling list of connections on a secondary monitor :P

      anyone know if pfsense stock, or with an addon can do this?

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG Offline
        GruensFroeschli
        last edited by

        I suppose the "filter logs" displays the same as when you view the page "diag_logs_filter.php" (status –> system logs --> firewall).
        In this case you could simply tick the checkbox "Log packets that are handled by this rule" when creating a rule in the gui.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • jimpJ Offline
          jimp Rebel Alliance Developer Netgate
          last edited by

          That option just starts a tcpdump on the pflog interface, so anything logged by pf will show up. As GruensFroeschli says, changing your pass rules such that they log (just check the log checkbox on the rule) will make entries show up in that output.

          It won't log each packet, but it will log each connection.

          If you want something a little more readable, install the dashboard package and then from a shell, do this:

          clog -f /var/log/filter.log | /usr/local/www/filterparser.php

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.