Logging Connections / Firewall States on HDD with date and time

dschmid

Hello, I want to save connection logs on my harddisk, we have more the 50 users and using dhcp with static arp. We have to log this because of law reason in germany (if someone downloads something illegal etc.). It should look like the states site under diagnostics but with date and and time, local source and remote destination ip/port.
I searched the forum but didn't find a solution for this. Any help is appreciated.

lucapsg

Same need.
Perhaps only the connections with the NEW flag been active in Connection States.

No news?

GruensFroeschli

Your ISP already does this.

Or can you refer to any document specifically telling that each enduser (even if he provides bandwidth to 3rd parties) has to log?

lucapsg

I need to log all the connections of a private network to the Internet.
If I am not mistaken by enabling logging on default rule created during pfSense installation on the LAN interface …

• "LAN net"   *   *   *   *   "Default LAN -> any"
  ... are logged all packages "good".
  To avoid rivers of data I would Log only the packages packets for the new connections, or those with SYN bit set (NEW Connections in SPI terminology).
  Is it possible?