Best Way to Log all Traffic

georgeberz · Oct 20, 2011, 3:58 AM

I'm new to all this and was wondering

what is the best way to log all traffic in and out of the pfsense box?
what is the best program to analyze the logs offline?

I want to track sites my kids are visiting, see if they are xferring files, songs, movies, and checking the amt of bandwidth they are using

Metu69salemi · Oct 20, 2011, 1:40 PM

building feature "capture traffic"
wireshark

georgeberz · Oct 20, 2011, 2:25 PM

Is there not already logging built into pfsense?

jasonlitka · Oct 20, 2011, 3:03 PM

Out of the box, pfSense has the capability to log states that are established or denied at various firewall rules. It is not a content filter.

If you want to monitor how much bandwidth they are using, try adding the bandwidthd plugin. If you want to restrict their ability to access certain sites, try squid+squidguard. If you want full accounting of what they are doing, you're better off looking elsewhere. There are software packages you can install on their computers to do this, or (expensive, corporate-oriented) appliances you can run that will capture traffic and provide reports for your entire network.

georgeberz · Oct 20, 2011, 3:16 PM

What about sites visited by a user?

BandwidthD is up and running, but if I reboot the pfsense box it loses all its stats, anyhow that part is giving me an idea who is using bandwidth, now id just like to know where they browse to? any ideas?

georgeberz · Oct 20, 2011, 4:24 PM

Another question, in our house we have about 10 people sharing the net, if someone was to download a pirated movie or something, how would I be able to identify that in logs, what if 6 months down the line I get a letter from ??? saying we have been downloading pirated material, and I know I did not, is there a way to look back on logs and see who did?

jasonlitka · Oct 20, 2011, 8:58 PM

@georgeberz:

Another question, in our house we have about 10 people sharing the net, if someone was to download a pirated movie or something, how would I be able to identify that in logs, what if 6 months down the line I get a letter from ??? saying we have been downloading pirated material, and I know I did not, is there a way to look back on logs and see who did?

Again, pfSense is not a content filter and web reporting system. If you want that functionality and want it to work then you will need to buy something like a Smoothwall NetworkGuardian or the Standard version of Untangle. You can get part of the way there with squid (proxy) + squidguard (filter) + lightsquid (reporting) but that combo isn't great. Personally, I don't think this functionality belongs on a router.

georgeberz · Oct 20, 2011, 9:41 PM

Is not the function of a router to route? If you read my original post you'd notice I only want pfsense to log everything routed, then I can go in offline with another program and dissect what has been happening… Is that too much to ask? something that records what it routes?

hytek · Oct 21, 2011, 2:27 PM

You are asking the questions, but have this mentality of what the answers should be. The second post answered your original two questions perfectly. Now you are changing the details of the original questions, which ultimately changes the answers that you either do not like or do not understand.

If you are new to all this, which you said you were, I suggest reading up on what firewalls, content filtering, routers, and proxies really are first. After understanding what they are and what the limitations and capabilities are of each, you can then formulate better questions for which we can help.

Cheers.