How to log the firewall's logs and then search?
-
hey all,
Is there a way to log all the firewall entries to a remote server and then be able to look through them?
I was thinking of building a centos VM and getting syslog installed on it.
Then I'd be able to Grep through the log file for the items I wanted, e.g. search for an IP or port.Is this the best way to get the logs, keep then and make them searchable?
Or is there a better way I have not thought of? - a nice GUI perhaps?
-
There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html
Steve
-
There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html
Steve
Thanks for that mate.
If anyone is interested I have built my self a small VM with 80GB hdd.
Running Centos on there and it's running rsyslog which logs all the firewall data to /var/logs/syslog/firewall.logIn turn I can grep for addresses and ports on this and have to say it works very nicely.
I have the option "show raw filter logs" enabled and this does give quite a comprehensive view of all the traffic hitting my firewall.
For now this will do me nicely but if I feel I need anything else then I'll have another look at that thread.