Logging connections to external SQL database or files
-
Hello,
I would log every estabilished and closed connection with following data:
- date/time estabilished
- date/time closed
- IP LAN -> Internet
- Internet -> IP LAN
- MAC address of LAN device should be also included
- avoid repeating messages
Right now (not on pfSense but on Linux box) I'm doing just tcpdump with following script:
#!/bin/bash #Check if directory exists, if not create if test -d /home/logi/ then echo "Directory already exists!" else mkdir /home/logi fi #Moving files mv /home/logi/tcp-syn.dmp /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp #This is dump into RAW data #tcpdump -i eth2 tcp [13] == 2 -w /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz /h #This is dump into TXT data tcpdump -i eth2 tcp [13] == 2 -n >> /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz rm /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp
This creates daily logs in separate files, for example:
tcp-restart-08-February-2011--16-20.tar.gz tcp-31-july-2011.tar.gz
Eth2 is my LAN interface.
And they are really small files (but don't know does it log every single estabilished connection).Now I have to ask how to log connections in pfSense? Let's assume I would like to collect all logs from many pfSense boxes in one place :)
-
Use syslog to forward pfsense logs to this Linux box and use the same script on log received.
Or use a syslog server That do this sql/frontend for you.