Firewall logs: rule number corresponsing to rule name
-
I have multiple firewall rules set up to log to a syslog server. This works great, but the raw log has a rule number in it, e.g. 103/0.ย I can't figure out how to map the rule number back to the rules I see in the PFsense Web GUI.
Thanks for any help.
-
On pfSense to get those rule numbers you need to run "pfctl -vvsr" from the shell or Diagnostics > Command.
Be careful, though. The numbers can change. At least until 2.2 where there is a static tracker id.
-
Thanks for the tip. That works from the shell.
Is there any way to see the rule numbers in the configurator web gui? -
From the firewall log, click the action icon on a log entry and it shows you the corresponding rule.
Or from Diagnostics > Command you can run the pfctl command to get the whole output.