Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense - logging makes no sense

    Scheduled Pinned Locked Moved General pfSense Questions
    17 Posts 6 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lutel
      last edited by

      This is trolling because…? You really don't see how pfSense is limited in terms of logging capabilities? Have you ever worked with any firewall where you basically can't forward logs with rule name? Now you can use this firewall only at home or in "enterprise" which don't give a fuck about monitoring. I have yet to hear if anyone succeed with connecting pfSense to any decent logging system like Arcsight or Splunk. Any commercial firewall can do it with no problem, but not pfSense.

      1 Reply Last reply Reply Quote 0
      • H Offline
        heper
        last edited by

        When you o use the search of this forum,
        You'll find people using splunk/elkstack just fine.

        If you prefer other firewall solutions, that is fine…

        No clue why you seem to enjoy spreading false information. Perhaps you could spend your time by doing something that is remotely useful?

        1 Reply Last reply Reply Quote 0
        • L Offline
          lutel
          last edited by

          I already search for this issue, and I haven't see so far anyone who could get firewalls log forwarded together with rule name / description. Of course you can forward raw log from pfSense, but this log is quite useless for T/S. You just see that something was blocked, but you can't see which rule blocked it. So still - this firewall lacks basic logging functionality, not because of lag of connector, but it just can't provide most simple information - which rule triggered the event.

          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            You are asking why's this trolling? Let me quote some your "helpful" remarks:

            @lutel:

            This is completely crap
            Another logging crap.
            And logs of PFSense are bullshit.
            pfCrap is like 20 years behind them.
            just can't consider pfCrap as solution for firewall - just because log system is pure crap. HTTP GUI is just a toy.
            this is ridiculous not to have proper logging in any firewall, even most simple.

            @lutel:

            It is not possible to get any decent logging or information from pfSense

            Of course not…

            Enough time wasted with you.

            1 Reply Last reply Reply Quote 0
            • L Offline
              lutel
              last edited by

              Great, beautiful charts, but have you got any MEANINGFUL information - like which rule (name) blocked any traffic? Of course you can draw pretty charts with geoip, so what? This firewall is not ready for enterprise - at least for one who cares about monitoring and have lots of firewall to manage.

              1 Reply Last reply Reply Quote 0
              • D Offline
                doktornotor Banned
                last edited by

                Dude, run

                
                pfctl -vvsr | grep label
                
                

                grab the IDs and labels, import them to whatever enterprise nonsense since you cannot decipher what blocked what, and after you are finished, get lost. We already got your point that you cannot live without descriptions.

                1 Reply Last reply Reply Quote 0
                • KOMK Offline
                  KOM
                  last edited by

                  This firewall is not ready for enterprise

                  OK, so now that you have made this determination for yourself, this is the last we should expect to see of you?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD Offline
                    Derelict LAYER 8 Netgate
                    last edited by

                    It would be nice if the system maybe logged the rules that are loaded into the filter so the firewall generating them and the trackers could be matched up in a log aggregator.

                    As it is it is not THAT hard to match up the rule that generated the log but you need to go to the firewall to do it. Far from impossible.

                    Timestamp full_message pf_tracker
                    2016-12-15 19:33:35.000 1419131430
                    filterlog: 217,16777216,,1419131430,igb1,match,block,out,4,0x10,,128,62814,0,none,17,udp,328,198.51.100.226,172.16.141.114,68,67,308

                    Shell Output - pfctl -vvsr | grep -a2 1419131430

                    [ Evaluations: 41920820  Packets: 625      Bytes: 122335      States: 0    ]
                      [ Inserted: pid 69284 State Creations: 0    ]
                    @217(1419131430) block return out log quick on WANS inet from any to unroutablev4:9label "USER_RULE: Block egress to UNROUTABLE"
                      [ Evaluations: 41251689  Packets: 225965    Bytes: 44854695    States: 0    ]
                      [ Inserted: pid 69284 State Creations: 0    ]

                    OP do you really think the best way to get your point across is to be so caustic?</unroutablev4:9>

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • L Offline
                      lutel
                      last edited by

                      Yes you can lick your balls, but i don't know how is it going to make this firewall better or useable in the future. You can say it has perfect logging, but in fact it lacks most basic capabilities - like sending in log stream rule names, log on session start/end. Have you ever heard about Firemon? It supports ANY decent firewall, but obviously it can't support pfSense - just because it can't provide any basic information on rule changes. So policy monitoring is also non-existing in the pfCrap. Lick your balls and thing of how great pfCrap is - but in fact it is just toy. Look at Firemon, this is serious security auditing tool for firewalls, you probably never heard of it.

                      1 Reply Last reply Reply Quote 0
                      • D Offline
                        doktornotor Banned
                        last edited by

                        As predicted, nothing useful comes out of similar threads. Please, don't waste any more of your precious seconds with pfSense, noone's forcing you to use it.

                        1 Reply Last reply Reply Quote 0
                        • L Offline
                          lutel
                          last edited by

                          @Derelict:

                          OP do you really think the best way to get your point across is to be so caustic?

                          Sorry for this i'm disappointed and annoyed that otherwise such a good firewall lacks so basic functionality, and no one can't event put it on some "wish list". I just would like devs to realize how much it is needed.

                          1 Reply Last reply Reply Quote 0
                          • D Offline
                            doktornotor Banned
                            last edited by

                            If your wishlist inclusion requests look like

                            @lutel:

                            Lick your balls and thing of how great pfCrap is - but in fact it is just toy.

                            then it's extremely surprising noone is willing to listen to your wishes.

                            ::) ::) ::)

                            1 Reply Last reply Reply Quote 0
                            • L Offline
                              lutel
                              last edited by

                              @doktornotor:

                              If your wishlist inclusion requests look like

                              @lutel:

                              Lick your balls and thing of how great pfCrap is - but in fact it is just toy.

                              then it's extremely surprising noone is willing to listen to your wishes.

                              ::) ::) ::)

                              Is there any place where i can praise the great pfSense firewall and tell that i just can't expect anything more from such a great and complete firewall?

                              1 Reply Last reply Reply Quote 0
                              • D Offline
                                doktornotor Banned
                                last edited by

                                Maybe if you asked "Is there any way I can get firewall rules hits logged with descriptions on a remote syslog server so that I can find the problems more easily", you'd perhaps get a reasonable debate and suggestions. Meanwhile, you've managed to piss everyone off, so good luck with your requests.

                                And of course, the absolutely top priority with firewalls is exporting non-unique, often non-descriptive user comments into remote syslog. That's #1 to consider when choosing a firewall solution.

                                1 Reply Last reply Reply Quote 0
                                • dennypageD Offline
                                  dennypage
                                  last edited by

                                  @doktornotor:

                                  And of course, the absolutely top priority with firewalls is exporting non-unique, often non-descriptive user comments into remote syslog. That's #1 to consider when choosing a firewall solution.

                                  Missed you Dok. :)

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.