PfSense - logging makes no sense
-
Great, beautiful charts, but have you got any MEANINGFUL information - like which rule (name) blocked any traffic? Of course you can draw pretty charts with geoip, so what? This firewall is not ready for enterprise - at least for one who cares about monitoring and have lots of firewall to manage.
-
Dude, run
pfctl -vvsr | grep labelgrab the IDs and labels, import them to whatever enterprise nonsense since you cannot decipher what blocked what, and after you are finished, get lost. We already got your point that you cannot live without descriptions.
-
This firewall is not ready for enterprise
OK, so now that you have made this determination for yourself, this is the last we should expect to see of you?
-
It would be nice if the system maybe logged the rules that are loaded into the filter so the firewall generating them and the trackers could be matched up in a log aggregator.
As it is it is not THAT hard to match up the rule that generated the log but you need to go to the firewall to do it. Far from impossible.
Timestamp full_message pf_tracker
2016-12-15 19:33:35.000 1419131430
filterlog: 217,16777216,,1419131430,igb1,match,block,out,4,0x10,,128,62814,0,none,17,udp,328,198.51.100.226,172.16.141.114,68,67,308Shell Output - pfctl -vvsr | grep -a2 1419131430
[ Evaluations: 41920820 Packets: 625 Bytes: 122335 States: 0 ]
[ Inserted: pid 69284 State Creations: 0 ]
@217(1419131430) block return out log quick on WANS inet from any to unroutablev4:9label "USER_RULE: Block egress to UNROUTABLE"
[ Evaluations: 41251689 Packets: 225965 Bytes: 44854695 States: 0 ]
[ Inserted: pid 69284 State Creations: 0 ]OP do you really think the best way to get your point across is to be so caustic?</unroutablev4:9>
-
Yes you can lick your balls, but i don't know how is it going to make this firewall better or useable in the future. You can say it has perfect logging, but in fact it lacks most basic capabilities - like sending in log stream rule names, log on session start/end. Have you ever heard about Firemon? It supports ANY decent firewall, but obviously it can't support pfSense - just because it can't provide any basic information on rule changes. So policy monitoring is also non-existing in the pfCrap. Lick your balls and thing of how great pfCrap is - but in fact it is just toy. Look at Firemon, this is serious security auditing tool for firewalls, you probably never heard of it.
-
As predicted, nothing useful comes out of similar threads. Please, don't waste any more of your precious seconds with pfSense, noone's forcing you to use it.
-
OP do you really think the best way to get your point across is to be so caustic?
Sorry for this i'm disappointed and annoyed that otherwise such a good firewall lacks so basic functionality, and no one can't event put it on some "wish list". I just would like devs to realize how much it is needed.
-
If your wishlist inclusion requests look like
Lick your balls and thing of how great pfCrap is - but in fact it is just toy.
then it's extremely surprising noone is willing to listen to your wishes.
::) ::) ::)
-
If your wishlist inclusion requests look like
Lick your balls and thing of how great pfCrap is - but in fact it is just toy.
then it's extremely surprising noone is willing to listen to your wishes.
::) ::) ::)
Is there any place where i can praise the great pfSense firewall and tell that i just can't expect anything more from such a great and complete firewall?
-
Maybe if you asked "Is there any way I can get firewall rules hits logged with descriptions on a remote syslog server so that I can find the problems more easily", you'd perhaps get a reasonable debate and suggestions. Meanwhile, you've managed to piss everyone off, so good luck with your requests.
And of course, the absolutely top priority with firewalls is exporting non-unique, often non-descriptive user comments into remote syslog. That's #1 to consider when choosing a firewall solution.
-
And of course, the absolutely top priority with firewalls is exporting non-unique, often non-descriptive user comments into remote syslog. That's #1 to consider when choosing a firewall solution.
Missed you Dok. :)
