Pfctl -s states like tail -f
-
"so I can redirect text to file.log and grep after one day"
Seems like he wants to log every state as created..
-
Ha, it would help if I managed to read the first post in it's entirety I guess. ::)
Ok….
-
-
wouldn't it just be easier to log your allowed traffic and send that to syslog?
-
for me it's easier to read
-
There is no way to do what you're after as-is.
You could maybe rig something up with just the right tcpdump parameters against the pflog interface or maybe use pfsync in some way, but we don't have anything in place that would log state activity in a way that would give you what you're after.
-
You could possibly look at how the pflogd daemon is implemented and roll your own version that does the same for the state tables.
https://svnweb.freebsd.org/base/releng/11.1/contrib/pf/pflogd/
-
Mmm, that may be possible. Seems quite extreme though. ;)
I would think that adding logging and an appropriate description on the pass rules you want to know about would allow you filter exported logs. Simply exporting them to a log analyser may be good enough for what you want to see.
Steve
-
Simply exporting them to a log analyser may be good enough for what you want to see.
is there a free log analyser for pfsense log?
-
Graylog seems pretty popular though I've not used it myself.
There are a number of detailed write-ups out there for different solutions, I guess it depends how deep you want to go.
Steve
-
no updates?
in linux thereis conntrack -E command which does what I need
no alternative for pfsense?
