Need to log OVPN user activity to syslog server. How ?
-
So I as you can imagine I am fairly new to pfsense, I've got 2x Netgate XG-7100 working in HA for OVPN Server and I would like to log user activity, but so far I haven't been able to see a way to do that.
My setup is pretty simple :[ DMZ interface public IP ]--[ pfSense ]--[ lan interface private IP ]
The clients connect to the public IP and have access to the resources in the LAN, I had to use TUN mode ( would have preferred TAP, but there were circumstances that require TUN ), so the clients that connect to the VPN communicate with an internal gateway and pretty much all I can see from the logs in the LAN is a bunch of traffic coming from the pfsense lan interface. But in reality behind that IP are all the clients, it serves as NAT with internal gateway.
My question is how do I log the activity of every user and every IP from the pfsense? I would want to have all the tcp/udp sessions opened and closed logged .
I am going to use graylog as a logging solution.
Any help would be appreciated!
Thanks in advance. -
@alexmercer said in Need to log OVPN user activity to syslog server. How ?:
I am going to use graylog as a logging solution.
Hi,
I think the best solution is to install something like this, and pick up some OVPN sensors:
https://github.com/VictorRobellini/pfSense-Dashboard
https://forum.netgate.com/topic/152132/grafana-dashboard-using-telegraf-with-additional-plugins -
Hope you have a huge & fast storage array
Logs could fill more than the user traffic.That said OpenVPN TUN mode is normal L3 traffic.
Once the client is connected it is "Clean IP traffic" , and you would just log everything. Both permit rules , and deny rules.But to make that visible in a sensible way ....
Btw: Who would prefer Bridging to Routing ??
/Bingo
-
@bingo600 said in Need to log OVPN user activity to syslog server. How ?:
Btw: Who would prefer Bridging to Routing ??
Hmmm, Hi
don't declare this like this, just think of branch to branch (VPN)
TUN and TAP are not in vain (developers are not stupid)
+++edit:
yeah and nowadays the log files are the ones that take up the least space in a logged environment...
we store a lot more nonsense stuff, like your FaceBoo... ksit stuff, just kidding.... you don't have FB