Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to navigate disk inside Netgate appliance from GUI?

    Scheduled Pinned Locked Moved Official Netgate® Hardware
    20 Posts 6 Posters 1.7k Views 6 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rloeb
      last edited by

      I've looked through all the documentation I can find and nowhere is there an explanation of how to navigate the disk data from Diagnostics|Command Prompt. (I know how to do this from the serial console, but need to do it from the GUI.) I have alerts capturing the traffic that caused the alert, and I would like to be able to inspect that data (or download it), so I can understand what's actually triggering some of the more esoteric rules. If I do "ls" in the command prompt window, I get a listing of something, but it's not the root directory. What's the secret?

      V GertjanG NogBadTheBadN 3 Replies Last reply Reply Quote 0
      • V Offline
        viragomann @rloeb
        last edited by

        @rloeb
        So add the slash to the ls command to get the root listed like

        ls -l /
        
        R 1 Reply Last reply Reply Quote 0
        • R Offline
          rloeb @viragomann
          last edited by

          @viragomann Thank you, but how do I change to that directory, so I can then move through the directory tree?

          V S 2 Replies Last reply Reply Quote 0
          • V Offline
            viragomann @rloeb
            last edited by

            @rloeb
            Never tried. I simply use absolute paths for all like

            ls /var/log
            

            to check the logs directory.

            1 Reply Last reply Reply Quote 0
            • GertjanG Offline
              Gertjan @rloeb
              last edited by Gertjan

              @rloeb said in How to navigate disk inside Netgate appliance from GUI?:

              nowhere is there an explanation of how to navigate the disk data from Diagnostics|Command Prompt. (I know how to do this from the serial console, but need to do it from the GUI.)

              None of these, and stay away from IMHO Diagnostics|Command Prompt.
              The console access is sacred, important, not very practical for every-day usage.

              I advise you to this :

              First of all :

              Install WINSCP (or : pay ware - and far better : SmartFTP) -a SFTP client (can also be used to wake up the pretty dead FTP if you find an ancient device still suppoting this)
              Install Notepad++ (or : pay ware : UltraEdit) - you should have it, as these are the perfect 'pure text editors'.
              Install Putty (as set of 4 or 5 programs) - world best known SSH client - should be on every device, as it it used to 'admin' everything. MAC and *inux users might use their own SSH client.

              On pfSense
              Activate SSH access :

              3f93a2cb-d30d-41c6-a81a-0cb5033b526e-image.png

              The "Public key only" is a whole story by itself. "password" exists access is something of the past.
              How to create the 'key' etc, see the pfSense manual. The subject is also top ranked @Google.
              Or keep the password access and don't tell anybody ^^

              Use WINSCP to connect to pfSense over TCP port 22 as a 'file explorer'. Now you can inspect every file, the entire file (disk) structure.
              You'll find a, not entirely vanilla, FreeBSD system.

              Want to follow a (firewall) log real time ?

              No big deal : use the command invented some 40 years ago :

              tail -f tail -f /var/log/filter.log
              

              and enjoy.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              R 1 Reply Last reply Reply Quote 0
              • R Offline
                rloeb @Gertjan
                last edited by

                @gertjan I certainly appreciate your detailed instructions. However, I have a different set of requirements and users who actually need to be able to navigate from the GUI to view (and download) logs and tcp dumps. Giving them access with WINSCP and teaching them to use it is like giving someone who needs the key to your storage unit a lock picking kit and lock picking lessons :-)

                GertjanG 1 Reply Last reply Reply Quote 0
                • S Offline
                  SteveITS Galactic Empire @rloeb
                  last edited by

                  @rloeb The command prompt diag page is not an actual command prompt, it just runs what is typed. So the "current directory" is wherever it starts, every time, and you need to specify paths. I don't think you can download arbitrary files from the GUI...it doesn't have a file manager.

                  @Gertjan Windows 10 includes a command line ssh client now too, but I've used PuTTY for many years. (added along the line, maybe 1909? not sure)

                  Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                  When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                  Upvote 👍 helpful posts!

                  R 1 Reply Last reply Reply Quote 0
                  • NogBadTheBadN Offline
                    NogBadTheBad @rloeb
                    last edited by NogBadTheBad

                    @rloeb Get a sftp client like transmit:-

                    Screenshot 2021-03-19 at 16.01.35.png

                    Andy

                    1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                    1 Reply Last reply Reply Quote 0
                    • GertjanG Offline
                      Gertjan @rloeb
                      last edited by

                      @rloeb said in How to navigate disk inside Netgate appliance from GUI?:

                      and users who actually need to be able to navigate from the GUI to view (and download) logs and tcp dumps.

                      Users that download files like "tcp dumps" ... and can do something - like understanding them - these files ?
                      Now these are the real admins !!
                      Just give them an access, as they already know what to do for the rest.

                      Ntw : the syslog could be send to a centralized syslog server.

                      No "help me" PM's please. Use the forum, the community will thank you.
                      Edit : and where are the logs ??

                      1 Reply Last reply Reply Quote 0
                      • R Offline
                        rloeb @SteveITS
                        last edited by

                        @teamits You can download a file if your know it's full path. That feature is part of the "command prompt" page. That's the reason I want users to be able to navigate the directory tree -- to find the file they want to download. (It would be easier if Netgate published the locations of relevant files. Example: Snort has a feature that automatically captures packets that generate an alert, but nowhere is there any mention of where those packet capture files are stored.)

                        S 1 Reply Last reply Reply Quote 0
                        • S Offline
                          SteveITS Galactic Empire @rloeb
                          last edited by

                          @rloeb said in How to navigate disk inside Netgate appliance from GUI?:

                          download a file if your know it's full path

                          I stand corrected, guess I never used that page for that. :)

                          Try 'find / -name "*.pcap"' if you know the extension, perhaps limited to /var instead of /. Or "find / -type f -mtime -1" for files in the last day.

                          Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                          When upgrading, allow 10-15 minutes to reboot, or more depending on packages, CPU, and/or disk speed.
                          Upvote 👍 helpful posts!

                          R 1 Reply Last reply Reply Quote 0
                          • R Offline
                            rloeb @SteveITS
                            last edited by

                            @teamits Thank you.

                            R 1 Reply Last reply Reply Quote 0
                            • R Offline
                              rloeb @rloeb
                              last edited by

                              @rloeb Note: If you use WinSCP to navigate the disk in a Netgate pfsense appliance, you cannot download the files that are captured by the process I was using. Access is denied when you attempt to download. I don't understand why access is denied, although I can appreciate why "write" or "modify" access would be denied.

                              GertjanG 1 Reply Last reply Reply Quote 0
                              • GertjanG Offline
                                Gertjan @rloeb
                                last edited by Gertjan

                                Strange.

                                Just tested WinSCP myself.
                                When packet capturing from this web page https://pfsense.local.net/diag_packet_capture.php ( it tells me where the captured file is kept ) :

                                $fp = "/root/";
                                $fn = "packetcapture.cap";
                                

                                I could load the /root/packetcapture.cap file with a click :

                                6a439b01-b69a-4ce8-9298-6c1c9b9d0aea-image.png

                                No "help me" PM's please. Use the forum, the community will thank you.
                                Edit : and where are the logs ??

                                R 1 Reply Last reply Reply Quote 0
                                • R Offline
                                  rloeb @Gertjan
                                  last edited by

                                  @gertjan .../diag_packet_capture.php is the page displayed from the pfsense menu: Diagnostics|Packet Capture. I do not find any information there about where the captured packet is stored. (However, there may be such information if packets are captured using the packet capture capabilities on that page, which I didn't attempt.)

                                  The packets captured from Services|Snort|Edit Interface|LAN|Alert Settings|Enable Packet Captures are stored in a directory: /var/log/snort/snort_igbnnnnnn (nnnnnn = 6 digits; new directory created each time instantiated) as a .log file. If "Enable Unified2 Logging" is also checked, then a .U2 file is also created in the same directory.

                                  That directory cannot be opened by WinSCP (permission denied). The only way I have found to display or download either file is by using Diagnostics|Command Prompt within Snort.

                                  GertjanG 1 Reply Last reply Reply Quote 0
                                  • GertjanG Offline
                                    Gertjan @rloeb
                                    last edited by

                                    @rloeb

                                    Didn't know you were using snort.

                                    Thought it was :

                                    3cbc6f63-2684-4946-ab03-e5ee029b442a-image.png

                                    No "help me" PM's please. Use the forum, the community will thank you.
                                    Edit : and where are the logs ??

                                    R 1 Reply Last reply Reply Quote 0
                                    • R Offline
                                      rloeb @Gertjan
                                      last edited by

                                      @gertjan Regardless, your help has been invaluable. I learned a bunch!

                                      1 Reply Last reply Reply Quote 0
                                      • stephenw10S Offline
                                        stephenw10 Netgate Administrator
                                        last edited by

                                        You can just browse (and open) files in Diag > Edit File. Often easiest.

                                        Steve

                                        R 1 Reply Last reply Reply Quote 0
                                        • R Offline
                                          rloeb @stephenw10
                                          last edited by

                                          @stephenw10 My issue was finding the file to view/edit :-)

                                          1 Reply Last reply Reply Quote 0
                                          • stephenw10S Offline
                                            stephenw10 Netgate Administrator
                                            last edited by stephenw10

                                            Right but you can click browse there and look for it if you have some vague idea.

                                            Screenshot from 2021-03-29 15-12-14.png

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.