I would like to see my logs a bit more… clear and understandable
czar666 last edited by
My firewall logs are sent to a remote syslog server. They are coming in so everything is fine. Now I would like to see them in a more comprehensive manner.
In the pfSense book they are talking about # clog /var/log/filter.log | filterparser.php. And that helped. But that's on the pfSense box, not on my syslog server. I added a screenshot to this post. Btw, if someone has other options to check logs, please share. I read something about Splunk, Opennms and Nagios but I admit I still have to check those options. Oh and I just want to add that it's for SOHO. So nothing too fancy or no overkill. I just want to experiment and learn. Thanks in advance.
You'll need to have something parse them on the syslog server in that case. There isn't a supported way to send the formatted log entries over, just the raw data. It's easy to parse since it's CSV style data and we have the format documented: https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2
There is a pre-made pfELK virtual machine you could try: