Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Find issues back in time

    Firewalling
    2
    2
    1745
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fireix
      last edited by

      I had a report from a user that his server was down for a good hour last nigth. How can I go back in time and see if there has been traffic blocked at time time or by IP many hours ago? The web-gui doesn't seem to support this.

      I have tried "clog /var/log/filter.log | grep "IP" and also checked the snort GUI to try to see if there are any hosts blocked. I have logging enabled for all rules.

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        In my experience, it's best to send system logs to an external syslog server. You avoid filling up the local filesystem with historical data for one thing and - depending on the syslog server you use - you can often find the data more searchable.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post