Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Log MAC addresses in Firewall log

    Firewalling
    2
    3
    2.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      Nukeador
      last edited by

      Hi,

      Is it possible to log the MAC addresses in the Firewall Log?

      I have a configuration where the users get an IP via DHCP, and I'm trying to detect some troyan connections so I set up a block rule to track the IPs the troyan usually connects to and then look on the log from where it tries to connect.

      My problem is that once I get these IPs, I'm unable to know wich computers correspond to the IPs without a MAC adress.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        not sure exactly to what you are trying to do but i saw this in some other thread.

        arp -a >> arp.txt

        stick it into crontab how often you wanna run it

        EDIT: besides the obvius…you know there is a dhcp log right?

        /F

        1 Reply Last reply Reply Quote 0
        • N
          Nukeador
          last edited by

          Yes, but pfSense has something called DHCP leases so I think maybe there is an option to associate this data table directly without having to do it manually, the idea is to have in the firewall log the MAC address next to the ip, because the ip association changes from one day to another (I'm using dynamic DHCP).

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.