Better logging with a GUI?

valnar · Sep 20, 2017, 1:30 PM

I'd like to see the firewall logs in a better manner similar to CheckPoint or any other firewall product with a searchable GUI. Because the built-in log view is limited in pfSense, the standard recommendation is to use a syslog server or something better like Splunk. My question is, why? If the SSD I have installed in my pfSense box already has all the logs for everything that happens, why log it twice to something outside of the box?

Are there any packages or GUI tools that can utilize the logs already stored on the pfSense firewall instead of resorting to a syslog server? Ideally the tool would do what all standard firewalls do – search or filter existing conversations by IP address, destination, source, port, accepts, drops, etc. Without such a tool, pfSense cannot compete with the big boys IMO.

Edit: I'm currently using the NanoBSD version and will install the regular new 2.40 version on a different box soon. If the logging/search capabilities is different in NanoBSD, I apologize.

stephenw10 · Sep 20, 2017, 6:45 PM

The log viewer is not any different in Nano to the Ful Install. However you can already filter by those things. See attached screenshot from 2.3.4_1 Nano 32bit.

Are you seeing those options?

Steve

valnar · Sep 20, 2017, 7:52 PM

Actually no, I don't see that Advanced Log Filter option at all.

stephenw10 · Sep 20, 2017, 8:41 PM

Even when you click the filter icon in the top right?

Steve

valnar · Sep 20, 2017, 9:49 PM

Fixed. Browser issue.