Traffic accounting / state logging
-
Hello,
I am currently building a pfSense replacement for a currently running firewall that is based on a Bintec router.
The old Bintec router has a nice feature, an IP accounting log, via external syslog.
That device can log all traffic metadata externally to a syslog server:- source and target IP addresses
- source and target ports
- protocol
- number of packets sent/received
- number of bytes sent/received
This accounting log is session based. That means, for example, for a HTTP download of a file by a user
I get one single line in the accounting log with the above information, when the session has finished.
I am now looking into achieving something similar with pfSense. I have not found a direct solution yet.
Does anyone have a hint where I could start? Any tool/package available on pfSense I can start with?I have seen there is bandwithd … but I want to simply log the accounting data externally to syslog and
be able to analyze it and generate a report with an external tool. And sometimes I need to analyze the
logged accounting data weeks/months later to see what was the reason for a traffic peak, for example.
Or to find out trends of traffic generated by different protocols/applications (ports) and so on.From what I have read and researched about pfSense, the "states" of pfSense are what I would like to
log externally but there does not seem to be a way yet to do this?Thanks for any hint or insight about how you solve such requests!
Kai-Uwe