Daily threat report in PfSense



  • Hi everyone,

    I was working for a long time with others firewalls and I configured a daily threat report in them. Everyday I got these reports via email so I could check them to look for threats that ocurred.

    I tried to configure this type of report in PfSense but I did not found anything. Is there any threat report on PfSense?

    Thanks beforehand,
    Mike.


  • LAYER 8 Global Moderator

    So you want a report from your firewall log?  From Snort?  What do you consider a threat?  Do you want to see how many users hit you via your open to the public ssh server?

    Install the mailreport package, and you can have it send you all kinds of info whenever you want. Once a day, every hour, etc.



  • I would like to get a report with IDS/IPS information, antivirus report, attack attempts, etc. Bandwith, session logs and others traffic parameters are nice but I would like to check daily threat information.

    Is this possible with mailreport package? I just found traffic information/graphs for this.

    Thank you!


  • LAYER 8 Global Moderator

    you can run a cron to pull out info from the logs, or pipe info to a text file to be include in the logs, etc..  So anything that can output the info you want - can be setup to be included in your mailreport with simple cron job.  So you will prob want the cron package as well.

    This could some as simple as your disk space usage to sure hits to port X on your firewall.  Or logs from your IPS, etc. etc.


  • Galactic Empire

    @johnpoz:

    you can run a cron to pull out info from the logs, or pipe info to a text file to be include in the logs, etc..  So anything that can output the info you want - can be setup to be included in your mailreport with simple cron job.  So you will prob want the cron package as well.

    This could some as simple as your disk space usage to sure hits to port X on your firewall.  Or logs from your IPS, etc. etc.

    Install the mailreport package as John mentioned and run the following as a command after midnight, it will yank out the previous days logs :-

    grep date -v-1d +"%m/%d/%y" /var/log/snort/snort_pppoe0*/alert

    You'll need to change "pppoe0" to the interface you're using.

    It would be nice if you could set the minutes in mail report but you can't you can only run on the hour, unless you tweak it with cron.


Log in to reply