Firewall rule name in logs

  • Regarding the pfsense firewall:

    • Can I configure it to include the firewall rule name in each log entry ?

    • Can I put any name in the rule, is there some character restrictions (as comma) ?

    My aim is to include tags in rule names to filter the logs before they are indexed into a SIEM

  • Technically, these are NOT called rule names, but descriptions instead.

    The description of my firewall rules (on LAN is where I'm logging) are in my firewall logs. If you've got no rules created, you'll have to make some that actually log the data. After that, if you look in Status -> System Logs -> Firewall in the Rule column it lists the rule description(s).

    There's also the 10 digit unique (I think) tracking ID code to make them quick to find or index.

    The only restriction listed for rule descriptions is max of 52 characters. Don't know anything about special characters, however. Here's some talk about some description stuff.