Tracing Blocks/Understanding Logs
I've been spoiled by my work's web gateway which allows me to perform a real-time trace on traffic from a host and see what rules are causing the block for each uri. Is there any way to do this with pfblockerng's logs?
Alternatively, I'd like to ingest the logs into Elasticsearch. However, to do so, I need to know what each column of the logs is for. For example, dnsbl.log:
DNSBL-HTTPS,Jul 28 12:11:10,settings-win.data.microsoft.com,192.168.1.225,Unknown,DNSBL,DNSBL_Shallalist,settings-win.data.microsoft.com,Shallalist_tracker,-
I can guess at most of the columns but I'd like a concrete understanding of what each column is.
This has all stemmed from my inability to use Amazon Prime Video consistently. Sometimes it will say 'video unavailable please wait' then I look at logs and I can't readily identify the block. However, if I change my DNS to 220.127.116.11, it works perfectly. I'm getting ready to move in with the g/f and the last thing I want to hear is cries about shit not working and not able to quickly remedy the issue.
Edit: I should probably mention that my inconsistent results may be because I am using a smart dns to get around MLB.tv region blackouts and I am also blocking traffic in/out to everywhere except NA