Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tracing Blocks/Understanding Logs

    Scheduled Pinned Locked Moved pfBlockerNG
    1 Posts 1 Posters 275 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Grunt0307
      last edited by Grunt0307

      I've been spoiled by my work's web gateway which allows me to perform a real-time trace on traffic from a host and see what rules are causing the block for each uri. Is there any way to do this with pfblockerng's logs?

      Alternatively, I'd like to ingest the logs into Elasticsearch. However, to do so, I need to know what each column of the logs is for. For example, dnsbl.log:

      DNSBL-HTTPS,Jul 28 12:11:10,settings-win.data.microsoft.com,192.168.1.225,Unknown,DNSBL,DNSBL_Shallalist,settings-win.data.microsoft.com,Shallalist_tracker,-

      I can guess at most of the columns but I'd like a concrete understanding of what each column is.

      This has all stemmed from my inability to use Amazon Prime Video consistently. Sometimes it will say 'video unavailable please wait' then I look at logs and I can't readily identify the block. However, if I change my DNS to 8.8.8.8, it works perfectly. I'm getting ready to move in with the g/f and the last thing I want to hear is cries about shit not working and not able to quickly remedy the issue.

      Edit: I should probably mention that my inconsistent results may be because I am using a smart dns to get around MLB.tv region blackouts and I am also blocking traffic in/out to everywhere except NA

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.