PFSense Firewall Log View - Showing Logs Once ICMP
gethersJ last edited by
Not sure if anyone can help me, basically we have a PFSense here which is on version 2.4.4 Release P3.
I am trying to track traffic on the firewall using the log view, but the issues I am having is I only see the traffic hitting the logs once and thats it. An example of this would be:
If i try and ping google.co.uk on a continuous loop from my PC, I will only see that event in the logs view only once... but I really need to see this for each ICMP request. So if it pings 50 times I would like to see the ping in the logs 50 times.
We have tried sending the logs to a syslog server and the results are the same there, PFSense only logs things once. Is there any way that we can stop this from happening, even if its only a temporary measure.
We have a rule active allowing ICMP requests and Logging is enabled on that rule also.
If i try and ping google.co.uk on a continuous loop from my PC, I will only see that event in the logs view only once... but I really need to see this for each ICMP request. So if it pings 50 times I would like to see the ping in the logs 50 times
You are not tracking traffic if you would see 50 icmp pings in your Logs. Firewall Logs are exactly that - Logs. They are not to be used for traffic analasys. There are other packages that do that job, traffic log isn't the right one. And of course you only see 1 hit in the logs, as only the first state / request is logged, all other pings are matched against the valid state and are passed through because of stateful filtering.
If you want to log traffic, use ntopNG, bandwithd, darkstat etc. or just install softflowd and send your flows to an internal flow collector and let it parse and beautify your traffic :)