pfblocker filter alerts
-
pfBlockerNG / Alerts
When using Alert Filter and searching by Source Address i noticed that results for certain IPs do not show up at all although i do see blocked messages in the logs.
Just strange inconsistent behavior. If i search for an IP in my LAN, my main PC that I know is sending traffic all the time, There are no Denys/Permits/Matches nothing....
Does the alert filter work? Is it broken?
-
Read the first 4, 5 posts in the pfBlockerNG forum, where you posted, to get an idea.
You willl find posts like these "pfBlockerNG-devel 3.1.0_4 Report tab not working correctly".
Apply the small patch manually. -
@gertjan Thank you!! Will check it out. Appreciate it
edit - I cant find what your'e talking about. Also does the patch apply even though i have the latest package installed?
-
@michmoor said in pfblocker filter alerts:
edit - I cant find what your'e talking about. Also does the patch apply even though i have the latest package installed?
To make a long story shorter :
https://redmine.pfsense.org/issues/13154
https://redmine.pfsense.org/issues/13156#note-18
You have to do some file editing yourself.
No "help me" PM's please. Use the forum, the community will thank you.
Edit : and where are the logs ?? -
@gertjan ok yeah ive applied that conf change awhile ago. CPU utilization is no longer an issue. The main problem im having is just the alert filter log[pictures above].
Searching for any LAN IP doesnt return results.
My IP block stats populate fine. Just the Alert search is broken. -
@gertjan So this was an error on my part just in how I view the alert filter field. I didn't realize there were two sections, IP and DNSBL. There was no delineation so it just seemed like one big search field. There is a separate search for Src Address in the DNSBL section and that's what i needed.
Appreciate your help with this!
-
@gertjan said in pfblocker filter alerts:
The link in #18 doesn't work to me but the first patch in #19 does, so thank you, finally alerts for IP are working again.
