Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Send email on GUI or VPN login script

    Scheduled Pinned Locked Moved
    Development
    1
    1
    174
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rb625
      last edited by

      Here's a PHP script I wrote that might be useful to someone: It sends an email when someone successfully logs in to the WebGUI or to the IPsec VPN server. It does this by watching logs, run every minute or two by cron. I have been testing this for about two years and it now works well for me. YMMV.

      Note that I am not proposing this as the only security measure for an important system. Loki or Zabbix could be helpful for detailed log monitoring. This is a simple "last line of defense" to alert you that someone is logging in. It can suffer from "acknowledgement fatigue" since you will get an email every time you login as well.

      To use this, follow the instructions at the top of the PHP file. Note that this will involve modifying your pfSense system, so if you are not at all familiar with FreeBSD or Linux, maybe this is not for you. Make a system backup first. Be careful in modifying the cron entries, as this could break the router.[logScanRB8r.php](Invalid file type. Allowed types are: .png, .jpg, .bmp, .txt, .gif, .xls, .gz, .zip, .pcap, .pcapng, .7z, .xml, .jpeg, .diff, .patch, .tgz, .tar, .0, .cap)

      You can edit the JSON file to change what you look for in the logs - you might want to delete the IPsec log section if you are not using IPsec.

      This is just some free give-back to pfSense community since I did not find anything that would do this. I'm not supporting this, if your router blows up, you're on your own...
      logScanRB.zip

      1 Reply Last reply Reply Quote 0
      • First post
        Last post