Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Log/Notification (Telegram)

    Scheduled Pinned Locked Moved pfBlockerNG
    5 Posts 3 Posters 658 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      Lockie
      last edited by

      Hey,

      Within pfBlockerng > Reports > DNS Reply I can filter for DNS Reply Domain. For example "google" and I'll see all results like "googleapis.com".

      I'm referencing this as pfBlockerng appears to be able to list DNS or domains accessed. As what I'd like to ask is when a domain is access, could a notification be triggered. Perhaps a log of it on pfSense or even better a notification via telegram or similar.

      Is anything like this possible?

      Many Thanks

      keyserK GertjanG 2 Replies Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @Lockie
        last edited by

        @Lockie Not from pfsense itself. But if you export your DNS reply logs to Loki/Greylog/or most other SIEMs, you can set up alert actions from there

        Love the no fuss of using the official appliances :-)

        L 1 Reply Last reply Reply Quote 1
        • L
          Lockie @keyser
          last edited by

          @keyser Can I use Splunk?

          keyserK 1 Reply Last reply Reply Quote 0
          • keyserK
            keyser Rebel Alliance @Lockie
            last edited by

            @Lockie Certainly

            Love the no fuss of using the official appliances :-)

            1 Reply Last reply Reply Quote 0
            • GertjanG
              Gertjan @Lockie
              last edited by

              @Lockie said in DNS Log/Notification (Telegram):

              As what I'd like to ask is when a domain is access, could a notification be triggered. Perhaps a log of it on pfSense or even better a notification via telegram or similar.

              What pfBlockerng shows on the screen (GUI) is made for you, at the moment when you access the page that shows the stats. You've noticed, it took some time to generate the page.
              I'll show you the source.

              Open the console, or better : SSH.
              Option 8 : and type

              tail -f /var/unbound/var/log/pfblockerng/dns_reply.log
              

              and just look at it.
              If you have just one or two devices on your LAN, then there will be moments without anything logged at all.
              But wait : if one of these devices is a Windows PC : do the thing that you normally shouldn't do : Open Microsoft Edge. And enjoy the spectacle.
              On my pfSense, I can't even read the lines on the screen as they scroll by to fast.
              Note : Don't use the console access for this if its serial. 115200 Bits/sec won't make it.

              I'm pretty sure you see it coming now : you want to send the content of this file over Telegram ? Or something else ?
              You will get banned from them in no time.

              Checkout this one :

              cb0cfdb8-712b-4f5b-b288-ef2c2c3858da-image.png

              Out of the box, it can't send the "/var/unbound/var/log/pfblockerng/dns_reply.log" file.
              If interested, I could show you the line to add, so it can send you the "/var/unbound/var/log/pfblockerng/dns_reply.log" file by mail.

              Btw : careful, this file can get pretty big. Email, these days, doesn't accepet 'any' size anymore.
              And as it gets very big (also called : huge), you can't really look at it anymore, and you'll be needing 'tools' to have it analyzed.

              No "help me" PM's please. Use the forum, the community will thank you.
              Edit : and where are the logs ??

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.