System Logs / Firewall Not Logging
-
@Bob-Dig If I was to do the same thing with a computer on my LAN (192.168.30.193) and ping a computer on my DMZ subnet (192.168.31.226) that traffic should get logged by pfSense?
Is so then I should be see the traffic pass or get block depending on my pfSense rules.
-
@TAC57 True
-
@Bob-Dig Well, I must be doing something wrong. I can ping google.com from my 192.168.31.26 computer. I set the filter source IP address to 192.168.30.193 and then ping 192.168.31.26 from my 192.168.30.193 computer and don't see anything in the log, either blocked or unblocked.
I also ping google.com from 192.168.30.193, which I get a response, but don't see anything in the firewall dynamic view log.
-
@TAC57 said in System Logs / Firewall Not Logging:
I also ping google.com from 192.168.30.193, which I get a response, but don't see anything in the firewall dynamic view log.
You are right, I also can't see it.
I call @johnpoz -
@TAC57 said in System Logs / Firewall Not Logging:
that traffic should get logged by pfSense?
Why did you tell it to log? Out of the box only default deny is logged. To by default log all allow rules you would have to enable that..
-
@johnpoz I told it to log, because there is a check box that says "Log packets that are handled by this rule". On reading that I figured it would log the traffic.
If the out of the box logs denied traffic, why does it make any difference?
-
@TAC57 said in System Logs / Firewall Not Logging:
On reading that I figured it would log the traffic.
it would - did it create a new state? existing states wouldn't be logged.
-
@johnpoz I have no idea, looks like lots of entries in States. After messing with a rule should I Reset States to clear out the state table?
-
@TAC57 said in System Logs / Firewall Not Logging:
After messing with a rule should I Reset States
would depend on the rule you created.. I you had an allow rule and traffic had previously been allowed and created a state.. And then you say created a block rule.. Yeah you would have to clear that existing state before your traffic would be blocked.
If you told a rule to log something, and there was a previous state - how would it back date that log to when the state was created? So yeah you would have to clear an existing states so when a new state was created the rule would log it.
-
@Bob-Dig said in System Logs / Firewall Not Logging:
You are right, I also can't see it.
I call @johnpozOoops, now I see it... was to late for me that day.