See rule name in web log?

mavsol · Jan 22, 2010, 5:53 PM

Hello,

First post. I have been lurking for the last few months and using Pfsense since about September.

Is is possible to patch or configure the system to see the rule name in web log? This is very useful when traffic is blocked that you think shouldn't be.

I have seen this question before: http://forum.pfsense.org/index.php/topic,20077.0.html but no answer.

mavsol · Jan 22, 2010, 6:01 PM

Oops 3 min later I found this post: http://forum.pfsense.org/index.php/topic,22113.0.html
Now I have a second question: When I click on the red X etc. to see the rule name some of them are blank.
The popup says "The rule that triggered this action is:" and that is all it says. Why might the name be blank?

GruensFroeschli · Jan 22, 2010, 7:29 PM

Did you put a name into the description field of each rule?

Rezin · Jan 27, 2010, 4:34 AM

@mavsol:

The popup says "The rule that triggered this action is:" and that is all it says. Why might the name be blank?

I've seen this happen when the entry is already present in the logs, and you change a firewall rule.

I'm guessing the firewall rule numbers (e.g., "diag_logs_filter.php?getrulenum=193") are changed when you add/delete rules, so therefore the description will either be for another rule altogether (added or deleted), or blank (deleted).

jimp · Jan 27, 2010, 5:24 AM

@mavsol:

Is is possible to patch or configure the system to see the rule name in web log? This is very useful when traffic is blocked that you think shouldn't be.

Unfortunately, the only reference to the rule in the pf log is the rule number, and since this number can change (as the poster before me guessed correctly), it's not 100% reliable. There's no easy way to capture this when it's actually logged either.