Separate Log View window?



  • Hello!,

    Ive decided to give pfsense a test run since its FreeBSD based (im a juniper (junos) type of guy) so far im very impressed, however when it comes to php or anything web im a moron. So my question is the following:

    How difficult would it be to spawn a new small window for the Logs with the ability to filter on Interface, Source IP, Destination IP, Dst Port, Protocol while viewing in dynamic view.

    **This would make it much easier when troubleshooting and building a rule-set without having to go back and fourth or have a 2nd window up.

    Thanks!
    PS. I tested Endian, ClearOS, Smoothwall, Vyatta and Untangle in my labs and aside from Vyatta, PFSense is rock solid and able to produce the same throughput with half the hardware the other 4 required with NTOP, Snort, HAVP, Proxy + Content turned on, very impressed.


  • Rebel Alliance Developer Netgate

    It may not really be feasible, at least how things are done now. The dynamic log view does not support filtering at all, for one. I need to do some updates to that page in 2.0 anyhow, I might see if there would be a way to work that in.

    For now, you may be better off connecting via SSH and from there you can watch the log directly and grep as needed.

    If you install the dashboard package, you also can use a console based log parser which is easier to read than the raw logs. It should work something like this, to watch for IP 1.2.3.4:

    clog -f /var/log/filter.log | php -q /usr/local/www/filterparser.php | grep 1.2.3.4
    


  • @jimp:

    It may not really be feasible, at least how things are done now. The dynamic log view does not support filtering at all, for one. I need to do some updates to that page in 2.0 anyhow, I might see if there would be a way to work that in.

    For now, you may be better off connecting via SSH and from there you can watch the log directly and grep as needed.

    If you install the dashboard package, you also can use a console based log parser which is easier to read than the raw logs. It should work something like this, to watch for IP 1.2.3.4:

    clog -f /var/log/filter.log | php -q /usr/local/www/filterparser.php | grep 1.2.3.4
    

    Thanks, i was actually using that method and works solid!

    On a seperate note (and i apologize if this isnt the correct thread), but i noted after installing Squid + HAVP + SquidGuard, SquidGuard stopped working, the error was along the lines of ip_ranges couldnt be redeclared (im not at my work PC so i cant copy/paste it), is there a document or howto to properly intergrate the three packages?

    My setup was Squid Transparent, HAVP Parent to Squid and then the normal SquidGuard settings.

    Thanks!


  • Rebel Alliance Developer Netgate

    I'd start a new thread for that. I'm not familiar with HAVP at all, and the package author does frequent the package subforum quite often.


Log in to reply