Logging traffic in Beta 2.0

toomeek

Hello,

how to log all estabilished connections in pfSense? I would like to dump data to single file everyday on multi WAN setup. It should has: when estabilished, when ended, IP+MAC of station in LAN, should take care for which WAN was outgoing, and if possible - send/received data for everyhost (daily). Is somewhere such module for pfSense?
On simple linux I think it would be like this script (bond0 is interface for LAN):

#!/bin/bash
#Check if directory exists
if test -d /home/logi/
        then echo "Directory already exists!"
        else  mkdir /home/logi
        fi
#Change filename
mv /home/logi/tcp-syn.dmp /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp
#Dump as text
tcpdump -i bond0 tcp [13] == 2 -n >> /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp /
rm /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp

this can be also RAW data (to avoid modifications in logs):

tcpdump -i bond0 tcp [13] == 2 -w /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp

jimp

Sounds like you want to run netflow (either with the pfflowd or softflowd packages) - but it doesn't queue the data locally, you need a netflow collector to receive the data and store it.

http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F#Netflow

http://doc.pfsense.org/index.php/Exporting_NetFlow_with_softflowd