Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec Logging Customization

    IPsec
    1
    1
    1487
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      ohai
      last edited by

      I'm working on attempting to make the IPSec log more valuable by removing the less important informational chatter and having an output that is more readable for auditing user VPN connections as well as adding an identifier field so I know what log lines are associated with what IPSec User via IPsec static IP Address or Identifier for the Key entry.  Currently, I'm pulling this information into a centralized rsyslog remotely and outputing it to a single pfsense log file rather than the main syslog.

      Is there a way to modify the Racoon output within pfsense to include custom fields where I can add a custom column (such as pulling from the IPsec Identifier field based on the key connecting to racoon for IPsec or which IPsec IP address they are receiving) for each connection based on the static IPsec IP that they use upon connecting?

      Example:

      racoon: [Unknown Gateway/Dynamic]: [IPsec Identifier] INFO: IPsec-SA expired: ESP/Tunnel ...[0]-> ...[0] spi=XXXXXX(000000)

      It's difficult to create a report based on the logs without having some kind of identifier field which tells you what client is generating what message to pull them into a report for each use and what external IPs are using each one.

      If anyone has any ideas it would be greatly appreciated, thank you!

      Cheers

      1 Reply Last reply Reply Quote 0
      • First post
        Last post