Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ? for pfsense Developers

    Scheduled Pinned Locked Moved pfSense Packages
    4 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ToxIcon
      last edited by

      Do you think its possible to make the the Pfsense 2.0 Status: System logs: Firewall
      page look like and display the information that is listed in the attachment below.

      or if not maybe some can create a  Dashboard Widget

      http://dumpsterventures.com/jason/httpry/
      httpry_agent.png
      httpry_agent.png_thumb

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        No, because that is a log from something sniffing the actual traffic, not a firewall log.

        You're after something like squid that can read the data from inside the packets and log where people go.

        Or at the very least a package for something like urlsnarf that can just read/log and not proxy. That would be a bit of work though, not something people are jumping all over themselves to volunteer to code. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          ToxIcon
          last edited by

          jimp look at the last 2 couldn't Pfsense 2.0 Status: System logs: Firewall
          page be able to display the domain/URL as well as IP address something like

          Destination          cc        domain/URL

          217.163.21.40    GB        ad.yieldmanager.com

          it would make stuff a lot easier for people who don't use squid.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            No.

            All you know is the IP from the firewall log - at best you can guess the country with something like GeoIP but it's just a guess - you cannot get the URL unless you luck out and find that the IP actually reverse resolves to something meaningful.

            Many sites are hosted as virtual hosts, so there are 10, 100, 1000 "URLs" on a single IP address. The only way to know the URL is to sniff/proxy the traffic. You cannot get that from the IP.

            To do reverse DNS on the entire firewall log would take far too long to be practical, even just the part shown in the GUI. There is already a link (a little i) that will take you to Diagnostics > DNS with that IP if you really want to do a reverse lookup.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.