Email notice when rule matched



  • I would like to get an email notice anytime there is an attempted login to the remote admin GUI so I'm thinking the best way to do this would be to send a notice anytime that firewall rule is matched.

    Is there a way to do this?  I realize it wouldn't be in the GUI anywhere, but I'm thinking that if rule matching is logged somewhere, I could have a script tail the log or something.

    So I guess my question is: Is there a log somewhere with this information?


  • Rebel Alliance Developer Netgate

    Matching a firewall rule wouldn't be the best way, as it would log any connection, not a login attempt.

    The system log records actual login attempts (good or bad) like so:

    Feb 3 09:38:48 	php: /index.php: webConfigurator authentication error for 'admin' from 192.168.1.2
    Feb 3 09:38:50 	php: /index.php: Successful webConfigurator login for user 'admin' from 192.168.1.2
    

    If you send the syslog messages to another box (remote syslog server) then you could have any standard syslog tools look for those strings and alert you. There are several such syslog setups out there.


Log in to reply