<![CDATA[Logging connections to external SQL database or files]]>

<![CDATA[Logging connections to external SQL database or files]]>Hello,

I would log every estabilished and closed connection with following data:

date/time estabilished
date/time closed
IP LAN -> Internet
Internet -> IP LAN
MAC address of LAN device should be also included
avoid repeating messages

Right now (not on pfSense but on Linux box) I'm doing just tcpdump with following script:

#!/bin/bash
#Check if directory exists, if not create
if test -d /home/logi/
        then echo "Directory already exists!"
        else  mkdir /home/logi
        fi
#Moving files
mv /home/logi/tcp-syn.dmp /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp
#This is dump into RAW data
#tcpdump -i eth2 tcp [13] == 2 -w /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz /h
#This is dump into TXT data
tcpdump -i eth2 tcp [13] == 2 -n >> /home/logi/tcp-syn.dmp & tar cvfz /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.tar.gz
rm /home/logi/tcp-restart-`date +%d-%B-%Y--%H-%M`.dmp

This creates daily logs in separate files, for example:

tcp-restart-08-February-2011--16-20.tar.gz
tcp-31-july-2011.tar.gz

Eth2 is my LAN interface.
And they are really small files (but don't know does it log every single estabilished connection).

Now I have to ask how to log connections in pfSense? Let's assume I would like to collect all logs from many pfSense boxes in one place :)

]]>https://forum.netgate.com/topic/43506/logging-connections-to-external-sql-database-or-filesRSS for NodeTue, 09 Jun 2026 18:19:13 GMTSat, 31 Mar 2012 22:14:43 GMT60<![CDATA[Reply to Logging connections to external SQL database or files on Sat, 31 Mar 2012 22:17:27 GMT]]>Use syslog to forward pfsense logs to this Linux box and use the same script on log received.

Or use a syslog server That do this sql/frontend for you.

]]>https://forum.netgate.com/post/328184https://forum.netgate.com/post/328184Sat, 31 Mar 2012 22:17:27 GMT