Monitoring FW logs and attacks



  • Hi folks,

    I want to monitor the FW logs (and attacks as well) on pfSense and I was looking if there is any tool on available packages where I can see the logs of the last month, and sort them by source/destination IP or destination port, but there is nothing like that as I can see.

    I want to be able the see which source/destination IPs, destination ports, have the most block packages, on all interfaces.
    Generally I want to be able to check the logs from some days ago and see if there was some attack and or so.

    Is there any way/tool on pfSense which I can use to have this function?

    thnx in advance



  • Hi I use syslog to another PC the software I am currently using is SYSLOG Watcher. intall the software on your PC and then on pfSense goto system logs settings and enable the tick box and enter your PC's IP address.



  • hi galaxy60,
    thnx for your reply

    that looks a good solution, do you maybe know any software like SYSLOG Watcher for linux (ubuntu)?
    have you compared the logs on SYSLOG Watcher and pfSense to see how fast/often are the logs being copied to the log server?

    I am thinking to enable also snort, is there something similar for sending snort logs as well?



  • Hi Linux has it's package you can install for syslog but I'm don't think it has a GUI like the one mentioned as for Snort this does have it own internal logging



  • thnx for your reply galaxy60,

    I guess I have to activate/enable snort and see how it is going with blocking/alerting/logging and then decide if I need to copy the logs to some other server as well.

    cheers


Log in to reply