Monitoring FW logs and attacks
-
Hi folks,
I want to monitor the FW logs (and attacks as well) on pfSense and I was looking if there is any tool on available packages where I can see the logs of the last month, and sort them by source/destination IP or destination port, but there is nothing like that as I can see.
I want to be able the see which source/destination IPs, destination ports, have the most block packages, on all interfaces.
Generally I want to be able to check the logs from some days ago and see if there was some attack and or so.Is there any way/tool on pfSense which I can use to have this function?
thnx in advance
-
Hi I use syslog to another PC the software I am currently using is SYSLOG Watcher. intall the software on your PC and then on pfSense goto system logs settings and enable the tick box and enter your PC's IP address.
-
hi galaxy60,
thnx for your replythat looks a good solution, do you maybe know any software like SYSLOG Watcher for linux (ubuntu)?
have you compared the logs on SYSLOG Watcher and pfSense to see how fast/often are the logs being copied to the log server?I am thinking to enable also snort, is there something similar for sending snort logs as well?
-
Hi Linux has it's package you can install for syslog but I'm don't think it has a GUI like the one mentioned as for Snort this does have it own internal logging
-
thnx for your reply galaxy60,
I guess I have to activate/enable snort and see how it is going with blocking/alerting/logging and then decide if I need to copy the logs to some other server as well.
cheers