How to log the firewall's logs and then search?



  • hey all,

    Is there a way to log all the firewall entries to a remote server and then be able to look through them?

    I was thinking of building a centos VM and getting syslog installed on it.
    Then I'd be able to Grep through the log file for the items I wanted, e.g. search for an IP or port.

    Is this the best way to get the logs, keep then and make them searchable?

    Or is there a better way I have not thought of? - a nice GUI perhaps?


  • Netgate Administrator

    There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

    Steve



  • @stephenw10:

    There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

    Steve

    Thanks for that mate.

    If anyone is interested I have built my self a small VM with 80GB hdd.
    Running Centos on there and it's running rsyslog which logs all the firewall data to /var/logs/syslog/firewall.log

    In turn I can grep for addresses and ports on this and have to say it works very nicely.

    I have the option "show raw filter logs" enabled and this does give quite a comprehensive view of all the traffic hitting my firewall.

    For now this will do me nicely but if I feel I need anything else then I'll have another look at that thread.


Log in to reply