4. How to log the firewall's logs and then search?

How to log the firewall's logs and then search?

  • D

    hey all,

    Is there a way to log all the firewall entries to a remote server and then be able to look through them?

    I was thinking of building a centos VM and getting syslog installed on it.
    Then I'd be able to Grep through the log file for the items I wanted, e.g. search for an IP or port.

    Is this the best way to get the logs, keep then and make them searchable?

    Or is there a better way I have not thought of? - a nice GUI perhaps?

    0
  • Netgate Administrator

    There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

    Steve

    0
  • D

    @stephenw10:

    There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

    Steve

    Thanks for that mate.

    If anyone is interested I have built my self a small VM with 80GB hdd.
    Running Centos on there and it's running rsyslog which logs all the firewall data to /var/logs/syslog/firewall.log

    In turn I can grep for addresses and ports on this and have to say it works very nicely.

    I have the option "show raw filter logs" enabled and this does give quite a comprehensive view of all the traffic hitting my firewall.

    For now this will do me nicely but if I feel I need anything else then I'll have another look at that thread.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy