Map rule number to rule name
-
I have a requirement where I need to map the rule number of my syslog output to the rule name.
I know I can use "pfctl -vvsr" to see the rule names, but I want to be able to display the rule name instead of the rule number in my SIEM (splunk).
Is there anyway I can do that?
-
That can't be done currently, AFAIK. New format for 2.2 is documented here, https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2, so it doesn't look like it's in 2.2 either
Would be a nice option to have for sending to a remote syslog server that has no other knowledge of the client rule numbers or tracker numbers.