Traffic retention data syslog



  • Hi I have a pfsense VMware machine on a ts140 and it's been working great, I've a single wan with one static IP and two lans. One virtual machines and the other for the network.

    On the network I have a few computers on static ip's and I need to log the traffic that goes to/from them, so as if needed I can work out who's been a naughty boy/girl

    all I want is a simple csv file that I can create daily and store away.

    I'm trying at the moment with syslog and sending the data to a syslog server which is working

    But data only shows me the wan ip's to the pfsense machine ip address not to the ip addresses on the network, it works if I block everything then the syslog reports that network ip xyz fail to reach wan abc, but with normal pass rules I can not get wan abc linked to network xyz addresses data in the log

    any help would be great as I can't find much out there

    running 2.2.1

    charles



  • One solution is to install Untangle in bridge mode inline with PFsense and your network…. i.e.

    Internet -> PFsense -> Untangle -> LAN.

    Untangle may give you the reporting you're looking for (e.g. bandwidth usage, top sites visited, top blocked sites, etc)



  • I've tried other packages like netflow analyser with softflowd but it's over complicated and still does not give what they call it conversations. at the moment I'm using ManageEngine syslog analyser with logs the traffic and errors etc but the pfsense is not sending the correct data.

    would having the network on separate vlans help,  would they then show up the Wan firewall with individual ports for each vlan ? or can you port an network ip address to a port on the wan firewall ??



  • This is what I mean the blocked shows the network ip and the wan ip but the pass only shows the ip of pfsense box how can I record the wan ip ?

    https://www.dropbox.com/s/gxgrxhp6ux11wvt/pfsense.jpg?dl=0


Log in to reply