1. Home
  2. pfSense Packages
  3. PfBlocker log format

PfBlocker log format

  • B

    Hi All,

    I have pfBlocker 1.0.2 on pfSense 2.1.5 (haven't made the 2.2 upgrade yet). I also recently started exporting my logs to a server running ELSA. However I've noticed that the blocked packet logs are rather useless (see screenshot). They state a rule number that was blocked, but no text. So I still have to go to my pf page to check what happened.

    SO, does anyone know if the new version of pfBlocker adds more useful logs with text strings? And if not, would it be possible to somehow make the logging format customizeable? A hack on my end or a feature request?

    0
  • D
    Banned

    pfBlocker does not log anything. It creates firewall rules. Logging and its format is core pf. And no, there is no decription text in pfSense 2.2.x either. If you want description, stop using raw logs.

    0
  • BBcan177
    Moderator

    Yes unfortunately, pfSense Syslogs do not contain the "Description" field in its output. I know that user "fearnothing" has written a parser (pfsense 2.2) for ELSA. Its available here:

    https://groups.google.com/forum/#!topic/security-onion/P4oALAvH-Ek

    0
  • B

    Thank you BBcan! I'll look into that this weekend. I appreciate the helpful answer :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy