PfBlocker log format
-
Hi All,
I have pfBlocker 1.0.2 on pfSense 2.1.5 (haven't made the 2.2 upgrade yet). I also recently started exporting my logs to a server running ELSA. However I've noticed that the blocked packet logs are rather useless (see screenshot). They state a rule number that was blocked, but no text. So I still have to go to my pf page to check what happened.
SO, does anyone know if the new version of pfBlocker adds more useful logs with text strings? And if not, would it be possible to somehow make the logging format customizeable? A hack on my end or a feature request?
-
pfBlocker does not log anything. It creates firewall rules. Logging and its format is core pf. And no, there is no decription text in pfSense 2.2.x either. If you want description, stop using raw logs.
-
Yes unfortunately, pfSense Syslogs do not contain the "Description" field in its output. I know that user "fearnothing" has written a parser (pfsense 2.2) for ELSA. Its available here:
https://groups.google.com/forum/#!topic/security-onion/P4oALAvH-Ek
-
Thank you BBcan! I'll look into that this weekend. I appreciate the helpful answer :)
