Log traffic length for upload and download



  • Hello everybody,
    I'm trying to analyze logs of pfsense firewall, but I'm missing something… I would expect two "lenght" fields for each log: inbound traffic length and outbound traffic length, with this I could sum and distinguish upload from download.
    If I'm connecting to google and downloading an image I will find my ip address as source, google ip address as destination and length as download size. In the opposite case if I upload something to google data length will be refered to upload size but both source and destination are the same of the previous case.

    What I'm missing? Is it impossibile to distinguish upload traffic from download traffic?

    Thank you.



  • I add a little appendix.
    I'm logging all firewall rules, and all logs are sent to remote syslog server. In these logs I expect to monitor everything passing across the firewall, but the packets length does not match the bandwith consumption shown in pfsense dashboard… If my Lan has a 4MB/s traffic for a while in firewall logs the packet sizes sum has a lower value.  :o Can you tell my why or why my expectations are wrong?

    Thank you!



  • AFAIK when logging a pass rule, a log entry is only created when the first SYN packet is seen that creates the state. After that the packets matching the state flow freely and are not logged. So that will make it not possible to use the firewall rule logs as a bandwidth/download quota monitor.
    Others please confirm or deny…



  • Oh my god…  anyway thanks for your reply.



  • Definitively there is no way to monitor traffic usage by system logs?



  • Please somebody can tell me if there is another way to log bandwidth consumption with ip source/destination details?



  • A package like Bandwidthd or NtopNG?  Try the Traffic Monitoring forum.


Log in to reply