Logging solution for Captiva portal?

itchy · Sep 6, 2015, 6:06 PM

Hi,

i am looking for a logging solution for user with are connected via the captiva portal.

What I did:

installed the syslog-ng, enabled it on all interfaces, and configured pfSense to use a logging server on 127.0.0.1. This is working not bad, but in the log files i have no access names from the users. So i can see the ip adresses (source and destination) but I cannot see the corresponding user Name.

Are there possibilities to add them into the log file? are there any additional logging possibilities for the Captiva Portal users? I don't want to use an external logging server, as this is a test setup at the moment.

Why I want to do this? I need to keep the Logs even if the system restarts etc.

KR
Itchy

Gertjan · Sep 6, 2015, 9:20 PM

Hi,

I'm using the captive portal also, and it does log "user names" to its log.
Status: System logs: Portal Auth
Everything is there already.

Like:

Sep 6 23:10:16 logportalauth[77559]: Zone: cpzone1 - TIMEOUT: 211, 28:e3:47:a1:2d:xx, 192.168.2.81
Sep 6 22:41:28 logportalauth[75466]: Zone: cpzone1 - LOGIN: 110, d8:3c:69:d3:b5:xx, 192.168.2.233
Sep 6 22:07:57 logportalauth[96218]: Zone: cpzone1 - TIMEOUT: 203, 00:1c:bf:8c:87:xx, 192.168.2.113
Sep 6 21:42:35 logportalauth[75466]: Zone: cpzone1 - FAILURE: 102, ac:3c:0b:0d:32:xx, 192.168.2.88
Sep 6 21:42:08 logportalauth[68588]: Zone: cpzone1 - FAILURE: 102, ac:3c:0b:0d:32:xx, 192.168.2.88
Sep 6 21:38:42 logportalauth[68588]: Zone: cpzone1 - FAILURE: 102, ac:3c:0b:0d:32:xx, 192.168.2.88
Sep 6 21:38:09 logportalauth[75466]: Zone: cpzone1 - FAILURE: 102, ac:3c:0b:0d:32:xx, 192.168.2.88
Sep 6 17:42:46 logportalauth[75466]: Zone: cpzone1 - LOGIN: 211, 28:e3:47:a1:2d:xx, 192.168.2.81
Sep 6 17:24:50 logportalauth[68588]: Zone: cpzone1 - LOGIN: 203, 00:1c:bf:8c:87:xx, 192.168.2.113
Sep 6 16:28:24 logportalauth[75466]: Zone: cpzone1 - LOGIN: 112, b8:ff:61:be:14:xx, 192.168.2.135

When pfSEnse restart, this log isn't wiped.
True, I do use an external syslog for archive reasons - I'm not running syslog on my pfSEnse box.

itchy · Sep 14, 2015, 8:51 PM

Hi yes thanks. After rebooting the problem is solved. btw: your Log looks much sorted and cleand than my do. My formatting is total "ugly". >:(

Derelict · Sep 14, 2015, 9:21 PM

How are you looking at the logs?

They are not flat text files like normal syslog. The are circular. You need to view them using the clog command.

Gertjan · Sep 15, 2015, 7:10 AM

@itchy:

…. btw: your Log looks much sorted and cleand than my do. My formatting is total "ugly". >:(

Use the GUI to see them ;D

To show them on the forum, use the # BB-code. (```
..... [[i]/CODE])

Gertjan · Sep 15, 2015, 7:14 AM

@Gertjan:

@itchy:

…. btw: your Log looks much sorted and cleand than my do. My formatting is total "ugly". >:(

Use the GUI to see them ;D

To show them on the forum, use the # BB-code.