Quick Syslog question



  • Should the data logged through Pfsense's syslog (raw log or not) transfer any information concerning the traffic?  I have it pointed at Managed Engine Firewall Analyzer and it is reading the log correct but basically only showing events.  Would I have to log SNMP to get traffic information?

    Thanks!



  • I have been able to get FWA to read the logs correctly now.  The only thing is that it does not report on the 'Live Report' (traffic).  Support said this:

    "Firewall Analyzer will populate the 'Live Reports' based on the log field 'duration'. I believe that your Pfsense 1.2 device logs doesn't contain the duration information for each transaction. Below is the sample log record of a Fortigate device for which FWA is populating the LiveReports.

    <189>date=2006-06-09 time=14:56:05 devname=Fortigate-1000A device_id=FGT1KA2606500011 log_id=0021010001 type=traffic subtype=allowed pri=notice vd=root SN=3797866 duration=10 user=N/A group=N/A policyid=16 proto=6 service=80/tcp status=accept src=163.1.217.95 srcname=163.1.217.95 dst=217.12.4.96 dstname=217.12.4.96 src_int=port1 dst_int=port10 sent=1347 rcvd=4995 sent_pkt=8 rcvd_pkt=8 src_port=2907 dst_port=80 vpn=N/A tran_ip=0.0.0.0 tran_port=0 dir_disp=org tran_disp=noop

    FWA will populate the predefined reports [traffic, Protocol usage, etc.,] in the name/IP of the device from which it receives the syslogs."

    Is this something that FreeBSD (or just pfsense) doesnt log?



  • I love the replies!  ;)

    It looks like Freebsd does not use that field so its more than likely a lost cause.  Does anyone know if Freebsd/pfsense just monitors traffic through SNMP only?


Log in to reply