Quick Syslog question
Should the data logged through Pfsense's syslog (raw log or not) transfer any information concerning the traffic? I have it pointed at Managed Engine Firewall Analyzer and it is reading the log correct but basically only showing events. Would I have to log SNMP to get traffic information?
I have been able to get FWA to read the logs correctly now. The only thing is that it does not report on the 'Live Report' (traffic). Support said this:
"Firewall Analyzer will populate the 'Live Reports' based on the log field 'duration'. I believe that your Pfsense 1.2 device logs doesn't contain the duration information for each transaction. Below is the sample log record of a Fortigate device for which FWA is populating the LiveReports.
<189>date=2006-06-09 time=14:56:05 devname=Fortigate-1000A device_id=FGT1KA2606500011 log_id=0021010001 type=traffic subtype=allowed pri=notice vd=root SN=3797866 duration=10 user=N/A group=N/A policyid=16 proto=6 service=80/tcp status=accept src=18.104.22.168 srcname=22.214.171.124 dst=126.96.36.199 dstname=188.8.131.52 src_int=port1 dst_int=port10 sent=1347 rcvd=4995 sent_pkt=8 rcvd_pkt=8 src_port=2907 dst_port=80 vpn=N/A tran_ip=0.0.0.0 tran_port=0 dir_disp=org tran_disp=noop
FWA will populate the predefined reports [traffic, Protocol usage, etc.,] in the name/IP of the device from which it receives the syslogs."
Is this something that FreeBSD (or just pfsense) doesnt log?
I love the replies! ;)
It looks like Freebsd does not use that field so its more than likely a lost cause. Does anyone know if Freebsd/pfsense just monitors traffic through SNMP only?