Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Suggestions to how log states

    General pfSense Questions
    4
    7
    1723
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bullet92 last edited by

      Hi to all. For law requirements I need to log connection that passes through my pfSense that act as router and NAT with this information:
      Date&Time - Private IP (LAN) and port - Destination IP and port. On linux conntrack can perform this works, on pfSense what I could use?

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly last edited by

        You can send the firewall logs off to a remote syslog server. I use ELK for this, though there are plenty of syslog servers which will do the same job. http://www.networkassassin.com/elk-for-network-operations/

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          What country are you in??  What is the point of logging the private IP..  Do you log who has what specific private IP and specific times?

          This is just such 1984 world type of requirement that its not even funny…

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

          1 Reply Last reply Reply Quote 0
          • F
            firewalluser last edited by

            In the UK the Govt passed a new consumer rights law a short while ago which amongst other things, if an individual gets infected with a malware/virus or hacked from a legitimate online provider, beit buying and selling software online, streaming movies like from Amazon or netflix, even simply accessing a website to do some online shopping, the consumer can now seek compensation over and above just get the problem rectified. I suspect its in case they cant get the spooks charter through parliament which basically gives GCHQ to hack UK based individuals and companies and increases the logging etc.

            In other words its in the interests of all UK consumers to have good systems to detect any problems to seek compensation, and its in the interests of anyone doing business online in the UK to make sure their systems dont get hacked and unknowingly become a distributor of any malware/viruses etc etc.

            The UK has always been 1984, its probably one of the things it leads the world in along with hacking and lying. I've always been of interest to the spooks because my uncle was the first person to bring a modem into the UK and even BT was using his trademark Voyager on their routers at one point, hence why I see so much hacking on my systems.

            Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

            Asch Conformity, mainly the blind leading the blind.

            1 Reply Last reply Reply Quote 0
            • M
              muswellhillbilly last edited by

              For my part, monitoring the network in this way is to keep a lookout for malware outbreaks. Particularly if they create so much traffic they start to have an effect on the rest of the network.

              http://www.gfi.com/blog/reasons-monitor-internet-usage-organization/

              1 Reply Last reply Reply Quote 0
              • B
                bullet92 last edited by

                @muswellhillbilly:

                You can send the firewall logs off to a remote syslog server. I use ELK for this, though there are plenty of syslog servers which will do the same job. http://www.networkassassin.com/elk-for-network-operations/

                WOW! Looks really wonderful  ;D it can also store this data? I will try this software thx  ;)
                BTW this is new for me! I'm already using a remote syslog for store firewall log, I did not know that pfSense through syslog send also this data states.

                @muswellhillbilly:

                For my part, monitoring the network in this way is to keep a lookout for malware outbreaks. Particularly if they create so much traffic they start to have an effect on the rest of the network.

                http://www.gfi.com/blog/reasons-monitor-internet-usage-organization/

                Yeah, i really quote this. One day, casually, I saw too much states in pfSense home and the most of that was on a customer that was opening thousand connection with destination port 3389 and incremental destination IPs. Obviusly it was a BOT fault on a windows xp "server"  :o

                @johnpoz:

                What country are you in??  What is the point of logging the private IP..  Do you log who has what specific private IP and specific times?

                This is just such 1984 world type of requirement that its not even funny…

                I'm in Italy. I have to be able to demonstrate that a particular illegal internet activity that may be performed by customer through Public IP can be "translated" into the corresponding Private IP.

                Pls sorry for my english  :D

                1 Reply Last reply Reply Quote 0
                • B
                  bullet92 last edited by

                  After some time I have finally installed my ELK log system ( I need only to adjust the appearance ) and obviously  it doesn't log all traffic by default (states are not sent trough syslog) but you need to mark in every firewall rules "Log packets that are handled by this rule".
                  I know that this thread is old, but it can be useful for those looking for logging states know this.
                  PS: ELK seems hard to configure, but the result seems to be amazing  ;D

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post