How to read/analyze a firewall plain text log?
I am struggling to understand my firewall plain text log.
I didn't find any satisfying documentation as well.
Please help me understand the following example line:
2021-01-26T18:05:36 filterlog[89794] 16,,,0,pppoe0,match,block,in,4,0x40,,54,0,0,DF,17,udp,92,188.166.xxx.xxx,yyy.yyy.yyy.yyy,15585,29745,72
While written for pfSense, this should help: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html#bnf-grammar
That said, you get a more user-friendly presentation of the log information by click on the "information" icon at the end of a log entry in the Live View. Comparing that information and the information in the corresponding plain view entry would also help in deciphering the plain view entry
Or use https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt
Cheers,
Franco
That's more on point! [emoji23]
Both work, depends on taste and habits. :)
Cheers,
Franco
Quote from: Greelan on January 26, 2021, 10:28:03 PM
While written for pfSense, this should help: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html#bnf-grammar
That said, you get a more user-friendly presentation of the log information by click on the "information" icon at the end of a log entry in the Live View. Comparing that information and the information in the corresponding plain view entry would also help in deciphering the plain view entry
QuoteOr use https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt
Cheers,
Franco
Thank you
Greelan (https://forum.opnsense.org/index.php?action=profile;u=26169) &
Franco (https://forum.opnsense.org/index.php?action=profile;u=10) :)
Now I'm going to open new thread. I need some help to get my SIP phone working....