Hi everyone
Since I couldn't find a simple way to quickly analyse filter logs, I've been writing a TUI in Go for this over the past few months. It's come a lot further than I first expected, so I decided to share it in case anyone else needs something like this.
It's called opnsense-filterlog and it's basically a TUI similar to a pager like less in terms of navigation, but with color output and search/filtering features that are better suited for firewall logs. The filter syntax is similar to tcpdump and pretty simple, but still lets you filter out all log entries you (don't) want to see, e.g.:
(src 192.168.1.1 or src 192.168.1.2) and action block and not proto udp
It's a simple binary with no dependencies that runs on OPNsense itself. I tried to make it as memory and resource efficient as possible, so it should be able to handle huge log files, even on low-spec devices.
In case anyone is interested, there is more documentation in the repo: https://gitlab.com/allddd/opnsense-filterlog (https://gitlab.com/allddd/opnsense-filterlog)
Figured I'd share this here, maybe it'll save someone a bit of time digging through logs.