Hello All,
I am a new user to Opnsense and like the flow of the interface, but cannot seem to get reporting on what the firewall is doing the way I am use to. What I am trying to see is
List of all blocked connections, with IP, rule and country info
aggregate of blocked connections, with with IP and country info
Ideally what I think all the solutions need is one dashboard/report that shows anything blocked and the reason, firewall, web filter, IPS, etc.
I am really interested in knowing how others are doing this or other reporting.
The best solution is an ELK stack (Elasticsearch, Logstash and Kibana)
With ES, you have a Document storage DB and Index - all services log to this DB.
Logstash acts as a central syslog server and forwards all log lines to ES - here is a more or less ready to use config: https://github.com/fabianfrz/opnsense-logstash-config
Kibana is a Tool to create dashboards etc. from ES data. You can do everything you mentioned there.
Thanks, that seems to be a robust solution. For now I have decided to go a different direction.