OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: bunchofreeds on January 07, 2019, 01:33:22 am
-
Hello,
It would be good to have a widget to apply to the dashboard showing recent IPS alert activity. Maybe top rules hit within the last day or week or month.
In addition, it would also be good to have some reporting capability for the IPS located under the Menu Bar 'Reporting'. Maybe views offering something like what Snorby offered some time ago.
Being able to select historic views of what rules have been hit over specified time periods.
Top drops in the last hour, day, week, month...
Top alerts in the last hour...
Which sources and destinations are most frequently creating alerts again within specified time periods
Recent unique alerts within a date range
Obviously it would be ideal to have these reports allow direct updating and changing of IPS rules, but initially better visibility of which rules are being hit frequently etc. would be good.
Loving the product, have worked and played with multiple firewalls through Enterprise, SMB, Home and LAB and find OPNsense solid and easy to use. Been running it for about 2 Years now and have been very happy.
Thanks for all of the great work
Dan
-
I totally agree with you.
In general all the loging and reporting needs a complete rework.
At least having the ability to consume the logs propely
like having this fields to filter base on conditions
https://docs.sophos.com/nsg/sophos-firewall/v16058/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FSecurityPolicyEvents.html%23
https://community.sophos.com/kb/en-us/131951
For example firewall rule is X and source IP (is/is not/starts with/end with/etc)