OPNsense Forum

English Forums => General Discussion => Topic started by: opendns@taylorco.net on June 01, 2018, 08:23:16 pm

Title: Firewall Reporting Advice
Post by: opendns@taylorco.net on June 01, 2018, 08:23:16 pm

Hello All,

I am a new user to Opnsense and like the flow of the interface, but cannot seem to get reporting on what the firewall is doing the way I am use to. What I am trying to see is
List of all blocked connections, with IP, rule and country info
aggregate of blocked connections, with  with IP and country info

Ideally what I think all the solutions need is one dashboard/report that shows anything blocked and the reason, firewall, web filter, IPS, etc.


I am really interested in knowing how others are doing this or other reporting.

Title: Re: Firewall Reporting Advice
Post by: fabian on June 01, 2018, 09:59:10 pm

The best solution is an ELK stack (Elasticsearch, Logstash and Kibana)

With ES, you have a Document storage DB and Index - all services log to this DB.
Logstash acts as a central syslog server and forwards all log lines to ES - here is a more or less ready to use config: https://github.com/fabianfrz/opnsense-logstash-config
Kibana is a Tool to create dashboards etc. from ES data. You can do everything you mentioned there.

Title: Re: Firewall Reporting Advice
Post by: opendns@taylorco.net on June 06, 2018, 06:33:04 pm

Thanks, that seems to be a robust solution. For now I have decided to go a different direction.