Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Feature Request: Centralized Logging / Dashboard
« previous
next »
Print
Pages: [
1
]
Author
Topic: Feature Request: Centralized Logging / Dashboard (Read 3473 times)
guest23448
Guest
Feature Request: Centralized Logging / Dashboard
«
on:
February 28, 2020, 11:32:31 am »
Hi all
How do you visualize the log information of all modules (Firewall, IPS, Proxy, Antivirus, Sensei, other security features)? Is there an easy way without having dedicated log servers and tools?
Wouldn't it be nice to have those information at leas locally in OPNsense "centralized" and visualize related alert information in the Dashboard (e.g. few KPIs like total number of alerts, unseen alerts, alerts per device etc.) and a filterable detail table?
In my point of view, analyzing alerts is currently really decentralized per plugin (and even there you can have more than 1 log) so that monitoring is a pain, not?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: Feature Request: Centralized Logging / Dashboard
«
Reply #1 on:
February 28, 2020, 02:02:52 pm »
You'd need a SIEM system for this (with centralized logging).
Putting this locally would consume too much ressources ...
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
guest23448
Guest
Re: Feature Request: Centralized Logging / Dashboard
«
Reply #2 on:
February 28, 2020, 03:06:53 pm »
Agree with SIEM - if we talk about more than 1 appliance.
I'am not talking about complicated drill-down reports, cross-comparisons or automated reaction (protection mechanisms) - although it would be nice. Just displaying all events in a centralized table / widget (e.g. based on syslog). On lowest level, it can also be dedicated widgets per service to display alert info in a similar design whereas you can arrange those by yourself.
Currently, widgets for IPS, Proxy, ICAP Antivirus are missing and the one for Sensei is in a total different design compared to the one from the firewall (the widget for the firewall is the best in my point of view because you can config the update frequency and filter to see the "blocked" only). If all widgets would be available and more aligned, you can customize a useful dashboard.
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Feature Request: Centralized Logging / Dashboard
«
Reply #3 on:
April 29, 2020, 10:51:57 pm »
+1
Agree this would be nice.
Wouldn't have to come with bells and whistles just a central place where all comes together in simple table views with some basic filtering capabilities.
This would make daily due diligence convenient for the average user that may not want to invest the time to setup and maintain an additional ELK server.
Logged
l0rdraiden
Jr. Member
Posts: 59
Karma: 4
Re: Feature Request: Centralized Logging / Dashboard
«
Reply #4 on:
May 09, 2020, 03:56:52 pm »
https://github.com/opnsense/core/issues/4065
Comment here
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Development and Code Review
(Moderator:
fabian
) »
Feature Request: Centralized Logging / Dashboard
