Firewall Reporting Advice

[opendns@taylorco.net]

Hello All,

I am a new user to Opnsense and like the flow of the interface, but cannot seem to get reporting on what the firewall is doing the way I am use to. What I am trying to see is
List of all blocked connections, with IP, rule and country info
aggregate of blocked connections, with  with IP and country info

Ideally what I think all the solutions need is one dashboard/report that shows anything blocked and the reason, firewall, web filter, IPS, etc.


I am really interested in knowing how others are doing this or other reporting.

[fabian]

The best solution is an ELK stack (Elasticsearch, Logstash and Kibana)

With ES, you have a Document storage DB and Index - all services log to this DB.
Logstash acts as a central syslog server and forwards all log lines to ES - here is a more or less ready to use config: https://github.com/fabianfrz/opnsense-logstash-config
Kibana is a Tool to create dashboards etc. from ES data. You can do everything you mentioned there.

[opendns@taylorco.net]

Thanks, that seems to be a robust solution. For now I have decided to go a different direction.