Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Log only rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: Log only rule (Read 2643 times)
marioeirea
Newbie
Posts: 1
Karma: 0
Log only rule
«
on:
April 09, 2019, 09:01:39 pm »
Greetings all,
Looking for a way to log traffic and then send it along to the rest of the firewall rules. Basically, I created a GeoIP alias and want to see traffic that hits that rule then passed along. Hopefully without having to make a special case for all the firewall rules already in place. Found a similar discussion over at the pfsense forum but I believe the behavior is a little different on the opnsense.
https://forum.netgate.com/topic/69604/log-only-rule/2
Help is greatly appreciated.
Logged
ToFu
Newbie
Posts: 8
Karma: 0
Re: Log only rule
«
Reply #1 on:
July 02, 2021, 08:09:29 am »
Hi all,
have the same problem and can not find a needable solution.
I only want to look after some ip subnets, what comes in or goes out.
No blocking, only viewing.
The logfile evaluation is actually being made with grafana/loki.
Possible solutions for me could be:
1. log only rule in opnsense
2. filter by ip subnets in a grafana/loki combination
Both should be not work at this moment.
Any ideas?
Thanks in advance.
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Log only rule
«
Reply #2 on:
July 02, 2021, 08:42:10 am »
The pf directive "match" was never available for FreeBSD. I don't know if this is a historic oversight on the pfSense side but eventually we decided to remove it since there is no support for it in our ecosystem.
https://github.com/opnsense/changelog/blob/95adc9fbdb985502ea50d7f4efc48a402e8183b1/community/16.1/16.1.16#L63-L64
So, yes, you need to use a pass rule or enable alias statistics depending on what you are looking for.
Cheers,
Franco
Logged
ToFu
Newbie
Posts: 8
Karma: 0
Re: Log only rule
«
Reply #3 on:
July 02, 2021, 09:10:05 am »
Hi Franco,
first thx for your fast answer.
How does this alias statistics work?
Can i track anything about this ip subnets (alias), even if the alias is not used in any firewall rule?
I can not find anything about the statistics in the alias section of the manual.
I have some firewall rules to allow only specific ports to the outside.
If i pass all ports to this alias only to get the logs, thats not target oriented.
Thanks in advance
Logged
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: Log only rule
«
Reply #4 on:
July 02, 2021, 09:30:02 am »
> If i pass all ports to this alias only to get the logs, thats not target oriented.
I think you don't understand the difference between statistics and logs. Or at least it looks like statistics are not what you are looking for anyway...
To use alias statistics the traffic obviously needs to hit the rule using the alias. Where this shines is when you have multiple rules and you get aggregated statistics via Firewall: Diagnostics: pfTables for each entry separately (packets in/out, bytes in/out). It really depends on the use case.
Long story short the pass rule logging is your safest bet to get if you need the source address of your requests.
Cheers,
Franco
Logged
ToFu
Newbie
Posts: 8
Karma: 0
Re: Log only rule
«
Reply #5 on:
July 02, 2021, 09:43:21 am »
Hi Franco,
thx.
I understand, there is no solution possible for my special task.
So i have to look for another way of log analysis.
Thank you.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Log only rule