Firewall Logs - What is Everyone Doing?

spetrillo · June 01, 2019, 07:08:33 PM

Hello all,

I am new to OPNsense and clearly there are logs that I would like to be able to review, from time to time, so make sure there is nothing getting through that I do not want. Keeping the logs on the firewall, long term, does not seem like a good idea. I am thinking of building a dedicated syslog server, to take in logs from the firewall and other network devices.

A couple of questions:

1) Do you have a syslog server app that you would recommend?
2) Is there a front end to Suricata that would allow me insight into what is going on from an IDS/IPS perspective?
3) Do you run NTOPNG on the OPNsense firewall or do you run it independently of the firewall?

Thanks,
Steve

bartjsmit · June 02, 2019, 09:10:40 AM

Hi Steve, check this thread: https://forum.opnsense.org/index.php?topic=6520.msg53160#msg53160

Bart...

spetrillo · June 02, 2019, 05:04:45 PM

Thank you sir!

Firewall Logs - What is Everyone Doing?

spetrillo

June 01, 2019, 07:08:33 PM

bartjsmit

June 02, 2019, 09:10:40 AM #1

spetrillo

June 02, 2019, 05:04:45 PM #2