Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Recommendation for analysing the Firewall Logs
« previous
next »
Print
Pages: [
1
]
Author
Topic: Recommendation for analysing the Firewall Logs (Read 5659 times)
binaryanomaly
Full Member
Posts: 163
Karma: 9
Recommendation for analysing the Firewall Logs
«
on:
April 29, 2020, 07:36:55 pm »
Hi,
My setup is quite fresh and I'm in progress of configuring the firewall rules etc. Therefore it's quite important to often consult the log to check what is being blocked that shouldn't etc.
What is the best/recommended way to analyze the firewall log to i.e. see what connection attempts have been blocked, how many, etc.
I find the live view quite good but it's only a live view and data is refreshed quite fast, means entries are often gone before I had a chance to inspect them. On the other I'd just want to have a summary of blocked connections etc. that I can verify at the end of the day or so. The plain log is a bit difficult to process visually.
How do you guys handle this? What additional tools, etc. do you use?
Thanks
PS: Mostly interested in simple, low effort solutions. I'm not sure I want to take the extra effort to maintain an ELK installation.
«
Last Edit: April 29, 2020, 07:49:57 pm by binaryanomaly
»
Logged
spetrillo
Hero Member
Posts: 721
Karma: 8
Re: Recommendation for analysing the Firewall Logs
«
Reply #1 on:
April 30, 2020, 08:33:14 pm »
I went down the ELK rabbit hole...and yes it is quite deep!
Logged
deputycag
Newbie
Posts: 14
Karma: 0
Re: Recommendation for analysing the Firewall Logs
«
Reply #2 on:
April 30, 2020, 09:08:44 pm »
I have been using papertrail. Seems easy and I can get away with free version. Also allows me to get email alerts when IPS blocks something.
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Recommendation for analysing the Firewall Logs
«
Reply #3 on:
May 01, 2020, 04:14:58 pm »
Thanks both for your answers.
Seems like there's only the choice between the very limited internal facilities or going down the ELK or other external solution rabbit hole, where I am still not sure I want to go.
Logged
lfirewall1243
Hero Member
Posts: 1386
Karma: 45
Re: Recommendation for analysing the Firewall Logs
«
Reply #4 on:
May 05, 2020, 03:23:43 pm »
Graylog is very good as well
Logged
(Unoffial Community) OPNsense Telegram Group:
https://t.me/joinchat/0o9JuLUXRFpiNmJk
PM for paid support
banana999
Newbie
Posts: 16
Karma: 0
Re: Recommendation for analysing the Firewall Logs
«
Reply #5 on:
May 06, 2020, 01:56:15 pm »
Check out PF ELK
https://github.com/3ilson/pfelk
Logged
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: Recommendation for analysing the Firewall Logs
«
Reply #6 on:
May 10, 2020, 12:51:10 pm »
Thanks all for the replies.
I have for now decided to give sensei a chance and rely more on it for the management of Application Level client traffic. It also comes with more advanced logging and monitoring capabilities built-in.
https://wiki.opnsense.org/vendor/sunnyvalley/sensei.html
That said it is not open source and the more advanced features are paid which I'm ok with.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Recommendation for analysing the Firewall Logs