How to read / analyze firewall plain text log?

[alexroz]

How to read/analyze a firewall plain text log?
I am struggling to understand my firewall plain text log.
I didn't find any satisfying documentation as well.
Please help me understand the following example line:

Code Select Expand

2021-01-26T18:05:36    filterlog[89794]    16,,,0,pppoe0,match,block,in,4,0x40,,54,0,0,DF,17,udp,92,188.166.xxx.xxx,yyy.yyy.yyy.yyy,15585,29745,72

[Greelan]

While written for pfSense, this should help: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html#bnf-grammar

That said, you get a more user-friendly presentation of the log information by click on the "information" icon at the end of a log entry in the Live View. Comparing that information and the information in the corresponding plain view entry would also help in deciphering the plain view entry

[franco]

Or use https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt


Cheers,
Franco

[Greelan]

That's more on point! [emoji23]

[franco]

Both work, depends on taste and habits. :)


Cheers,
Franco

[alexroz]

While written for pfSense, this should help: https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html#bnf-grammar

That said, you get a more user-friendly presentation of the log information by click on the "information" icon at the end of a log entry in the Live View. Comparing that information and the information in the corresponding plain view entry would also help in deciphering the plain view entry

Or use https://github.com/opnsense/ports/blob/master/opnsense/filterlog/files/description.txt


Cheers,
Franco

Thank you Greelan &  Franco :)

Now I'm going to open new thread. I need some help to get my SIP phone working....