Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Wazuh - firewall filterlog - include label in the log message?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Wazuh - firewall filterlog - include label in the log message? (Read 219 times)
proutfoo
Newbie
Posts: 8
Karma: 0
Wazuh - firewall filterlog - include label in the log message?
«
on:
September 24, 2024, 12:24:28 am »
Hello,
The firewall live view is a super tool and has alot of info when it comes to blocks. I am using wazuh and I am successfully getting logs sent to wazuh from the opnsense router.
I note however that some interesting info is not sent, specifically the name of the interface (the devicename yes, not the common name), and also the label. Here is an example log message
Sep 22 23:51:06 OPNsense.localdomain filterlog[95260]: 107,,,2956dfb9e11c9187b293c85d71232195,vtnet0,match,block,in,4,0x0,,63,30380,0,none,6,tcp,60,172.25.25.12,158.xxx.xxx.xxx,57610,443,0,S,1541627095,,64240,,mss;sackOK;TS;nop;wscale
so although I blocked 158.xxx.xxx.xxx, I can't see in wazuh or in the syslog. In this particular case, 158.xxx.xxx.xxx is in a Alias definition.
It would be super cool to have this label and perhaps even the interface common names logged. I have to log into the OPNsense router to learn more about any blocks that I am logging.
I am open to other ways to get this info via the wazuh agent? Cheers and thanks for your help
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
Wazuh - firewall filterlog - include label in the log message?