Question About Log Files

Started by House Of Cards, September 29, 2024, 08:07:57 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 29, 2024, 08:07:57 AM
Hi there,

I switched from pfSense to OPNSense, and one thing that confuses me a bit is the logging of firewall rules.

In pfSense, I could use the default allow any rule and watch the logs to determine existing traffic, and then create rules based off the examined traffic...  In OPNSense, all I see in the live logs is the "Allow anything from the firewall host itself", even though I have rules created which are successfully routing traffic.

How can I exclude all these default rules from overwhelming the logs?

Thanks
September 29, 2024, 11:30:52 AM #1
Each rule can be configured to log or not. The "Default allow LAN to any rule" would be quite noisy, but you could do it temporarily enable it, I suppose. New rules would not log by default - you'd have to check the box when creating them.

If the automatically generated rules are causing too much noise in the live view, you could use filters to exclude them.
September 29, 2024, 06:23:33 PM #2
I think my confusion is with these default rules. 

If they are created by default, and can't be modified, why on earth does OPNSense clog your logs with them in the first place?

It makes setup so much more difficult.
September 29, 2024, 07:42:17 PM #3
You can enable/disable logging for the auto-generated rules under ,,Firewall" -> ,,Settings" -> ,,Advanced" (Section ,,Logging")
September 30, 2024, 12:43:23 AM #4
Thanks, that helps...   8)

Print
Go Up Pages1
User actions