TUI for viewing and analysing OPNsense filter/firewall logs

[allddd]

Hi everyone

Since I couldn't find a simple way to quickly analyse filter logs, I've been writing a TUI in Go for this over the past few months. It's come a lot further than I first expected, so I decided to share it in case anyone else needs something like this.

It's called opnsense-filterlog and it's basically a TUI similar to a pager like less in terms of navigation, but with color output and search/filtering features that are better suited for firewall logs. The filter syntax is similar to tcpdump and pretty simple, but still lets you filter out all log entries you (don't) want to see, e.g.:

(src 192.168.1.1 or src 192.168.1.2) and action block and not proto udp

It's a simple binary with no dependencies that runs on OPNsense itself. I tried to make it as memory and resource efficient as possible, so it should be able to handle huge log files, even on low-spec devices.

In case anyone is interested, there is more documentation in the repo: https://gitlab.com/allddd/opnsense-filterlog

Figured I'd share this here, maybe it'll save someone a bit of time digging through logs.

[patient0]

Thanks for posting the viewer, I gave it a go and do like it.  I like the navigation in the TUI.

If I could have a wish :) or two:

• my screen is quite small (1280x800) and not all columns fit on the screen. It would be helpful if I could scroll horizontally with e.g. either the left/right arrow keys and/or 'h'/'l' (like in vim).
• right now filtering for 'proto ip6' doesn't show any results. But filtering for 'proto ip' shows only the ip6 traffic. I would prefer if 'proto ip' would show the ipv4 entries and 'proto ip6' the ipv6. Maybe even a shortcut like in 'pftop' 'ip' and 'ip6' showing the ipv4 and ipv6 entries.