TUI for viewing and analysing OPNsense filter/firewall logs

Started by allddd, November 27, 2025, 12:48:37 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3
User actions
June 19, 2026, 08:29:03 AM #30
Quote from: allddd on June 18, 2026, 08:05:09 PMou can now open multiple files or pipe data via stdin, and it all shows up in one view like it's a single log.
Perfect, thanks. I don't have 40G of logs, that won't be an issue for me :)
Deciso DEC740
June 22, 2026, 06:32:52 PM #31
Quote from: lmoore on June 19, 2026, 04:48:46 AMOne feature I would find helpful is the inclusion of the rule descriptions, ideally in the main view or at least in the details view and also when '-j' option is used.

I've looked into it and it'd be nice, but the filter log doesn't contain the description. The only thing I can think of is to use the rule id from the log to somehow find the description somewhere else.

/conf/config.xml has descriptions of rules you've added manually, but default rules aren't there. The rules in there are also referenced by a uuid, not by the rule id from the log. I don't know of any other place that has the rule id and the description (of all rules).

If anyone knows a better way to do this, I'd be open to adding this.
Today at 02:50:08 AM #32
Quote from: allddd on June 22, 2026, 06:32:52 PM/conf/config.xml has descriptions of rules you've added manually, but default rules aren't there. The rules in there are also referenced by a uuid, not by the rule id from the log. I don't know of any other place that has the rule id and the description (of all rules).

Before posting the other day, I searched my firewall for another file containing the rule UUID and Description fields. The only other file I located on the system which contains the information, and is current, is /tmp/rules.debug. The GUI Live View is obtaining the information from somewhere.

Unless someone can advise where Live View obtains the information, perhaps creating and using a database reference file from either /tmp/rules.debug or the API, and regenerating it when a time-stamp changes.

On a side note, last Saturday I added a new VLAN interface to my system and enabled a DHCP server on it then included it to an existing Firewall Group. Later in the day I noticed some unexpected entries in Live View where a rule logs the allowed connection and then another line logged immediately after, which references an unrelated block rule. These entries also appeared in opnsense-filterlog. To overcome the problem OPNsense was rebooted.
Print
Go Up Pages 1 2 3
User actions