pfSense Firewall Log Auditing
Firewalls continuously monitor the incoming and outgoing traffic through a network, and based on the defined set of rules, it either blocks or allows access. pfSense is an open source firewall and router based on FreeBSD. It is commonly deployed on a physical computer or a virtual machine to act as a perimeter firewall, router, wireless access point, and virtual private network (VPN) endpoint.
Auditing pfSense devices with EventLog Analyzer
EventLog Analyzer is a log management tool which collects logs from pfSense devices, analyzes events, and generates reports. It also allows administrators to set up alerts for changes in firewall configurations, policies, and more. The following features in EventLog Analzyer let administrators easily monitor pfSense devices in their network:
- An interactive, easy-to-use interface.
- More than 40 reports exclusive to pfSense firewalls covering traffic and threats.
- Reports in graph, list, and table formats along with the option to drill down and view the underlying information.
- Custom reports with scheduling and exporting options.
- Real-time email and SMS alerts for all events of interest.
- Powerful log forensics that enable robust searches with many flexible options.
pfSense log analysis reports
EventLog Analyzer offers the following reports for pfSense devices:
pfSense Firewall Traffic Reports: EventLog Analyzer processes pfSense traffic logs and offers insights on the allowed and denied traffic with details on the source, destination, port, and protocol.
pfSense Logon Reports: Monitor successful and failed pfSense logons. Identify the most used devices as well as the users who access your pfSense devices the most. Monitoring access helps you keep device usage and activity in check.
pfSense IDS/IPS Reports: Guard your network against attacks with security reports based on pfSense IDS/IPS logs. View a list of positively identified attacks as well as potential threats in your network that merit investigation.
pfSense Threat Reports: These reports detail various attack types, such as URL filtering, flood attacks, spyware downloads, and more, which are useful in protecting the network from breach attempts.
pfSense Severity Reports: These reports classify log information by severity and are useful for accessing all events (including emergency, error, critical, alert, warning, notice, information, and debug events) in a single click.
pfSense Configuration Reports: These reports help you ensure your pfSense firewalls are configured properly and track link state changes.
pfSense System Events: These reports help you track system reboots, startups and shutdowns, and ensure that your pfSense firewalls are running smoothly without experiencing unexpected shutdowns or reboots.
Supported Firewalls, NGFWs, IDS, and IPS