Core: [Feature] Firewall live log improvements

Created on 26 Aug 2017  Â·  8Comments  Â·  Source: opnsense/core

Up to now I always used Sophos UTM (free edition) as firewall/router VMs, because they were one of the first to natively support Hyper-V. I am now switching to OPNsense.

One thing I miss is Sophos UTM's live firewall log (see screenshot). I know there is the Dynamic View in OPNsense, but IMHO UTM's version is much more clearly laid out (although the look is a bit old-fashioned) and functional in order to see what's going on.

2017-08-26 14_02_09-clipboard

What I would like to see in OPNsense:

  • Live view opened directly from the rules view in a new browser window, so I can change firewall rules and see the effect immediately without switching back and forth
  • Color coding of the whole row for pass (green), reject/drop (red) - that way you don't have to find and parse the symbol to see what's going on (but keep the symbol for colorblind people)
  • Display the description of the rule that caused the action (not just the number like @14)
  • Filter for the live view (doesn't have to be the full blown multi-field filter from Normal View - a simple text filter would be sufficient)
  • show more than 50 events and let me scroll back to old ones (browser should be good for at least 1000 lines)
  • Reverse the sort order (optionally) so that newest events are shown at the bottom (but autoscroll there)
feature
Source
picture StrikerTwo

Most helpful comment

Having just upgraded my first OPNsense box I just wanted to say thank you. I love the new live log ;)

picture StrikerTwo on 5 Feb 2018
2

All 8 comments

almost finished, a small teaser....
image

image

It has some limitations, the most important one is the label will only be valid for the running configuration, the log data doesn't contain a reference to the rule other then it's rule number (which may change after load).

AdSchellevis picture AdSchellevis on 3 Nov 2017
👍1

@AdSchellevis for CI it would be better if the table would match the rest of the pages (only the play button is green). Also the (i) could be a button or removed if the line is clickable.

For future reasons:
Array fields in the model have an UUID which can be used in the firewall and the view can restore the original values. This way the displayed value would always match.

fabianfrz picture fabianfrz on 3 Nov 2017

I like it. :) Name with parenthesis looks a bit odd, „Firewall Live Log“ sounds best.

On 4. Nov 2017, at 05:22, Fabian Franz, BSc. notifications@github.com wrote:

@AdSchellevis for CI it would be better if the table would match the rest of the pages (only the play button is green). Also the (i) could be a button or removed if the line is clickable.

For future reasons:
Array fields in the model have an UUID which can be used in the firewall and the view can restore the original values. This way the displayed value would always match.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.

fichtner picture fichtner on 4 Nov 2017

It has some rough edges, but it's almost finished. "Firewall Live Log" sounds good, I will replace the caption. The colouring might need some work, probably a bit too bright at the moment, the different table styling is intentional (our default tables are a bit to large for this purpose).
Replacing the (i) with a button might help increase visibility, I'll try that out later.

The uuid's are indeed practical, but since not stored in pf itself, they won't help us here (but we could consider changing the filterlog part to capture some more info which isn't available at kernel level).... Not for now, maybe later.

AdSchellevis picture AdSchellevis on 4 Nov 2017

Wow, great work! I like it already.

StrikerTwo picture StrikerTwo on 4 Nov 2017

image

We still need cleanups to remove the old dynamic view and related legacy code, but the functionality should work now.
I've brightened the colours a bit more to increase text contrast.

In case anybody want to test the new functionality, use the following commands to replace the old dynamic view for the new live firewall log view:

opnsense-patch d567d90
curl -o /usr/local/opnsense/site-python/log_helper.py https://raw.githubusercontent.com/opnsense/core/master/src/opnsense/site-python/log_helper.py 

opnsense-patch 97fb966 a0cb9c9 3765909 7c8f799 3b23174 d69f503 694e1a9 7089383 eeb7cc0  e580afe 64663a9 ca79e25  eedf24c c62616e  

service configd restart

(I had some issues pulling log_helper in via opnsense-patch, hence the curl)

AdSchellevis picture AdSchellevis on 5 Nov 2017

All done, thanks!

fichtner picture fichtner on 17 Dec 2017

Having just upgraded my first OPNsense box I just wanted to say thank you. I love the new live log ;)

StrikerTwo picture StrikerTwo on 5 Feb 2018
2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

mimugmail picture mimugmail  Â·  6Comments
Kimotu picture Kimotu  Â·  9Comments
maurice-w picture maurice-w  Â·  4Comments
sooslaca picture sooslaca  Â·  5Comments
Kimotu picture Kimotu  Â·  4Comments