Firewall traffic log "live view" for rule debugging

TheLinuxGuy · August 6, 2021, 3:21pm

Are there any packages that may add visibility into firewall rule events (deny, allow) similar to the below?

iplaywithtoys · August 6, 2021, 5:19pm

Do https://openwrt.org/docs/guide-user/firewall/fw3_configurations/fw3_traffic_logging and https://openwrt.org/docs/guide-user/base-system/log.essentials offer any starting points?

TheLinuxGuy · August 7, 2021, 1:43am

Yes but it isn't necessarily what my question was because I was looking for a visual (luci based) view of the fw log.

Looks like there isn't a simple way, unless I want to deploy ELK stack and ship logs to somewhere.

iplaywithtoys · August 7, 2021, 7:59am

Logs take up space. A lot of space. It would be challenging to say the least to store and process the logs directly on the device itself. Of course, that depends on the hardware you're running OpenWRT on. But an external log receiver and processor is probably going to be the way to go.

If you don't want log retention, and only want immediate real-time visibility, with logs older than a couple of seconds discarded, then it may be possible to achieve what you want directly on the device itself without needing an external log processor.

elenalauder · March 28, 2024, 6:06am

Hello everyone, I hope you are well? So I would also like this function where I can see every request or for example a live "ping" whether it is blocked or not. This would be very useful for any analysis. I used to have an Astaro (now Sophos) hardware firewall where I could see in real time exactly what was going on in the network.

I did the settings that iplaywithtoys recommended but I don't see any "ping" attempt in the logs. Do I understand correctly that it does not work with OpenWrt as it does with Astaro? Thanks for any clarification.
Best regards, Elena

Beniamin · April 6, 2024, 5:32am

Agreed. We need a logging UI.
Space isn't a issue in 2024. We have multi core CPU, 256-1024 mem, and 128+mb of storage plus USB / micro SD.

buggz · April 7, 2024, 2:57pm

Most definately needed.
GUI view is prefered.
Thanks.

olivierh · September 13, 2024, 5:43pm

Hello,
As a newcomer to the world of openwrt, I'm surprised not to find any modules for tracking live traffic. It seems to me that with fw4 and netfilter it should be possible to activate traces on demand without consuming too many resources. Am I wrong?
Is this feature planned?

brada4 · September 13, 2024, 5:57pm

$ conntrack -E -o extended,labels
nfct_labelmap_new: No such file or directory

Beniamin · September 19, 2024, 4:25am

I don't understand. What's the ask / function?