I found a solution combined with what Estival Guillaume suggested in
https://www.mail-archive.com/[email protected]/msg06213.html.
It may need some refinement but it works with inline mode.
I added the following to the top of the file (the leading + denotes my
additions):
# iptables template
# This file is manipulated on PacketFence's startup before being given to
iptables
*filter
+### Log everything! ###
+-I FORWARD 1 -j LOG --log-prefix "[packetfilter] "
+
### INPUT ###
:INPUT DROP [0:0]
# accept loopback stuff
-A INPUT --in-interface lo --jump ACCEPT
# accept anything related
I then reverted to the rest of Estival's post:
_add a file on /etc/rsyslog.d and copy paste this:
:msg,contains,"[packetfilter] " /var/log/pfaccesslogs/packetfilter.log
it will redirect all the PF log into the
/var/log/pfaccesslogs/packetfilter.log file.
_Then add a file on /etc/logrotate.d directory:
/var/log/pfaccesslogs/packetfilter.log {
weekly
missingok
rotate 52
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
}
Rebooted and sorted.
Hope this is useful for someone else.
From: Seth Tregenna [mailto:[email protected]]
Sent: 25 October 2016 08:09
To: [email protected]
Subject: [PacketFence-users] Logging all user access
I am new to PacketFence and have just started using an inline setup (version
6.3.0 running on CentOS 7).
16.
Users are able to self-register fine and pass traffic etc.
We have a requirement to retain user access logs though so I have followed the
post at
https://www.mail-archive.com/[email protected]/msg06213.html
regarding enabling iptables logging.
When I modify the /usr/local/pf/conf/iptables.conf file I can no longer pass
traffic from a client. Reverting starts working fine again.
Initial contents:
### FORWARD ###
:FORWARD DROP [0:0]
:forward-internal-vlan-if - [0:0]
%%filter_forward_vlan%%
:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%
:OUTPUT ACCEPT [0:0]
Modified to:
### FORWARD ###
:FORWARD DROP [0:0]
:forward-internal-vlan-if - [0:0]
%%filter_forward_vlan%%
:forward-internal-inline-if - [0:0]
%%filter_forward_inline%%
-A forward-internal-inline-if -s 10.18.X.0/16 -j LOG --log-prefix
"[packetfilter] "
:OUTPUT ACCEPT [0:0]
Have I added it correctly or should it go somewhere else or has something
changed since the original post?
Many thanks.
Seth.
[Apprenticeship Legends]<https://www.youtube.com/watch?v=6B_zlD8dCbo>
------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive.
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
