Curious what I could be doing to “audit” my pfSense setup from time to time (home user). I don’t have any port forwards open and all the inbound traffic “should” be disallowed, since it is by default. But are there ways to confirm this? Scrolling through logs in real-time doesn’t seem to be practical. It seems like I could forward logs to a central syslog server, but without a tool to parse all that data, this wouldn’t seem to add much value. I think Tom has done a video about graylog at one time. I’ve heard about visualization tools (grafana). Some of these seem complicated to setup (first get a database, then a visualization tool, probably need to run these all in docker unless you want to have a bunch of computers running stuff).
Just curious what folks are doing. I use pfBlockerNG and feel like my setup is pretty solid, but I’d feel better if I had a way to get text/email alerts or view a dashboard to see if there were any red flags. Ideally, I could use the same solution to monitor my Unifi network, Synology NAS, etc.