Way to spit out pfsense table of Tracking ID and Description?

Been googling around and this eludes me, is there any way to spit out a table of pfsense’s Tracking IDs and their respective firewall description?

Syslog output has the Tracking IDs in the log, I want to make a lookup table that then lets me spit out the rule description so its easier to make sense what rule was used in the log.

Per their documentation there is a table in
/tmp/rules.debug
https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html

But I am not sure you can push that data out into syslog.

1 Like

Thanks Tom. If I were a regit/grep guru I could probably figure out a way to spit out a nice table of tracker_ID and plain name, but at least this format (or just looking at the backup config XML) is much easier than using the WebUI to edit each rule to note down the tracker and plain name.

Not trying to output via syslog, but instead make a lookup table at the SIEM to add the value to the syslog that is ingested. Some of the work done so far:

Second pic showing that though this is info from the syslog output to the SIEM, I can now add to the output table the Description by relating it to the tracker_id:

The SPL:
image

Neat.

Thanks again Tom! Keep up those videos, love the channel!

1 Like