Tuesday, March 7, 2017

Email reporting in pfsense

Pfsense has a great package called "mailreport" that allows an administrator to send information on a periodic basis. I'm using mailreport v3.1 on Pfsense v2.3.3 right now.

Configure notifications:
Menu: System > Advanced > Notifications (tab)
Look for the email section and configure > Save > Test SMTP Settings until you receive the test email. For me I use the same email address for To:, From:, and Auth:, and I use the PLAIN auth mechanism.

Configure mailport:
Once you've tested the notification feature you can use the mailreport package.
Go to Status > Email Reports to configure reports.
Options include the scheduling, included commands, and included logs.

Commands:
Anything you can run under command prompt (Diagnostics > Command Prompt) can be output to an email.

For instance, my external IP address is dynamic and though I do use a Dynamic-DNS tool to easily allow me to get to the external IP by name, sometimes DDNS doesn't work. Though there are several ways to do this, I use the simple command "ifconfig bge0 | grep 'inet '" to output the network interface information from Pfsense and send it to me via email. This gives me the ability to connect without functional DDNS.

"ifconfig" returns information for all of the interfaces.
"ifconfig bge0" returns information for the first interface (as opposed to bge1 which I use for my internal interface.)
"ifconfig bge0 | grep 'inet '" pipes the information from "ifconfig bge0" through grep and looks for the line containing "inet ". Remove the space and you'll also get the inet6 (IPV6) address.
It should return something like this (with the x's replaced with your actual IP address):
inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
You could go further with grep and cut out everything else, but you get the gist.
Search for "FreeBSD command reference" for an exhaustive list of commands.

Logs:
Your email report can also include logs from services running on your Pfsense machine with as VPN, firewall, DHCP, captive portal, web server logs and more. The list includes a status update on pretty much anything you'd want to know and you can filter the logs to look for certain things and return a certain number of rows from the results. The filter works like grep.
For instance you can filter the DHCP log for only lines containing "DHCPREQUEST" which would show a line like this:
Mar  7 05:02:40 <Pfsense hostname> dhcpd: DHCPREQUEST for <requested IP> from <requesting MAC addr> (<hostname if avail.>) via <interface>

So you can see that there is a lot of information available to you.The easiest way to filter is to start with no filter and get the log and then see what it contains that you need to look at. In my case I use it to keep daily tabs on my external IP and make sure that what's happening on the system is kosher.