pfSense Traffic Logging (updated!)

As promised in my previous post, I have now completed the PHP script for making the connection between the pfSense Captive Portal authentication log and the Squid authentication log.

trafficlog trafficlog 1.1 – Needs to be placed in /usr/local/www/ and renamed to trafficlog.php

captiveportal captiveportal 1.1 – Needs to be placed in /usr/local/www/ and renamed to captiveportal.php

download – Needs to be placed in /usr/local/www/captivetraffic/ (The captivetraffic folder will need to be created.)

indexTo replace the original in /usr/local/captiveportal/

A cron job to create the completeportalauth.log file will need to be setup, easiest way to do this is a install the Cron package and then add the following settings – Minute – 1,  Hour – *, Mday – *,  Month – *, Wday – *, Who – root, command – clog /var/log/portalauth.log >> /var/log/completeportalauth.log  No longer required.

Unfortunately due to security built into WordPress, I cannot upload PHP files, so once you’ve download the downloaded the txt files you will need to change the extension to .php.

Please note, I’m no programmer, and I only did this so that my colleagues need not ssh into pfSense to run the commands. Depending on how large your logs are, the page may take a while to load.

I chose the load the log in an iFrame due to PHP running out of memory, outputting to a file and making it available for download was simplest way I could think of to get around this. The /usr/local/www/captivetraffic/ folder might begin to get quite full, but a nightly cron job that clears the log will fix this.

Leave a Reply