Looking for information on where and how the firewall logs are stored. I can’t find out of they are stored an the SQL db and what the credentials would be for it. I am working on a project and would like to analyze the logs without a 3d party syslog server like fluentd, doing the collection.
Thanks again for your hard work 
Hi,
IPFire 2.x does not use a database for storing firewall logs.
They are written to /var/log/messages just like ordinary Linux systems do.
Thanks, and best regards,
Peter Müller
so the cgi scripts parse the /var/log/messages/ interesting …
looks likee syslog is the way to go but I cant get all that historical data out of the syslog that way, not easy anyway…
Here is a little insight into what I am trying to do and it would be a neat feature to ad to ipfire…
https://docs.fluentd.org/how-to-guides/free-alternative-to-splunk-by-fluentd
Hi,
so the cgi scripts parse the /var/log/messages/ interesting …
as far as I am aware, this is a compromise between doing things in a modern way (using databases, responsive GUIs and stuff) and running as few services as possible on an IPFire machine. Most people do not look at their IP address logs often enough to be in need of a database, and if they do, they’ll probably configured a remote syslog server.
Skimming through the link you provided, additional software on IPFire is not necessary: Just set up a rsyslog server dumping received logs into fluentd and configure IPFire to use it.
Indeed, this works for new log lines only, but perhaps there is something like a bulk import interface for the monitoring/dashboard software you want to use.
Thanks, and best regards,
Peter Müller