New feature request for logging


#1

I really enjoy your product - as a Security professional, there are neat features in this that the normal firewalls and logging do not provide out of Windows ! … but you knew that :smile:

What I would love to see, however, are two things:

  • more comprehensive logging of ALL events and/or observed traffic (suspect that’s in the DB, but not sure)
  • an option to be able to host the logs/DB in a centralized server (Syslog style) so it can be analyzed and examined by security people managing the box for potential IoCs

#2

I’ve seen a lot of similar requests so the developers will be very aware of your requests.

All events

I haven’t seen anything that suggests “ALL events” are being logged at present. Windows does that.

All traffic

By “ALL … observed traffic” do you mean on the local segment or all traffic on the network - like these requests?



Centralized logging, monitoring and reporting is a popular request




#3

ALL TRAFFIC -> think security logs, needs to at least have all the traffic flows, if not actual trtaffic/packets, to be able to backtrack a problem…


#4

GlassWire doesn’t keep all packets which is why there are suggestions for Pcap/WinpCAP, Wireshark and port mirroring: