I really enjoy your product - as a Security professional, there are neat features in this that the normal firewalls and logging do not provide out of Windows ! … but you knew that
What I would love to see, however, are two things:
more comprehensive logging of ALL events and/or observed traffic (suspect that’s in the DB, but not sure)
an option to be able to host the logs/DB in a centralized server (Syslog style) so it can be analyzed and examined by security people managing the box for potential IoCs
I’ve seen a lot of similar requests so the developers will be very aware of your requests.
I haven’t seen anything that suggests “ALL events” are being logged at present. Windows does that.
By “ALL … observed traffic” do you mean on the local segment or all traffic on the network - like these requests?
The problem I want to solve, is: How can I monitor my entire home network? We have a total of 5 machines, plus 2 tablets and 2 cellphones. I would like to be able to monitor them all at once, obviously without installing software on all 9 devices.
The only feasible way of doing this is to install this on a router. Otherwise, I don’t know of any way to monitor all the traffic on my network. Alright, probably not on a normal consumer router., but maybe on an old computer acting as a router. And t…
This is a new request that I haven’t seen in this Forum (though I may have missed it). But it is similar to the requests for a monitor of the entire subnet.
I also have requested a monitor for the network router (subnet), but this is an expansion of that and would also be a partial solution that I think would be within the current purview of Glasswire.
I need to monitor usage for my router and for my entire home network, but I have tools that will provide the OVERALL usage numbers required. …
… all router firmware is such a botch job in this regard. Develop gw as a plugin for pfsense or as a standalone router os please thx bye
Centralized logging, monitoring and reporting is a popular request
First off I wanted to take the time to say thank you for putting together a really intuitive product. I’ve recommended GlassWire to tons of friends, colleagues and family. Please keep up the great work!
I wanted to request that exports could be made of the firewall traffic data to a consumable stream either to a flat-file written to disk or even better – a consumable syslog feed that writes straight out onto the NIC on 514. This would make for some nice integration with some pretty popu…
So far my suggested areas of improvement are:
If you’re going to create, advertise, and sell a firewall feature, it would be great to create a firewall feature that allows proper configuration. I’m not going to repeat it, but I pretty much echo the comments of
A free/open source management console. I am using your product on my home Windows estate and find that it’s really useful/interesting at investigating bandwidth hogs, beaconing, and processes that are acting nefarious…
I am really enjoying GlassWire, but one feature I would really like to see is some sort of logging support.
I work a lot with SIEM/Log Management applications like Splunk and QRadar and would love to be able to correlate GlassWire events with events from other sources.
REST API or Syslog options would be ideal, but if GlassWire can write to a local log file I can use an agent to read and forward events from it.
Thank you for creating such a great product and keep up the good work!
ALL TRAFFIC -> think security logs, needs to at least have all the traffic flows, if not actual trtaffic/packets, to be able to backtrack a problem…
GlassWire doesn’t keep all packets which is why there are suggestions for Pcap/WinpCAP, Wireshark and port mirroring:
It’s a standard mirroring setup as required for full network monitoring with tools like Wireshark (see
The idea is that you normally can’t monitor all network traffic on one computer on a multi-device LAN, because not all traffic makes it to that computer. To get around that, you can configure one port on your switch to be a mirror port, so that all traffic that passes through the switch is echoed to th…
Just downloaded it’s a good start. Every feature is useful; nailed the 1.0.
Would eventually like to see a Wireshark type of raw data stream with filtering. Integration with wireshark would be fine. Perhaps allow me to mark a timeframe and export the pcap to wireshark.
In general though, really want to see what it sees. The “other” traffic classification of course is of immediate concern.
Desired UI design would be to have a context menu for any selectable app/protocol/graph/etc which wou…
Hey, appreciate that this is nearly a year later, but PCAP/WinPCAP/Wireshark are not what people are referring to. Perhaps the initial response isn’t clear.
What people are asking is the ability to export the actions taken by Glasswire into some form of log, be it flat file (so it can be read by an agent like OSSEC), Syslog (preferred) or some form of API (generally least preferred). So every time Glasswire detects a malicious programme using the Virus Total API, or detects a new device on the network via “Things”, or even just report every IP address/port/url that applications are communicating with.
Logs with this information in can then be ingested into SIEMs (Splunk, QRadar, OSSIM, LogRhythm, etc.) and correlated with other system information/threat intelligence sources. For instance, my last example above could be correlated against indicators of compromise obtained via various threat intelligence services.
It’s important to get the information directly from the endpoint rather than from network devices as they can be bypassed quite easily; the widespread use of TLS/SSL these days being a primary-yet-basic method.