Nagios Log Server (logstash) filter for pfSense 2.2
-
awesome work im just curious how did you Copy SSL Certificate and Logstash Forwarder Package to pfSense(192.168.3.254) to get it work?
i tried
scp /etc/pki/tls/certs/logstash-forwarder.crt root@192.168.3.254:/tmpbut it says he authenticity of host '192.168.3.254 (192.168.3.254)' can't be established.
any ideas
Thanks again for the filter log will implement it after i get it working
-
awesome work im just curious how did you Copy SSL Certificate and Logstash Forwarder Package to pfSense(192.168.3.254) to get it work?
I didn't do that at all, I just forward syslogs from pfSense to the logstash server. Go to Status -> System Logs -> Settings and fill out the "Remote Logging Options". Under "Remote Syslog Servers" on your Nagios Log Server address and port like this "nagios-log.example.com:5544". The rest happens automatically.
There's a small caveat: Every time you reboot pfSense, it stops logging until you go to Status -> System Logs -> Settings and hit "Save".
-
Hi,
Thanks for your response. When you mean port 5544 would it rather be (192.168.3.199:5140) (logstash server 192.168.3.199) I tried following this tutorial
https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-4-on-centos-7
and
https://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/but im stuck on accessing Kibana web interface :(
also there's no package for logstash forwarder for pfSense?
Thanks
-
I tried various logstash implementations and didn't get far on any of them. Then I tried Nagios Log Server and it worked out of the box. It's a commercial product built on top og Logstash and Elasticsearch and it's very easy to use.
-
just use this vm.
http://www.sexilog.fr/quickstart/
and do this.
https://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/
you can see demo here..
http://demo.sexilog.fr/#/dashboard/elasticsearch/PFSense
very easy.
-
Hi mikesamo thank you soo much for this I really Appreciate it. I am downloading as we speak and I will let you know how it goes. I am going to follow this https://www.rootusers.com/how-to-convert-an-ova-virtual-machine-to-vhd/
because i use Hyper-V and hopefully it goes wellThank you again for everything.
also side note I was wondering if its possible to change the password and the name that appears sexilog kinda awkward to put in a work environment with that name haha :D
-
check this link they explain how to build that vm.
http://www.sexilog.fr/cookbook/
to change the name and setting please read about logstash and kibana you should find it easily.
Thanks,
-
Mikesamo thank you so much Im going to try to build it on Hyper-V and keep you posted if anything
Thank you again ;D ;D
-
HI,
I just tried and I got the dashboard working in less than one hours.
-
Hi Mikesamo,
What im also trying to do is add install NGINX for security. But thats were i screw everything up i get the 503 error not sure if to add it before Kibana or after.Thanks
-
if you guys are interested i made a guide finished it up only thing that needs fixing is the syslogs (pfSense system logs) not filtering correctly with the sysdashboard
https://forum.pfsense.org/index.php?topic=98740.msg549992#msg549992and i need to add curator to delete logs after time or gigs and then backup before deleting.
-
Hello,
it would be possible to add the log OPENVPN ?
Laurent
-
yeah thats what im working on :( been harder then I thought
-
it's been several days I'm working on but I do not find solution !!!!
I found that : https://www.reddit.com/r/PFSENSE/comments/3hk4f1/openvpn_logging_format_grok_is_killing_me/
Laurent