Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Nagios Log Server (logstash) filter for pfSense 2.2

    Scheduled Pinned Locked Moved General pfSense Questions
    15 Posts 4 Posters 11.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      ljorgensen
      last edited by

      @killmasta93:

      awesome work im just curious how did you  Copy SSL Certificate and Logstash Forwarder Package to pfSense(192.168.3.254) to get it work?

      I didn't do that at all, I just forward syslogs from pfSense to the logstash server. Go to Status -> System Logs -> Settings and fill out the "Remote Logging Options". Under "Remote Syslog Servers" on your Nagios Log Server address and port like this "nagios-log.example.com:5544". The rest happens automatically.

      There's a small caveat: Every time you reboot pfSense, it stops logging until you go to Status -> System Logs -> Settings and hit "Save".

      1 Reply Last reply Reply Quote 0
      • K
        killmasta93
        last edited by

        Hi,
        Thanks for your response. When you mean port 5544 would it rather be  (192.168.3.199:5140) (logstash server 192.168.3.199) I tried following this tutorial
        https://www.digitalocean.com/community/tutorials/how-to-install-elasticsearch-logstash-and-kibana-4-on-centos-7
        and
        https://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/

        but im stuck on accessing Kibana web interface :(

        also there's no package for logstash forwarder for pfSense?

        Thanks

        Tutorials:

        https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

        1 Reply Last reply Reply Quote 0
        • L
          ljorgensen
          last edited by

          I tried various logstash implementations and didn't get far on any of them. Then I tried Nagios Log Server and it worked out of the box. It's a commercial product built on top og Logstash and Elasticsearch and it's very easy to use.

          1 Reply Last reply Reply Quote 0
          • M
            mikesamo
            last edited by

            just use this vm.

            http://www.sexilog.fr/quickstart/

            and do this.

            https://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/

            you can see demo here..

            http://demo.sexilog.fr/#/dashboard/elasticsearch/PFSense

            very easy.

            1 Reply Last reply Reply Quote 0
            • K
              killmasta93
              last edited by

              Hi mikesamo thank you soo much for this I really Appreciate it. I am downloading as we speak and I will let you know how it goes. I am going to follow this https://www.rootusers.com/how-to-convert-an-ova-virtual-machine-to-vhd/
              because i use Hyper-V  and hopefully it goes well

              Thank you again for everything.

              also side note I was wondering if its possible to change the password and the name that appears sexilog kinda awkward to put in a work environment with that name haha  :D

              Tutorials:

              https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

              1 Reply Last reply Reply Quote 0
              • M
                mikesamo
                last edited by

                check this link they explain how to build that vm.

                http://www.sexilog.fr/cookbook/

                to change the name and setting please read about logstash and kibana you should find it easily.

                Thanks,

                1 Reply Last reply Reply Quote 0
                • K
                  killmasta93
                  last edited by

                  Mikesamo thank you so much Im going to try to build it on Hyper-V and keep you posted if anything

                  Thank you again  ;D ;D

                  Tutorials:

                  https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                  1 Reply Last reply Reply Quote 0
                  • M
                    mikesamo
                    last edited by

                    HI,

                    I just tried and I got the dashboard working in less than one hours.

                    1 Reply Last reply Reply Quote 0
                    • K
                      killmasta93
                      last edited by

                      Hi Mikesamo,
                      What im also trying to do is add install  NGINX for security. But thats were i screw everything up i get the 503 error not sure if to add it before Kibana or after.

                      Thanks

                      Tutorials:

                      https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                      1 Reply Last reply Reply Quote 0
                      • K
                        killmasta93
                        last edited by

                        if you guys are interested i made a guide finished it up only thing that needs fixing is the syslogs (pfSense system logs) not filtering  correctly with the sysdashboard
                        https://forum.pfsense.org/index.php?topic=98740.msg549992#msg549992

                        and i need to add curator to delete logs after time or gigs and then backup before deleting.

                        Clipboarder.2015.08.30-013.png
                        Clipboarder.2015.08.30-013.png_thumb
                        Clipboarder.2015.08.30-014.png
                        Clipboarder.2015.08.30-014.png_thumb

                        Tutorials:

                        https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                        1 Reply Last reply Reply Quote 0
                        • L
                          lolo666666
                          last edited by

                          Hello,

                          it would be possible to add the log OPENVPN ?

                          Laurent

                          1 Reply Last reply Reply Quote 0
                          • K
                            killmasta93
                            last edited by

                            yeah thats what im working on :( been harder then I thought

                            Tutorials:

                            https://www.mediafire.com/folder/v329emaz1e9ih/Tutorials

                            1 Reply Last reply Reply Quote 0
                            • L
                              lolo666666
                              last edited by

                              it's been several days I'm working on but I do not find solution !!!!

                              I found that : https://www.reddit.com/r/PFSENSE/comments/3hk4f1/openvpn_logging_format_grok_is_killing_me/

                              Laurent

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.