Pfsense + Elasticsearch, Logstash, Kibana (ELK) stack
-
Добрый.
Кому интересна тема (красивого) логирования и визуализации логов Pfsense (и не только). Вещь универсальнейшая, парсит любые логи.
The Complete Guide to the ELK Stack https://logz.io/learn/complete-guide-elk-stack/
Как установить и настроить Elasticsearch, Logstash, Kibana (ELK Stack) на Ubuntu/Debian/Centos https://serveradmin.ru/ustanovka-i-nastroyka-elasticsearch-logstash-kibana-elk-stack/
Security Onion https://github.com/Security-Onion-Solutions/securityonion
pf (Firewall logs) + Elasticsearch + Logstash + Kibana
http://pfelk.3ilson.com/
https://github.com/3ilson/pfelkSupported entries include:
pfSense/OPNSense setups
TCP/UDP/ICMP protocols
DHCP message types
IPv4/IPv6 mapping
pfSense CARP data
openVPN log parsing
Unbound DNS Resolver with dashboards
Suricata IDS with dashboards
Snort IDS with dashboards
Squid with dashboards
HAProxy with dashboard
pfelk aims to replace the vanilla pfSense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually
How to install the ELK Stack on Ubuntu for pfSense https://psychogun.github.io/docs/linux/ELK-stack-on-Ubuntu-with-pfSense/
Installation of PFELK on ubuntu. ELK for pfSense https://snehpatel.com/index.php/2020/02/01/installation-of-pfelk-on-ubuntu-elk-for-pfsense/
Grafana dashboard for pfSense https://psychogun.github.io/docs/pfsense/Grafana-dashboard-for-pfSense/
pf + ELK + Suricata http://pfelksuricata.3ilson.com
Elasticstack (ELK), Suricata and pfSense Firewall https://extelligenceblog.it/category/security/suricata/
-
Наткнулся на эту тему с месяц назад. Тема, конечно, интересная.
Однако времени потребует изрядно. Даже просто приложенный вами набор ссылок тянет на небольшой мануал… -
С реддита
https://www.reddit.com/r/PFSENSE/comments/4dymci/i_made_a_simple_bare_bones_simple_elk_vm_for/I made a simple bare bones simple ELK VM for download. For fellow ELK N00bs
I have put it on dropbox here: https://www.dropbox.com/s/aqd44gjrx7ghmm6/PFELK01-160408.ova?dl=0It's a VMWare OVA file.
Basic setup based on http://pfelk.3ilson.com/ (bit on youtube at end to fix kibana)
no SSL access
DHCP
Basic examples of different visualisations and dashboard configured
Curator installed but no cron (https://www.elastic.co/guide/en/elasticsearch/client/curator/current/examples.html)Username: pf Password: pf
Interface Port: http://ipaddress:5601
Send firewall events to port 5140Changes you MUST make:
sudo nano /etc/hosts (Change IP address and / or host)
sudo nano /etc/logstash/conf.d/10-syslog.confcd (Change the IP on line 4 to be your PFsense box) -
This post is deleted! -
Please produced any VM for elk
-
ELK + pfSense 2.3 Working
https://forum.pfsense.org/index.php?topic=120937.0 -
This post is deleted! -
Тема продолжается:
ELK Stack with Ubuntu 16.04 running and collecting pfSense logs!
https://www.reddit.com/r/PFSENSE/comments/702uam/elk_stack_with_ubuntu_1604_running_and_collecting/ -
This post is deleted! -
This post is deleted! -
This post is deleted! -
Добрый.
Подчистил и обновил ссылки.