A pfSense Filterlog Dashboard - What would you want to see?
-
Hi pfSense People!
I'm creating an "app" with dashboards in Sumo Logic that takes pfSense filterlog events and (hopefully) presents them in a way that is useful to a pfSense administrator. I was hoping to get some feedback on things (reports/alerts/dashboard panels, etc) that would be useful to you. I've made a couple of dashboards so far that may or may not be handy…
-
Sumo Logic Filterlog Field Extractions - Filterlog field extractions based on the pfSense docs (http://i.imgur.com/Z4aAIaS.png)
-
pfSense - Traffic - Live view of events as they go through including blocked traffic (by port, country, interface), etc.http://i.imgur.com/eT0cVlh.png
-
pfSense - Traffic Insight - Interactive dashboard that allows you to explore your firewall logs. http://i.imgur.com/LH4qlqN.png
Happy to share these with the wider community once done (and I'll even give you some screengrabs of suggested content as I build them :-)
FYI - I'm a solutions engineer for Sumo Logic. If you have any questions, don't hesitate to message me :-)
-
-
Added anomaly detection based on feedback from someone from /r/pfsense on reddit (also added a GeoMap of source address… just because)
GeoIP & Anomaly Detection - http://i.imgur.com/PDNBrMJ.png
Detailed Anomaly Detection - http://i.imgur.com/1vJz90E.pngOpen to any other suggestions :)
-
looking forward to playing with this… eta?
-
Hi jdetmold - I've completed an initial run at this. Happy to share the dashboard with you, or (if you have an existing Sumo Logic account) help you with the implementation of the app into your environment.
Drop me a PM and we'll tee something up :-)
-
I was going to ask that you make it compatible with the free version, but then I see the free version only keeps data for 7 days. Not very useful. But thanks for offering this to pfSense users that are able to take advantage of it!
-
Hi AR15USR - If you'd like an extended evaluation, you can choose the "Enterprise" trial which will give you 30 days to determine whether this is something you'd find useful. I'll definitely pass your feedback on to our product management team :-)
-
Any way you could do a write-up in this thread, on how to set this up in Sumo logic?
-
Hi Brandur - I'm currently working through this now and will hopefully have something for you and the community next week :-)
-
Sorry to bring out the dead thread.
But was this shared somewhere?
It is a very interesting topic and I think lots of people are interested :) -
Got my hands on these dashboards and thought I would share them for anyone else that wanted to play with them.
I tried to fix everything that looked broken but there may be more stuff broken, I'm no expert with Sumo Logic.