Looking for syslogs to update my cyberattackmaps website
-
Hi pfsense fans,
During my holidays I spent some time creating a cyberattack map, based on my residential pfsense logs. Basically anything that scans my ports is displayed. I was able to nicely stream it to youtube and embed this in a website https://www.cyberattackmaps.com.
Since this is just a hobby, I only got residential internet, which blocks a lot of commonly attacked ports, even port 80 is blocked by my ISP. Would be nice to have multiple locations on the map or people get 'attacked' on more ports.
So I like to take this to the next step, by adding more firewall logs, decreasing the last 5 minute timerange to 30 or even 5 seconds... I could easily open a port on my pfsense firewall so you can send your firewall syslogs to my syslog server, and have the data in real-time on the map.
If you are interested in adding your firewall syslogs to the website for visualisation, please let me know. This will not be difficult from a technical point of view, even if you have a dynamic IP.
-
That is interesting, I have over 100 pfSense firewalls and I use pfmonitor as well, I could probably aggregate something if I can figure out how to automate it and remove anything sensitive.
-
This post is deleted! -
@PhlMike said in Looking for syslogs to update my cyberattackmaps website:
That is interesting, I have over 100 pfSense firewalls and I use pfmonitor as well, I could probably aggregate something if I can figure out how to automate it and remove anything sensitive.
That could be interesting indeed. If you like to give it a try, maybe for just 1 one them, please let me know. If you want to I can also try make a TCP (ssl) port available instead of UDP. But then you will need some customization (syslog-ng forwarding?) in pfsense in order to send to that I believe.