A pfSense Filterlog Dashboard - What would you want to see?



  • Hi pfSense People!

    I'm creating an "app" with dashboards in Sumo Logic that takes pfSense filterlog events and (hopefully) presents them in a way that is useful to a pfSense administrator. I was hoping to get some feedback on things (reports/alerts/dashboard panels, etc) that would be useful to you. I've made a couple of dashboards so far that may or may not be handy…

    Happy to share these with the wider community once done (and I'll even give you some screengrabs of suggested content as I build them :-)

    FYI - I'm a solutions engineer for Sumo Logic. If you have any questions, don't hesitate to message me :-)



  • Added anomaly detection based on feedback from someone from /r/pfsense on reddit (also added a GeoMap of source address… just because)

    GeoIP & Anomaly Detection - http://i.imgur.com/PDNBrMJ.png
    Detailed Anomaly Detection - http://i.imgur.com/1vJz90E.png

    Open to any other suggestions :)



  • looking forward to playing with this… eta?



  • Hi jdetmold - I've completed an initial run at this. Happy to share the dashboard with you, or (if you have an existing Sumo Logic account) help you with the implementation of the app into your environment.

    Drop me a PM and we'll tee something up :-)



  • I was going to ask that you make it compatible with the free version, but then I see the free version only keeps data for 7 days. Not very useful. But thanks for offering this to pfSense users that are able to take advantage of it!



  • Hi AR15USR - If you'd like an extended evaluation, you can choose the "Enterprise" trial which will give you 30 days to determine whether this is something you'd find useful. I'll definitely pass your feedback on to our product management team :-)



  • Any way you could do a write-up in this thread, on how to set this up in Sumo logic?



  • Hi Brandur - I'm currently working through this now and will hopefully have something for you and the community next week :-)



  • Sorry to bring out the dead thread.

    But was this shared somewhere?
    It is a very interesting topic and I think lots of people are interested :)