Pfsense 2.4.x filebeat issues
fgro last edited by
since pfsense upgrade to 2.4.x filebeat doesnt work anymore and freezes the pfsense os. even over vagrant to build a filebeat from source with FreeBSD11 it does not work under pfsense. Anyone has a clue about filebeat for transferring surcita logs to elk?
stkfrm last edited by
Very interested in this topic. I’d like to get log shipping set up from pfSense to Logstash/Elasticsearch and one of the most elegant ways would be to have filebeat read log files of interest. @fgro did you have any success on this?
motific last edited by
There may be better options than filebeat anyway…
Snort has a binary output which (as I understand it) can ship out to logstash without needing filebeat.
Suricata can output EVE data directly to a remote location via the ‘redis’ configuration.
dnsmasq and unbound support dnstap which gives the whole request & response in a single entry.
I’d expect more packages will have similar abilities if configured for it… I’m going to set up an ELK VM to play with at some point soon (I wanted to set it up on an RPi2 but MongoDB won’t build for FreeBSD/ARM unfortunately).