Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Looking for syslogs to update my cyberattackmaps website

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    4 Posts 3 Posters 778 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cyberattackmaps
      last edited by

      Hi pfsense fans,

      During my holidays I spent some time creating a cyberattack map, based on my residential pfsense logs. Basically anything that scans my ports is displayed. I was able to nicely stream it to youtube and embed this in a website https://www.cyberattackmaps.com.

      Since this is just a hobby, I only got residential internet, which blocks a lot of commonly attacked ports, even port 80 is blocked by my ISP. Would be nice to have multiple locations on the map or people get 'attacked' on more ports.

      So I like to take this to the next step, by adding more firewall logs, decreasing the last 5 minute timerange to 30 or even 5 seconds... I could easily open a port on my pfsense firewall so you can send your firewall syslogs to my syslog server, and have the data in real-time on the map.

      If you are interested in adding your firewall syslogs to the website for visualisation, please let me know. This will not be difficult from a technical point of view, even if you have a dynamic IP.

      1 Reply Last reply Reply Quote 0
      • P
        PhlMike
        last edited by

        That is interesting, I have over 100 pfSense firewalls and I use pfmonitor as well, I could probably aggregate something if I can figure out how to automate it and remove anything sensitive.

        C 1 Reply Last reply Reply Quote 0
        • V
          vern1231 Banned
          last edited by

          This post is deleted!
          1 Reply Last reply Reply Quote 0
          • C
            cyberattackmaps @PhlMike
            last edited by

            @PhlMike said in Looking for syslogs to update my cyberattackmaps website:

            That is interesting, I have over 100 pfSense firewalls and I use pfmonitor as well, I could probably aggregate something if I can figure out how to automate it and remove anything sensitive.

            That could be interesting indeed. If you like to give it a try, maybe for just 1 one them, please let me know. If you want to I can also try make a TCP (ssl) port available instead of UDP. But then you will need some customization (syslog-ng forwarding?) in pfsense in order to send to that I believe.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.