Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Logging for Microsoft Cloud App Security

    General pfSense Questions
    4
    4
    1.3k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jpozzoli
      last edited by

      I want to experiment with MCAS and part of that is the ability to upload log files from on-prem firewalls to Azure. It will then analyze those logs and discover what kind of cloud-based services users are using (Box, AWS, Slack, etc.).

      Based on this, I have two questions: what type of log does PFsense output (I realize I will have to syslog this off somewhere)?

      And two, would I need to create an "allow all" rule at the bottom of my rules and turn on logging for that to generate the needed traffic?

      Here is a link to the relevant portion of MCAS talking about this: https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery

      FWIW I have a Netgate SG-1100 on the latest software.

      Thanks in advance,
      John

      1 Reply Last reply Reply Quote 0
      • GrimetonG
        Grimeton
        last edited by

        31cd0c64-fda9-4f76-8ad4-0b956e3121cc-image.png

        https://docs.netgate.com/pfsense/en/latest/monitoring/log-settings.html

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          This looks like a more relevant page: https://docs.microsoft.com/en-us/cloud-app-security/custom-log-parser

          Interestingly it looks more like netflow data would be better there. The firewall log does not record data totals. It also doesn't log passed traffic by default.

          Steve

          1 Reply Last reply Reply Quote 0
          • A
            anx
            last edited by

            Hi Guys,

            It is very good idea! did you find solution to setup this ? thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.