PFSense Logging for Microsoft Cloud App Security
-
I want to experiment with MCAS and part of that is the ability to upload log files from on-prem firewalls to Azure. It will then analyze those logs and discover what kind of cloud-based services users are using (Box, AWS, Slack, etc.).
Based on this, I have two questions: what type of log does PFsense output (I realize I will have to syslog this off somewhere)?
And two, would I need to create an "allow all" rule at the bottom of my rules and turn on logging for that to generate the needed traffic?
Here is a link to the relevant portion of MCAS talking about this: https://docs.microsoft.com/en-us/cloud-app-security/set-up-cloud-discovery
FWIW I have a Netgate SG-1100 on the latest software.
Thanks in advance,
John -
https://docs.netgate.com/pfsense/en/latest/monitoring/log-settings.html
-
This looks like a more relevant page: https://docs.microsoft.com/en-us/cloud-app-security/custom-log-parser
Interestingly it looks more like netflow data would be better there. The firewall log does not record data totals. It also doesn't log passed traffic by default.
Steve
-
Hi Guys,
It is very good idea! did you find solution to setup this ? thanks