Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense firewall and suricata log to grafana with logstash Worldmap Panel

    Scheduled Pinned Locked Moved
    Off-Topic & Non-Support Discussion
    2
    3
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • kiokomanK
      kiokoman LAYER 8
      last edited by kiokoman

      Immagine.jpg

      .... work in progress ...

      I spent the last few days understanding logstash/grok to make this work somehow...
      tested under Ubuntu and pfsense 2.4.5-p1 and pfSense 2.5.0

      all the needed configuration files are available here
      https://github.com/kiokoman/pfsense-logstash-grafana
      contributions are welcome

      logstash will intercept syslog messages coming from pfSense (firewall and suricata), parse it and send it to influxdb after adding geo location based on source IP, this way worldmap panel can read it

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      G 1 Reply Last reply Reply Quote 5
      • G
        gambiarraweb1 @kiokoman
        last edited by gambiarraweb1

        @kiokoman

        Good afternoon, how are you ?

        Could you exemplify how the installation works?
        I had doubts about the InfluxDB Database.
        and also the notes that we must make to collect data from the firewall and throw it into grafana / influxdb.

        Thanks.

        kiokomanK 1 Reply Last reply Reply Quote 0
        • kiokomanK
          kiokoman LAYER 8 @gambiarraweb1
          last edited by

          @gambiarraweb1
          hello
          the instruction to install influx are here
          https://docs.influxdata.com/influxdb/v1.8/introduction/install/
          github contain also screenshot of what you need to set on pfsense, inside the "images" folder.
          what are you unable to do specifically?

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.