pfSense firewall and suricata log to grafana with logstash Worldmap Panel
.... work in progress ...
I spent the last few days understanding logstash/grok to make this work somehow...
tested under Ubuntu and pfsense 2.4.5-p1 and pfSense 2.5.0
all the needed configuration files are available here
contributions are welcome
logstash will intercept syslog messages coming from pfSense (firewall and suricata), parse it and send it to influxdb after adding geo location based on source IP, this way worldmap panel can read it
Good afternoon, how are you ?
Could you exemplify how the installation works?
I had doubts about the InfluxDB Database.
and also the notes that we must make to collect data from the firewall and throw it into grafana / influxdb.
the instruction to install influx are here
github contain also screenshot of what you need to set on pfsense, inside the "images" folder.
what are you unable to do specifically?