Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Issue with Pfsense and ELK integration

    Scheduled Pinned Locked Moved
    Virtualization
    2
    2
    833
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GdZbEDfz
      last edited by

      Hello,

      I use Pfsense 2.6.0-RELEASE (amd64) on ESXI 6 with IP as 172.16.0.1. I am trying to integrate the syslogs with ELK (latest). Using the scripted method, I installed the ELK on Ubuntu using pfelk (https://github.com/pfelk/pfelk/wiki).

      Once installed, I have enabled and configured the pfsense remote logging settings with everything and ELK's server and its port as 172.16.1.4:5140. Additionally, I have added the firewall rules to allow under the LAN interface and validated using the pfsense shell with telnet 172.16.1.4 5140 command and telnet returned connected.

      But, the issue is I am not seeing pfsense sending any syslogs to the ELK server. If anyone has any idea how to troubleshoot the problem or missed anything, please advise.

      Thanks!

      M 1 Reply Last reply Reply Quote 0
      • M
        mysicks1 @GdZbEDfz
        last edited by

        @gdzbedfz You should start with troubleshooting where the problem lies. Run a tcpdump on the interface you're sending the PFSense logs to. If you see Syslog, then you know the issue lies within the Elk configuration. If you don't see the logs running tcpdump, you have an issue blocking PfSense syslog from reaching Elk.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post