Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    configure Suricata with Wazuh

    Scheduled Pinned Locked Moved IDS/IPS
    1 Posts 1 Posters 54 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      detox
      last edited by

      hello all!

      I am attempting to incorporate Wazuh into my network security. The Wazuh site states

      "There are several ways to integrate pfSense with Wazuh. The easiest method is syslog, but you can also use the Wazuh agent. Wazuh agent (native package for pfSense) is already pre-installed In pfSense which is available in Yandex Cloud Marketplace/VK Cloud Marketplace. Therefore, you can start setting up immediately, bypassing the installation process."

      I do not see one. It then explains how to use by configuring Suricata, and finally, it explains how to import the syslog itself. But all reference restarting the "Agent".

      Several sites show how to 'fix' pfsense to get packages directly from FreeBSD repositories, but that seems to be fairly dangerous.

      So does anyone have a reference on how to send syslogs from PfSense to Wazuh without "backdoor tinkering"?

      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.