Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenSource or Free Logger/SIEM with pfsense support.

    General pfSense Questions
    3
    7
    7.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      globexgr
      last edited by

      Hi guys,

      I was wondering if anyone knows any piece of software that is able to "understand" pfsense logs. I already know that OSSIM and splunk can be configured to do so but since they are both a little heavy for my old pc i am looking for sth else. Is there any type of advanced logger software that can parse pfsense logs or allow a custom syslog parser.

      Tx

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        There are many syslog servers for windows.  pfsense can be set to send syslog, so any syslog server can view and understand the log entries.

        There was an issue where firewall logs were being sent in 2 lines, but that was corrected I believe or there was a fix in the forums for it.

        For example this is a freesyslog I was running for awhile, just have it turned it back on yet since went full VM for all my servers.

        http://www.snmpsoft.com/syslogwatcher/syslog-server.html

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • G
          globexgr
          last edited by

          Thanks for the link i will check it out. But i was looking for sth more advanced. Sth that can parse logs and display source address and target address for example. I think logstash allow you to create custom parsers but i am not sure yet.

          Does anyone know if any kind of software with the above requirements exists?

          1 Reply Last reply Reply Quote 0
          • S
            SeventhSon
            last edited by

            pfSense also has some nifty features/packages if you want to check out what's being blocked or to check where your bandwidth is going.

            What are you trying to monitor?

            1 Reply Last reply Reply Quote 0
            • G
              globexgr
              last edited by

              I would like to be able to filter out trusted destination IPs so i can detect possible unauthorized connections to my infrastructure. I want sth that can parse logs since the raw log is not very easy to read.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                What?  So your logging ALL traffic in and out of your network, not just blocked?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                1 Reply Last reply Reply Quote 0
                • G
                  globexgr
                  last edited by

                  No not right now. But i would like to.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.