OpenSource or Free Logger/SIEM with pfsense support.
-
Hi guys,
I was wondering if anyone knows any piece of software that is able to "understand" pfsense logs. I already know that OSSIM and splunk can be configured to do so but since they are both a little heavy for my old pc i am looking for sth else. Is there any type of advanced logger software that can parse pfsense logs or allow a custom syslog parser.
Tx
-
There are many syslog servers for windows. pfsense can be set to send syslog, so any syslog server can view and understand the log entries.
There was an issue where firewall logs were being sent in 2 lines, but that was corrected I believe or there was a fix in the forums for it.
For example this is a freesyslog I was running for awhile, just have it turned it back on yet since went full VM for all my servers.
http://www.snmpsoft.com/syslogwatcher/syslog-server.html
-
Thanks for the link i will check it out. But i was looking for sth more advanced. Sth that can parse logs and display source address and target address for example. I think logstash allow you to create custom parsers but i am not sure yet.
Does anyone know if any kind of software with the above requirements exists?
-
pfSense also has some nifty features/packages if you want to check out what's being blocked or to check where your bandwidth is going.
What are you trying to monitor?
-
I would like to be able to filter out trusted destination IPs so i can detect possible unauthorized connections to my infrastructure. I want sth that can parse logs since the raw log is not very easy to read.
-
What? So your logging ALL traffic in and out of your network, not just blocked?
-
No not right now. But i would like to.
