System logs filtering ELK



  • Hi,
    I know that logstash does not belong to pfSense but because logs  are an important factor to everything now these days, I was wondering if someone could help me out or guide me for this code. Here is the link of my tutorial for setting up ELK if anyone is interested.

    http://www.mediafire.com/view/j25mbohmmxvt7g4/Installing_ELK_on_Lubuntu_15.0.4_ON_HYPER-V.docx

    So I got everything up and running with ELK for filtering firewall on pfSense but, my only issue is when im trying to filter my syslog dashboard (the system logs of pfSense) it shows nothing while on my other dashboard of pfSense firewall it shows everything perfectly see pics.
    I was wondering on my 10-syslog.conf or my syslog dashboard what could be the issue?

    Thank you

    10-syslog.conf
    http://pastebin.com/0ykcDLAM

    syslog dashboard
    http://pastebin.com/KZpkxmSi






  • Bump anyone?  :(



  • hello my friend
    i have this problem and pfsense send log but ELK can not parse to to graph
    this problem occur after update to pfsense 2.2 bbecause formate log of pfsense chande and grok can not parse them
    if you use pfsense 2.1 you have not problem but with 2.2 i in trouble very bad because i see log recived but grok can not pars thme and its unuseable for making graph and geoIP :/
    if anyone have any help to killmaster93 and me say to us



  • hi there I already made a guide and working perfectly to log the firewall see pictures.

    What im stuck and working on is to log the system logs for pfSense.