Pfsense + Elasticsearch, Logstash, Kibana (ELK) stack

werter

Добрый.

Кому интересна тема (красивого) логирования и визуализации логов Pfsense (и не только). Вещь универсальнейшая, парсит любые логи.

The Complete Guide to the ELK Stack https://logz.io/learn/complete-guide-elk-stack/

Как установить и настроить Elasticsearch, Logstash, Kibana (ELK Stack) на Ubuntu/Debian/Centos https://serveradmin.ru/ustanovka-i-nastroyka-elasticsearch-logstash-kibana-elk-stack/

Security Onion https://github.com/Security-Onion-Solutions/securityonion

pf (Firewall logs) + Elasticsearch + Logstash + Kibana
http://pfelk.3ilson.com/
https://github.com/3ilson/pfelk

Supported entries include:

pfSense/OPNSense setups

TCP/UDP/ICMP protocols

DHCP message types

IPv4/IPv6 mapping

pfSense CARP data

openVPN log parsing

Unbound DNS Resolver with dashboards

Suricata IDS with dashboards

Snort IDS with dashboards

Squid with dashboards

HAProxy with dashboard

pfelk aims to replace the vanilla pfSense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually

How to install the ELK Stack on Ubuntu for pfSense https://psychogun.github.io/docs/linux/ELK-stack-on-Ubuntu-with-pfSense/

Installation of PFELK on ubuntu. ELK for pfSense https://snehpatel.com/index.php/2020/02/01/installation-of-pfelk-on-ubuntu-elk-for-pfsense/

Grafana dashboard for pfSense https://psychogun.github.io/docs/pfsense/Grafana-dashboard-for-pfSense/

pf + ELK + Suricata http://pfelksuricata.3ilson.com

Elasticstack (ELK), Suricata and pfSense Firewall https://extelligenceblog.it/category/security/suricata/

pigbrother

Наткнулся на эту тему с месяц назад. Тема, конечно, интересная.
Однако времени потребует изрядно. Даже просто приложенный вами набор ссылок тянет на небольшой мануал…

pigbrother

С реддита
https://www.reddit.com/r/PFSENSE/comments/4dymci/i_made_a_simple_bare_bones_simple_elk_vm_for/

I made a simple bare bones simple ELK VM for download. For fellow ELK N00bs
I have put it on dropbox here: https://www.dropbox.com/s/aqd44gjrx7ghmm6/PFELK01-160408.ova?dl=0

It's a VMWare OVA file.

Basic setup based on http://pfelk.3ilson.com/ (bit on youtube at end to fix kibana)
no SSL access
DHCP
Basic examples of different visualisations and dashboard configured
Curator installed but no cron (https://www.elastic.co/guide/en/elasticsearch/client/curator/current/examples.html)

Username: pf Password: pf
Interface Port: http://ipaddress:5601
Send firewall events to port 5140

Changes you MUST make:
sudo nano /etc/hosts (Change IP address and / or host)
sudo nano /etc/logstash/conf.d/10-syslog.confcd (Change the IP on line 4 to be your PFsense box)

werter

This post is deleted!

hamed_forum

Please produced any VM for elk

pigbrother

ELK + pfSense 2.3 Working
https://forum.pfsense.org/index.php?topic=120937.0

werter

This post is deleted!

pigbrother

Тема продолжается:
ELK Stack with Ubuntu 16.04 running and collecting pfSense logs!
https://www.reddit.com/r/PFSENSE/comments/702uam/elk_stack_with_ubuntu_1604_running_and_collecting/

werter

This post is deleted!

werter

This post is deleted!

werter

This post is deleted!

werter

Добрый.
Подчистил и обновил ссылки.