Hi Mike,
We currently don't build OpenBSD packages. Nonetheless, you can try and compile Wazuh from sources in OpenBSD (it should work just fine). These are the basic steps you should take:
1) Execute pkg_add gmake git libtool to install the necessary dependencies.
3) I've tried it myself and I found a couple of easy to fix errors. You must include the following libraries:
In wazuh/src/headers/list_op.h:
#ifndef _OS_LIST
#define _OS_LIST
#include "pthreads_op.h"
In wazuh/src/headers/pthreads_op.h:
#ifndef PTHREADS_OP_H
#define PTHREADS_OP_H
#include <pthread.h>4) After that, execute: gmake deps && gmake TARGET=agent
5) in wazuh, execute: ./install.sh and follow the instructions.
Depending on your use case there may be some alternatives. As I've seen PFSense is a software for router/firewall based on FreeBSD. My guess (correct me if I'm wrong) is that you want Wazuh to collect the PFSense logs and generate alerts based on them.
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>udp</protocol>
<allowed-ips>IPS_OR_NET</allowed-ips>
<local_ip>MANAGER_IP</local_ip>
</remote>
Once you've configured and restarted both, you should receive the logs collected by syslog in your manager (you can see them in /var/ossec/logs/archives/archives.log once you've activated the <logall> option in <global> block of your manager's configuration).
In any of those two cases (wether if you compile and install Wazuh agent in OpenBSD or if you choose to configure
syslog to send the PFSense messages to Wazuh), keep in mind, that is probable that you need to create rules for the PFSense logs. Once you have the logs I can help you create an example rule for that (explained in
https://documentation.wazuh.com/3.10/user-manual/ruleset/custom.html)
I hope you find this helpful. If you have any troubles wether compiling Wazuh for OpenBSD or configuring Wazuh to receive syslog messages don't hesitate to answer this mail with your doubts.
Kind regards,
David