pfSense to Security Onion (syslog)
namobud...@gmail.com
I turned on syslog remote and added the IP of my SO master.
I don't see anything under syslog in ELSA for it. I saw some years old threads on getting them to work together, but I just wanted to see if anything has changed sense I have the 2016 version of both products running.
Thanks!
Wes Lambert
Did you run so-allow to allow the traffic from the pfsense box?
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Visit this group at https://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
namobud...@gmail.com
The UFW appears to be inactive on my master. I'm pointing the pfSense syslog at the master in a (master / sensor configuration); should I be pointing it at the closest sensor?
On Thursday, December 15, 2016 at 11:22:21 AM UTC-5, Wes wrote:
> Did you run so-allow to allow the traffic from the pfsense box?
>
> Thanks,
>
> Wes
>
>
>
> On Dec 15, 2016 11:20 AM, <namobud...@gmail.com> wrote:
> I have a newly built pfSense firewall with the latest version of pfSense.
>
>
>
> I turned on syslog remote and added the IP of my SO master.
>
>
>
> I don't see anything under syslog in ELSA for it. I saw some years old threads on getting them to work together, but I just wanted to see if anything has changed sense I have the 2016 version of both products running.
>
>
>
> Thanks!
>
>
>
> --
>
> Follow Security Onion on Twitter!
>
> https://twitter.com/securityonion
>
> ---
>
> You received this message because you are subscribed to the Google Groups "security-onion" group.
>
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
>
> To post to this group, send email to securit...@googlegroups.com.
Wes Lambert
You should be able to point it at either, but you'll need to make sure the port is accessible.
Thanks,
Wes
To unsubscribe from this group and stop receiving emails from it, send an email to security-onion+unsubscribe@googlegroups.com.
To post to this group, send email to security-onion@googlegroups.com.
Wes Lambert
Is there any reason UFW is disabled? Was this intentional?
Thanks,
Wes
namobud...@gmail.com
Wes Lambert
You should be able to just point it at the master and go.
Try taking a look here for more context:
https://github.com/Security-Onion-Solutions/security-onion/wiki/Syslog
Thanks,
Wes
Do I have to edit the /etc/syslog-ng/syslog-ng.conf on the master to allow it to receive syslogs from the pfSense, I want it to go to the master because it's logically / physically closer.