Pfsense logs to syslog-ng security Onion?
1,175 views
Skip to first unread message
tbaror
Jul 5, 2014, 3:14:18 PM7/5/14
to securit...@googlegroups.com
Hello,
In our organization there are several Pfsense firewalls in different location
I can set its Snort package to log Syslog facility , would it be possible integrate that way visualize data in Squert ?
Thanks
Jeremy Hoel
Jul 5, 2014, 9:25:43 PM7/5/14
to securit...@googlegroups.com
Squeegees uses the sguil db which gets populated from agents on the snort sensors. Unless you can run those tcl agents on the pfsense server I don't see how it would get the data it needs.
--
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To post to this group, send email to securit...@googlegroups.com.
Visit this group at http://groups.google.com/group/security-onion.
For more options, visit https://groups.google.com/d/optout.
Doug Burks
Jul 6, 2014, 7:38:26 AM7/6/14
to securit...@googlegroups.com
Hi tbaror,
You can visualize pfSense firewall logs in ELSA. Here's a rough
outline of what you'll need to do:
- Grab the appropriate pf-log-oneline-option patch for your version of
pfSense from here:
http://files.pfsense.org/jimp/patches/
- Apply the patch in pfSense.
- Go to the the pfSense syslog settings, enable the new one-line
option, configure syslog to forward to your Security Onion box, and
restart syslog.
- Go to your Security Onion box
- Add the pfSense parser from here:
http://www.securitygrit.com/2013/03/pfsense-into-elsa.html
Also see:
https://code.google.com/p/security-onion/wiki/FAQ#Where_do_I_put_my_custom_ELSA_parsers?
- Restart syslog-ng:
sudo service syslog-ng restart
Doug Burks
You can visualize pfSense firewall logs in ELSA. Here's a rough
outline of what you'll need to do:
- Grab the appropriate pf-log-oneline-option patch for your version of
pfSense from here:
http://files.pfsense.org/jimp/patches/
- Apply the patch in pfSense.
- Go to the the pfSense syslog settings, enable the new one-line
option, configure syslog to forward to your Security Onion box, and
restart syslog.
- Go to your Security Onion box
- Add the pfSense parser from here:
http://www.securitygrit.com/2013/03/pfsense-into-elsa.html
Also see:
https://code.google.com/p/security-onion/wiki/FAQ#Where_do_I_put_my_custom_ELSA_parsers?
- Restart syslog-ng:
sudo service syslog-ng restart
> --
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at http://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
Doug Burks
tbaror
Jul 10, 2014, 12:05:43 AM7/10/14
to securit...@googlegroups.com
Thanks Doug
Reply all
Reply to author
Forward
0 new messages