FreeBSD wazuh agent on pfsense

[Geoff Nordli]

Hi.

Someone wrote up a blog on installing the agent from the FreeBSD package
repositories.

https://benheater.com/integrating-pfsense-with-wazuh/

I am wondering if people have tried this and it is working OK in
production.

This would be great as I have several pfsense devices I would like to
bring into Wazuh.

thanks,

Geoff

[Pablo Ariel Gonzalez]

Hi Geoff:

    It is a pleasure to greet you and you can collaborate in your question. We are aware of clients monitoring production servers with no problems both in on-premise environments and using Wazuh Cloud.

   The article you mention is very interesting and clearly shows the integration possibilities offered by the Wazuh solution. It is important to clarify that in systems where there is not yet a native agent available, you still have 2 possibilities:

     - Use agentless monitoring: this allows you just using an ssh connection to have control of devices that otherwise would not be possible.

     - Install the agent from source: if you can install the agent you can compile it using the source code for it.

  If we can offer you any other type of help, do not hesitate to tell us.

Thanks,

[Geoff Nordli]

Hello Pablo.

I am currently using log shipping with pfsense to wazuh.

I assume using the FreeBSD port would be similar to compiling your own. 

Just wondering if anyone has tried it and can offer some feedback, before I take the plunge.

thanks,

Geoff

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/2d2e1161-b57f-40a9-aabb-ac9c0e8a0b6dn%40googlegroups.com.

[Geoff Nordli]

FYI, I installed it on the current version of pfsense (2.6.0) and so far
things are OK.

Just tweaking things now, like the rootcheck, but that is on another thread.

[Steven Kan]

Great find! I was able to install this, and I'm seeing events in my Wazuh dashboard.

Prior to this I'd been trying to figure out how to push remote syslog from pfsense to wazuh, and although it was making some sort of connection, nothing was getting parsed.

Now that I have the agent installed, can I turn off remote syslog in pfsense?

Also, the benheater instructions have two steps to turn on FreeBSD. Once the agent has been installed, it is ok/recommended/necessary to turn FreeBSD back off? e.g. is the FreeBSD toggle necessary only for pkg installation? Or also for agent execution? 

[Geoff Nordli]

Yes, you won't need the remote syslog anymore.

I didn't turn it it back off, it doesn't affect agent execution. 

It is working well, I pull in all kinds of logs like openvpn and suricata.  Next up is some Zeek integration. 

--

You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/dc95e366-f3d5-4d5f-895e-ec2f24c24e4fn%40googlegroups.com.