Giter VIP home page Giter VIP logo

elk's Introduction

elk

Docker Image of ELK stack specific to pfSense

This is an adaptation of Elijah Paul's post Monitoring pfSense (2.1) logs using ELK (ElasticSearch, Logstash, Kibana) http://elijahpaul.co.uk/monitoring-pfsense-2-1-logs-using-elk-logstash-kibana-elasticsearch/

Dockerfile was modified from cyberabis' docker-elkauto: https://registry.hub.docker.com/u/cyberabis/docker-elkauto/

Prerequisites:

Docker / www.docker.com

4 Steps to ELK stack for pfSense

  1. Edit conf/logstash.conf and change the pfSense IP to the IP address of your pfSense firewall, and set the timezone to the appropriate setting.

  2. Build the Docker image (From within the northshorenetworks/elk directory where the Dockerfile lives) sudo docker build -t northshorenetworks/elk .

  3. Run the Docker Image (Modify names/port mappings to suit your needs) sudo docker run -d -v <path to northshore/elk>/conf:/conf --name="northshore-elk" -p 80:80 -p 5140:5140/udp -p 5140:5140 -p 9200:9200 northshorenetworks/elk /elk_start.sh

4a. (Standard UDP logging) Point pfSense logs to elk server Status > System Logs > Settings(tab): Enable Remote logging, and set the Server1 IP to be the ip of the docker host:5140 and make sure you are sending Firewall Events.

4b. (Syslog-ng TCP logging)

Install syslog-ng package

Services > syslog-ng:
	1.	Under General Settings tab, enable the service and set the interface to loopback, keep everything else default.
	2.  Under Advance tab:
		a.	Add a destination object named "elk_dest" with the following parameters: { tcp("<dockerserverip>" port(5140));}; 
		b.	Add a log object named "elk_log" with the following parameters: { source(_DEFAULT); destination(elk_dest); };
	3.  Save the config and verify you have logs showing up in the syslog-ng log viewer.
Point pfSense logs to syslog-ng listener
Status > System Logs > Settings(tab):
	Enable Remote logging, and set the Server1 IP to be 127.0.0.1:5140 and make sure you are sending Firewall Events.

Browse to http://dockerserver

If you are not seeing any logs show up issue the following command to see if logstash is getting them: sudo docker logs northshore-elk

Report any issues to [email protected]

elk's People

Contributors

jamesmr89 avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.