I was wondering if it is possible to forward pfsense logs (including snort) to a graylog2 server? And how can this be acomplished?
Asked
Active
Viewed 6,263 times
1 Answers
2
pfSense supports standard syslog, so as long as greylog2 supports syslog, then you're all set. If it doesn't, then you can use logstash as a conduit between syslog and greylog2.
EEAA
- 109,363
- 18
- 175
- 245
-
Thanks. Wel Graylog2 does support syslog. But i am just not sure how i can modify Pfsense to forward the logs? – Daniel Guldberg Aaes Oct 29 '15 at 18:16
-
You don't have to modify pfSense at all - it already has syslog support. Status->System Logs->Settings->Remote Logging Options. – EEAA Oct 30 '15 at 04:34
-
There are extractors for pfsense for graylog: https://nmanzi.com/graylog-extractors-for-pfsense-2-2-filter-logs/ – gm3dmo Jan 21 '16 at 13:07
-
Any way to show "most visited" sites? – kokbira Aug 23 '17 at 18:45