OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: jclendineng on August 27, 2018, 05:50:45 pm

Title: Remote Log server
Post by: jclendineng on August 27, 2018, 05:50:45 pm

I have the elk stack on a remote server.  I cannot seem to get opnsense to forward traffic to it.  I was able to use barnyard2 with pfsense, do we have a feature that will allow remote log management?

Title: Re: Remote Log server
Post by: nines on August 27, 2018, 06:22:16 pm

I've configured remote ips logging to elk via filebeat on opnsense, works great. The last thing I've to find out is how to autostart filebeat on opnsense but the logging functionality works without issues


Gesendet von iPhone mit Tapatalk

Title: Re: Remote Log server
Post by: fabian on August 27, 2018, 07:09:24 pm

You can go to system settings and configure Logstash as a remote syslog server. works good, but not with all logs. If you can use the standard port for OPNsense, just drop this file into your server directory and start your LS instance: https://github.com/fabianfrz/opnsense-logstash-config (requires my filter reader plugin)
 (https://github.com/fabianfrz/opnsense-logstash-config)

Title: Re: Remote Log server
Post by: jclendineng on August 31, 2018, 02:10:19 pm

I am running my instance in docker, Id assume this would only work on a non-docker host.

Title: Re: Remote Log server
Post by: fabian on August 31, 2018, 06:02:43 pm

Docker should not be a problem. In worst case you can build a new image based on the official one with the addition.

Title: Re: Remote Log server
Post by: jclendineng on October 01, 2018, 08:32:56 pm

I still have not been successful in sending syslogs to my server