OPNsense Forum

English Forums => General Discussion => Topic started by: novecat on March 20, 2018, 10:59:44 am

Title: [SOLVED] Monitoring OPNsense with Fluentd
Post by: novecat on March 20, 2018, 10:59:44 am

Hi All,

I am new to OPNSense and have been using OPNsense in my environment for testing.
I am currently trying to incorporate fluentd to listen to logs and netflow from OPNsense but I must be missing something as it is not working at all at this stage.

The fluentd is installed on a CentOS (192.168.171.100), and it is connected the LAN interface of the OPNSense (192.168.171.1). Both of these are on Oracle VirtualBox VM
All the Firewall rules has been set to allow any any and the logging option under OPNSense has been allowed too (refer to OPNsense)
The CentOS can ping to the LAN interface, no problem

I have tried various sample of Fluentd configuration but nothing works.
There are samples online that I have mix and match but it doesn't work as well.
(refer to Fluentd config)

Unfortunately I could not find an actual tutorial to capture the logs and netflow from OPNsense using fluentd.
If there are any samples I can refer here to make it work, it will be great.

Netflow sample: https://github.com/repeatedly/fluent-plugin-netflow
Syslog sample: https://github.com/Woorank/fluent-plugin-logentries/issues/1
Setting up Fluentd: https://docs.fluentd.org/v0.12/articles/config-file
Fluentd Syslog guide: https://docs.fluentd.org/v0.12/articles/in_syslog
Fluentd UDP guide: https://docs.fluentd.org/v0.12/articles/in_udp

Thanks in advance

Title: Re: Monitoring OPNsense with Fluentd
Post by: novecat on March 26, 2018, 04:27:51 am

Hi all,

I have managed to solve the issue myself after a long struggle

It seems I have to allow the port in CentOS itself to make it work... a newbie mistake I must admit.
Some attachment for your reference.

Hi Moderators,
Good to close this thread.

Title: Re: Monitoring OPNsense with Fluentd
Post by: elektroinside on March 26, 2018, 08:34:14 am

Good to hear you made it work! CentOS has its firewall enabled by default, so you must add exceptions for anything.

Thanks for your feedback. You can just prepend [Solved] to the title yourself, if you'd like.

Title: Re: Monitoring OPNsense with Fluentd
Post by: mimugmail on March 26, 2018, 08:36:39 am

I'd love to see some screenshots of sampled Netflow data from OPNsense if you're ready for production :)

Title: Re: [SOLVED] Monitoring OPNsense with Fluentd
Post by: novecat on March 31, 2018, 08:08:22 am

I will post up a tutorial once I have completed further testing.
Currently still facing challenge as the output is not being parsed to the format I wanted.

Marking as solved.
Thanks for all your help.