GraySense - Loganalysis with Graylog for OPNSense

[ThetaGamma]

Dear all

After searching a manageble solution for analysing firwall logs on my homegrown OPNSense, I picked up a lot of ideas from the community and build a solution, based on docker containers and graylog, that is supposed to be easy installable with some basic IT Know-How. It could be the starting point for someone not willing to dig deep into elasticsearch or graylog configuration, but to get nice and usable results with minimal effort.

I called the project "GraySense" and the very first version could be found here:

https://gitlab.com/thetagamma11/greysense

Basically it's just a snapshot of a working environment with a compose file and a Graylog ContentPack. The most  further effort will probably go the the README, as this is the crucial part to make it reproducable for starters (like I was some weeks before ;-) )

I'd be happy if you find it useful an would appreciate ramblings, critics, suggestions and commits :-)

Best
Theta

[mimugmail]

Nice idea

[thg0432]

Hey just wanted to add a note on this..  I installed this today to test and had to set the version of graylog to 3.1.2-1 in the compose file.  They changed the entry point in the newer versions to include "tini -- /docker-entrypoint" and i'm not exactly a docker wiz by any means so the simpliest solution appeared to be reverting versions

[thg0432]

welp, nvm i take that back.  was GRAYLOG_HTTP_EXTERNAL_URI= it didn't like...commented that out and updated back to 3.1 stable...working fine

[lfirewall1243]

Very nice project.

But is it possible to show CPU usage, ... in Graylog or only in Zabbix?