OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [SOLVED] Monitoring OPNsense with Fluentd
« previous next »
  • Print
Pages: [1]

Author Topic: [SOLVED] Monitoring OPNsense with Fluentd  (Read 4743 times)

novecat

  • Newbie
  • *
  • Posts: 6
  • Karma: 1
    • View Profile
[SOLVED] Monitoring OPNsense with Fluentd
« on: March 20, 2018, 10:59:44 am »
Hi All,

I am new to OPNSense and have been using OPNsense in my environment for testing.
I am currently trying to incorporate fluentd to listen to logs and netflow from OPNsense but I must be missing something as it is not working at all at this stage.

The fluentd is installed on a CentOS (192.168.171.100), and it is connected the LAN interface of the OPNSense (192.168.171.1). Both of these are on Oracle VirtualBox VM
All the Firewall rules has been set to allow any any and the logging option under OPNSense has been allowed too (refer to OPNsense)
The CentOS can ping to the LAN interface, no problem

I have tried various sample of Fluentd configuration but nothing works.
There are samples online that I have mix and match but it doesn't work as well.
(refer to Fluentd config)

Unfortunately I could not find an actual tutorial to capture the logs and netflow from OPNsense using fluentd.
If there are any samples I can refer here to make it work, it will be great.

Netflow sample: https://github.com/repeatedly/fluent-plugin-netflow
Syslog sample: https://github.com/Woorank/fluent-plugin-logentries/issues/1
Setting up Fluentd: https://docs.fluentd.org/v0.12/articles/config-file
Fluentd Syslog guide: https://docs.fluentd.org/v0.12/articles/in_syslog
Fluentd UDP guide: https://docs.fluentd.org/v0.12/articles/in_udp

Thanks in advance
« Last Edit: March 31, 2018, 08:07:01 am by novecat »
Logged

novecat

  • Newbie
  • *
  • Posts: 6
  • Karma: 1
    • View Profile
Re: Monitoring OPNsense with Fluentd
« Reply #1 on: March 26, 2018, 04:27:51 am »
Hi all,

I have managed to solve the issue myself after a long struggle

It seems I have to allow the port in CentOS itself to make it work... a newbie mistake I must admit.
Some attachment for your reference.

Hi Moderators,
Good to close this thread.
Logged

elektroinside

  • Hero Member
  • *****
  • Posts: 574
  • Karma: 51
    • View Profile
Re: Monitoring OPNsense with Fluentd
« Reply #2 on: March 26, 2018, 08:34:14 am »
Good to hear you made it work! CentOS has its firewall enabled by default, so you must add exceptions for anything.

Thanks for your feedback. You can just prepend [Solved] to the title yourself, if you'd like.
Logged
OPNsense v18 | HW: Gigabyte Z370N-WIFI, i3-8100, 8GB RAM, 60GB SSD, | Controllers: 82575GB-quad, 82574, I221, I219-V | PPPoE: RDS Romania | Down: 980Mbit/s | Up: 500Mbit/s

Team Rebellion Member

mimugmail

  • Hero Member
  • *****
  • Posts: 6766
  • Karma: 494
    • View Profile
Re: Monitoring OPNsense with Fluentd
« Reply #3 on: March 26, 2018, 08:36:39 am »
I'd love to see some screenshots of sampled Netflow data from OPNsense if you're ready for production :)
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

novecat

  • Newbie
  • *
  • Posts: 6
  • Karma: 1
    • View Profile
Re: [SOLVED] Monitoring OPNsense with Fluentd
« Reply #4 on: March 31, 2018, 08:08:22 am »
I will post up a tutorial once I have completed further testing.
Currently still facing challenge as the output is not being parsed to the format I wanted.

Marking as solved.
Thanks for all your help.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • [SOLVED] Monitoring OPNsense with Fluentd
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2