Remote Log server

jclendineng · August 27, 2018, 05:50:45 PM

I have the elk stack on a remote server. I cannot seem to get opnsense to forward traffic to it. I was able to use barnyard2 with pfsense, do we have a feature that will allow remote log management?

nines · August 27, 2018, 06:22:16 PM

I've configured remote ips logging to elk via filebeat on opnsense, works great. The last thing I've to find out is how to autostart filebeat on opnsense but the logging functionality works without issues

Gesendet von iPhone mit Tapatalk

fabian · August 27, 2018, 07:09:24 PM

You can go to system settings and configure Logstash as a remote syslog server. works good, but not with all logs. If you can use the standard port for OPNsense, just drop this file into your server directory and start your LS instance: https://github.com/fabianfrz/opnsense-logstash-config (requires my filter reader plugin)

jclendineng · August 31, 2018, 02:10:19 PM

I am running my instance in docker, Id assume this would only work on a non-docker host.

fabian · August 31, 2018, 06:02:43 PM

Docker should not be a problem. In worst case you can build a new image based on the official one with the addition.

jclendineng · October 01, 2018, 08:32:56 PM

I still have not been successful in sending syslogs to my server

Remote Log server

jclendineng

August 27, 2018, 05:50:45 PM

nines

August 27, 2018, 06:22:16 PM #1

fabian

August 27, 2018, 07:09:24 PM #2

jclendineng

August 31, 2018, 02:10:19 PM #3

fabian

August 31, 2018, 06:02:43 PM #4

jclendineng

October 01, 2018, 08:32:56 PM #5