PFSense Snort Logstash

October 27, 2014 less than 1 minute read

I have been working on getting some detailed logging from Snort logs generated through PFSense and thought I would share them. This can also be modified to work with a Snort setup not running on PFSense as well. Can also modify for Suricata if needed.

In order to send your Snort logs you will need an instance of logstash running on your Snort node with the following added to your logstash.conf file. Modify to suit your specific log location.

input {
  file {
    path => "/var/log/snort/alert"
    type => "snort"
    sincedb_path => "/var/log/.snortsincedb"
  }
}

Here are some sample Kibana dashboards.

Screen Shot 2014-10-27 at 10.17.10 AM

Screen Shot 2014-10-27 at 10.17.36 AM

Enjoy!

Twitter Facebook LinkedIn

Comments

Searching for the Source(s) of Truth in Holistic Automation

July 1, 2024
9 minute read

The Source of Truth (SoT) concept has become a cornerstone for achieving holistic automation in the ever-evolving IT and network management landscape. As org...

Transforming IT Operations - The Rise of Infrastructure Automation Consulting

June 29, 2024
6 minute read

As IT environments grow in complexity and scale, efficiently managing these intricate systems has become a critical challenge for many businesses. This is wh...

NFD24 - DriveNets

March 2, 2021
2 minute read

Recently I had the privilege to attend NFD 24 in which DriveNets presented. I had never heard of them until this event. Which I am shaming myself for because...

Larry Smith Jr.

PFSense Snort Logstash

Comments

You May Also Enjoy

We’ve Moved: Welcome to Methodical Cloud

Searching for the Source(s) of Truth in Holistic Automation

Transforming IT Operations - The Rise of Infrastructure Automation Consulting

NFD24 - DriveNets