Elastic Integration
pfSense/OPNsense + Elastic Stack
Contents
- Prerequisites
- Key Features
- pfelk overview
- Installation
- Roadmap
- Comparison to similar solutions
- Contributing
- License
Prerequisites
- Ubuntu Server v20.04+ or Debian Server 11+ (stretch and buster tested)
- pfSense v2.5.0+ or OPNsense 23.0+
- Minimum of 8GB of RAM (Docker requires more) and recommend 32GB (WiKi Reference)
- Setting up remote logging (WiKi Reference)
pfelk is a highly customizable open-source tool for ingesting and visualizing your firewall traffic with the full power of Elasticsearch, Logstash and Kibana.
Key features:
-
ingest and enrich your pfSense/OPNsense firewall traffic logs by leveraging Logstash
-
search your indexed data in near-real-time with the full power of the Elasticsearch
-
visualize you network traffic with interactive dashboards, Maps, graphs in Kibana
Supported entries include:
- pfSense/OPNSense setups
- TCP/UDP/ICMP protocols
- DHCP (v4/v6) message types with dashboard
- IPv4/IPv6 mapping
- pfSense CARP data
- openVPN log parsing
- Unbound DNS Resolver with dashboard and Kibana SIEM compliance
- Suricata IDS with dashboard and Kibana SIEM compliance
- Snort IDS with dashboard and Kibana SIEM compliance
- Squid with dashboard and Kibana SIEM compliance
- HAProxy with dashboard
- Captive Portal with dashboard
- NGINX with dashboard
pfelk aims to replace the vanilla pfSense/OPNsense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually.
pfelk overview
Quick start
Installation
docker-compose
- Manual Method or Scripted Installed - Scripted Method Coming Soon
$ docker-compose upGuide (Update Coming Soon
script installation method
- Download installer script from pfelk repository
$ wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/scripts/pfelk-installer.sh- Make script executable
$ chmod +x pfelk-installer.sh- Run installer script
$ sudo ./pfelk-installer.sh- Configure Security here
- Templates here
- Finish Configuring here
manual installation method
Roadmap
This is the experimental public roadmap for the pfelk project.
Comparison to similar solutions
Contributing
Please reference to the CONTRIBUTING file. Collectively we can enhance and improve this product. Issues, feature requests, PRs, and documentation contributions are encouraged and welcomed!
License
This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.