Author: James

Elasticstack (ELK) and pfSense Firewall – IP Traffic Statistics with Netflow

Elasticstack (ELK) and pfSense Firewall – IP Traffic Statistics with Netflow

Introduction In Logstash V5.6 a Netflow module was introduced to provide the  collection, normalisation, and visualisation of network flow data. This article, which details the configuration of Elasticstack as a Netflow collector and pfSense as a Netflow exporter, is a follow-on from the previously published articles. Only the previous Part 2 article, which deals with configuring Elasticstack …

+ Read More

Elasticstack (ELK) and pfSense Firewall – Monitoring system performance with Elastic Metricbeats

Elasticstack (ELK) and pfSense Firewall – Monitoring system performance with Elastic Metricbeats

Introduction This is an unexpected article that came about while reviewing the documentation for Elasticbeats (As used for the Elasticstack with pfSense and Suricata series). It covers the implementation on pfSense of Metricbeat, another element of the Elasticbeats package, a tool used for shipping system performance and utilization metrics to Elasticsearch for reporting and monitoring. …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Elasticstack (ELK), Suricata and pfSense Firewall – Part 4: Kibana Visualizations and Dashboards (Pretty Pictures)

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. We have configured the Logstash pipeline to enhance and enrich the data from our Suricata IDPS to enable richer …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Elasticstack (ELK), Suricata and pfSense Firewall – Part 3: Logstash Pipeline Additions – Suricata Alerts

Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. In this part of the series we will look in more depth at the Logstash service, its pipeline and …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Elasticstack (ELK), Suricata and pfSense Firewall – Part 2: Elasticstack Installation and Config

Introduction This is the second article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. This part 2 article covers the installation of the Elastic Stack onto and Ubuntu Server and the configuration of LogStash and Kibana to consume …

+ Read More

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Elasticstack (ELK), Suricata and pfSense Firewall – Part 1: Elasticbeats and pfSense configuration

Introduction This is the first article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. It covers the installation and configuration of Elastic Filebeat on pfSense to ship logs to a remote Ubuntu server running the Elastic Stack. Installation …

+ Read More

Back on the Degree path

Back on the Degree path

Having dropped out of my degree studies when I was 19 due to lack of funds, and then finding myself in the sort of job with the sort of prospects I would have hoped for after graduation I never considered going back – until now! I have embarked on a degree with a view to …

+ Read More