Hi everyone, I’ve been neglecting this blog a little recently as I’m presently studying for two degrees, which has had me a little distracted. But now it’s the summer break I’ve a little time to play with things. After rebuilding my pfSense recently (due to a hardware change) I discovered that my pfSense and ELK …
Introduction In Logstash V5.6 a Netflow module was introduced to provide the collection, normalisation, and visualisation of network flow data. This article, which details the configuration of Elasticstack as a Netflow collector and pfSense as a Netflow exporter, is a follow-on from the previously published articles. Only the previous Part 2 article, which deals with configuring Elasticstack …
Introduction This is an unexpected article that came about while reviewing the documentation for Elasticbeats (As used for the Elasticstack with pfSense and Suricata series). It covers the implementation on pfSense of Metricbeat, another element of the Elasticbeats package, a tool used for shipping system performance and utilization metrics to Elasticsearch for reporting and monitoring. …
Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. We have configured the Logstash pipeline to enhance and enrich the data from our Suricata IDPS to enable richer …
Introduction In previous parts we have configured Elasticstack (Logstash, Elasticsearch and Kibana) on an Ubuntu server instance and the Elasticbeats Filebeats log shipper on a pfSense firewall to ship Suricata IDPS logs to the Elasticstack instance. In this part of the series we will look in more depth at the Logstash service, its pipeline and …
Introduction ** August 2018 – Tutorial Updated for ELK 6.3 ** This is the second article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. This part 2 article covers the installation of the Elastic Stack onto and Ubuntu …
Introduction Updated August 2018 for ELK 6.3.x This is the first article in a series documenting the implementation of reporting using Elastic Stack of log data from the Suricata IDPS running on the Open Source pfSense firewall. It covers the installation and configuration of Elastic Filebeat on pfSense to ship logs to a remote Ubuntu …
Having dropped out of my degree studies when I was 19 due to lack of funds, and then finding myself in the sort of job with the sort of prospects I would have hoped for after graduation I never considered going back – until now! I have embarked on a degree with a view to …