I am trying to do a specific dashboard based on PFSENSE rules logs, follow stack that I am using:
Pfsense send logs via syslog, the log server have a fluent.d receiving that logs, then send to elastic.
What I am already did:
The Pfsense rules logs already arriving parsed on elasticsearch as I could see on kibana.
What I need to do:
1 - On my pfsense I have a couple of Aliases pointing to ddns addresses(I did this because the source ips of these rules changing a lot)
2 - The rules that are in the logs shows only the ipaddresses not ddns addresses.
3 - I´ve created a script that backuping a pfsense config files, get the ddns addresses, then via dig it´s generate a list with a ddns and your ips.
4 - My problem is, I need crosses this list with logfirewall rules to identify and show only the logs that have a ddns ip from that list, then show the ddns adress not ip.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.