Filter pfsense Logs in Logstash

Hi erveryone.

I looking for to use ELK-Stack as intrusion decetion system (IDS). i'm new in ELK and it is my first setup of en IDS.

Our-Setup:
Firewall: pfsense
ELK-Stack Version: 6.8.4
Java-Version: 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10

An pfsense Syslog file shows like the following:
5,16777216,,1000000103,igb1,match,block,in,4,0x10,,128,0,0,none,17,udp,328,198.51.100.1,198.51.100.2,67,68,308

Insiede this message there are two IP-adresses. the First one ist the source of the "attack" ant the second one ist the destination, where the hacker want to go. Now i want to Filter the Log, that I'm able to count how many attacks are coming from an address.

If you need some additional informations plese write me. I don't send the actuerl config directly here, because of spam. The ELK-Stack Setup i had done with the following guide:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.