Filter pfsense Logs in Logstash

Hi erveryone.

I looking for to use ELK-Stack as intrusion decetion system (IDS). i'm new in ELK and it is my first setup of en IDS.

Firewall: pfsense
ELK-Stack Version: 6.8.4
Java-Version: 1.8.0_222-8u222-b10-1ubuntu1~18.04.1-b10

An pfsense Syslog file shows like the following:

Insiede this message there are two IP-adresses. the First one ist the source of the "attack" ant the second one ist the destination, where the hacker want to go. Now i want to Filter the Log, that I'm able to count how many attacks are coming from an address.

If you need some additional informations plese write me. I don't send the actuerl config directly here, because of spam. The ELK-Stack Setup i had done with the following guide:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.