Hi there, I'm looking to see if it's possible to configure pfsense to send its syslogs into the pfsense integrations addin into my elastic agent on my windows 11 home endpoint.
I have managed to set up logging for sysmon on that endpoint with no issues via the Windows integration add in on my elastic agent policy, it sends fine from the win 11 laptop, but regardless of what I do, these pfsense logs will not show up in data streams.
I have configured everything I believe I need, ie: open port 514 on windows endpoint, configure it in pfsense sg1100 , added port forwarding for 514 on pfsense, verified laptop and pfsense firewall can communicate, configured the pfsense integration add in with the ip of the elastic agent, but nothing is going through.
This is a temporary setup mind you , I know a win 11 home laptop isnt a good syslog server , but I'm trying to learn SIEM security and wondering how if this is even possible now. Thanks!