I have configured pfsense to send UDP logs to a Linux host with the pfense integration added to the policy. I have confirmed that pfsense is sending logs to the desired destination via nc -ul 9001, and I can see the plaintext messages being sent. netstat -anp | grep 9001 confirms that filebeat is listening, but zero data is sent to my elastic cloud instance v8.9.1. I can also confirm the linux agent is healthy within the fleet management page.
pfSense | Documentation + a few unanswered & closed PFsense integration topics on this forum have been reviewed, but I'm still stumped.
This did resolve my issue. Oddly, though the first attempt at setting the Syslog host to 0.0.0.0, the agent stopped listening on 9001 altogether. I had to repeat the process before the agent would start listening on that UDP port again.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
