PFsense integration not working

Rob_wylde · September 6, 2023, 3:27am

I have configured pfsense to send UDP logs to a Linux host with the pfense integration added to the policy. I have confirmed that pfsense is sending logs to the desired destination via nc -ul 9001, and I can see the plaintext messages being sent. netstat -anp | grep 9001 confirms that filebeat is listening, but zero data is sent to my elastic cloud instance v8.9.1. I can also confirm the linux agent is healthy within the fleet management page.

pfSense | Documentation + a few unanswered & closed PFsense integration topics on this forum have been reviewed, but I'm still stumped.

Any suggestions?

ebeahan · September 6, 2023, 8:08pm

In the pfSense integration config, is Syslog Host set to only localhost? By default config has the integration listening only on localhost.

Rob_wylde · September 6, 2023, 8:30pm

This did resolve my issue. Oddly, though the first attempt at setting the Syslog host to 0.0.0.0, the agent stopped listening on 9001 altogether. I had to repeat the process before the agent would start listening on that UDP port again.

Thanks

system · October 4, 2023, 8:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New pfSense integration added to Github, is there's any planned support for Elastic Agent FreeBSD OS? Beats elastic-agent	7	2900	November 20, 2021
Filebeat can't receive log from pfSense Beats filebeat	7	764	June 21, 2020
pfSense Logs integration not working - What am I missing? Logstash integrations	1	438	April 25, 2022
FileBeats Syslog not being sent to Elastic Cloud Beats filebeat , elastic-agent	1	351	February 22, 2022
Help with pfsense integration Kibana	1	443	February 11, 2022

PFsense integration not working

Related topics