PFsense integration not working

Rob_wylde · September 6, 2023, 3:27am

I have configured pfsense to send UDP logs to a Linux host with the pfense integration added to the policy. I have confirmed that pfsense is sending logs to the desired destination via nc -ul 9001, and I can see the plaintext messages being sent. netstat -anp | grep 9001 confirms that filebeat is listening, but zero data is sent to my elastic cloud instance v8.9.1. I can also confirm the linux agent is healthy within the fleet management page.

pfSense | Documentation + a few unanswered & closed PFsense integration topics on this forum have been reviewed, but I'm still stumped.

Any suggestions?

ebeahan · September 6, 2023, 8:08pm

In the pfSense integration config, is Syslog Host set to only localhost? By default config has the integration listening only on localhost.

Rob_wylde · September 6, 2023, 8:30pm

This did resolve my issue. Oddly, though the first attempt at setting the Syslog host to 0.0.0.0, the agent stopped listening on 9001 altogether. I had to repeat the process before the agent would start listening on that UDP port again.

Thanks

Topic		Replies	Views
New pfSense integration added to Github, is there's any planned support for Elastic Agent FreeBSD OS? Beats elastic-agent	7	3117	November 20, 2021
Filebeat can't receive log from pfSense Beats filebeat	7	834	June 21, 2020
Need help sending over pfsense syslogs to Elastic Agent (Windows) with Pfsense Integrations Elastic Agent integrations	1	767	July 11, 2023
Is it possible to send pfsense syslogs from firewall to elastic agent on windows 11 home to my discover page? Elasticsearch	1	376	July 26, 2023
pfSense Logs integration not working - What am I missing? Logstash integrations	1	480	April 25, 2022

PFsense integration not working

Related topics