Using beats in pfsense firewall to get system logs


(Rahul Singh) #1

Hello

I'm using freebsd pfsense 2.4.2, and I want to send system authentication logs to kafka.
So is it possible to install any beats in pfsense and monitor?

Thanks & Regards
Rahul


(Steffen Siering) #2
  1. we don't ship freebsd binaries. You will have to build filebeat yourself
  2. I think by default pfsense uses some kind of circular ring (on disk) to store logs. This can of file format can not be processes by filebeat. Make sure to configure pfsense to use plain old log files.

(Rahul Singh) #3

Hello @steffens

i tried that also but filebeat script is not excecutable in pfsense.
Error:-

  1. [2.4.2-RELEASE][root@ADPfsense]/root/filebeat: ./filebeat -configtest -e
    ELF binary type "0" not known.
    ./filebeat: Exec format error. Binary file not executable.

  2. [2.4.2-RELEASE][root@ADPfsense]/root/filebeat: sh filebeat -configtest -e
    filebeat: 1: Syntax error: "(" unexpected


(Steffen Siering) #4

We don't ship freebsd builds. It fails, because you did try to run a binary build for linux.


(Rahul Singh) #5

Hello @steffens

So is there any way to install filebeat in pfsense? Please give steps in detail.

Thanks


(Steffen Siering) #6

I'm not using FreeBSD, so I can't give you instructions.

Either search for a FreeBSD Port of filebeat, so you can install it with FreeBSD native tools, or you will have to setup a go development environment to build filebeat yourself either on FreeBSD itself or via cross compilation.

@andrewkroh Any idea wether FreeBSD nightly builds are available?


(system) #7

This topic was automatically closed after 21 days. New replies are no longer allowed.