pfSense and Elastic Stack

pfSense is a great firewall and Elastic Stack is a great data understanding platform. I finally decided it was a good idea to use them together and see what I can see.

I am working on the write-up, but for now you may find the pfSense logstash configuration file on my github page.

pfSense logstockpile configuration file

In short create a default deny on your WAN interface with logging set. Then enable remote syslog forwarding of “Firewall Events” as content to your logstash syslog collector running the pfSense configuration file I have created.