Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

A curated list of the most important and useful resources about elasticsearch: articles, videos, blogs, tips and tricks, use cases. All about Elasticsearch!

Stars: ✭ 4,168 (+899.52%)

Mutual labels: logstash, elasticsearch, kibana

ELK-Hunting

Threat Hunting with ELK Workshop (InfoSecWorld 2017)

Stars: ✭ 58 (-86.09%)

Mutual labels: kibana, logstash, elastic

View All Similar Projects ➔

Welcome to (pfSense/OPNsense) + Elastic Stack

Prerequisites
Key Features
How pfelk works?
Installation
Roadmap
Comparison to similar solutions
Contributing
License

Prerequisites

Ubuntu Server v18.04+ or Debian Server 9+ (stretch and buster tested)
pfSense v2.4.4+ or OPNsense 19.7.4+
Minimum of 4GB of RAM but recommend 32GB (WiKi Reference)
Setting up remote logging (WiKi Reference)

pfelk is a highly customizable open-source tool for ingesting and visualizing your firewall traffic with the full power of Elasticsearch, Logstash and Kibana.

Key features:

ingest and enrich your pfSense/OPNsense firewall traffic logs by leveraging Logstash
search your indexed data in near-real-time with the full power of the Elasticsearch
visualize you network traffic with interactive dashboards, Maps, graphs in Kibana

Supported entries include:

pfSense/OPNSense setups
TCP/UDP/ICMP protocols
DHCP message types with dashboard (dhcpdv4)
IPv4/IPv6 mapping
pfSense CARP data
openVPN log parsing
Unbound DNS Resolver with dashboard and Kibana SIEM compliance
Suricata IDS with dashboard and Kibana SIEM compliance
Snort IDS with dashboard and Kibana SIEM compliance
Squid with dashboard and Kibana SIEM compliance
HAProxy with dashboard
Captive Portal with dashboard

pfelk aims to replace the vanilla pfSense/OPNsense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually.

How pfelk works?

Quick start

Installation

ansible-playbook

Clone the ansible-pfelk repository
$ ansible-playbook -i hosts --ask-become deploy-stack.yml

docker-compose

Clone the docker-pfelk repository
Setup MaxMind
$ docker-compose up
Guide

script installation method

Download installer script from pfelk repository
$ wget https://raw.githubusercontent.com/pfelk/pfelk/main/etc/pfelk/scripts/pfelk-installer.sh
Make script executable
$ chmod +x pfelk-installer.sh
Run installer script
$ ./pfelk-installer.sh
Finish Configuring here
Guide

manual installation method

Roadmap

This is the experimental public roadmap for the pfelk project.

See the roadmap »

Comparison to similar solutions

Comparisions »

Contributing

Please reference to the CONTRIBUTING file. Collectively we can enhance and improve this product. Issues, feature requests, PRs, and documentation contributions are encouraged and welcomed!

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 417

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (2) 🔗