Firewall¶
Key facts¶
- MSG Format based filter
- Legacy BSD Format default port 514
Links¶
| Ref | Link |
|---|---|
| Splunk Add-on | https://splunkbase.splunk.com/app/1527/ |
| Product Manual | https://docs.netgate.com/pfsense/en/latest/monitoring/copying-logs-to-a-remote-host-with-syslog.html?highlight=syslog |
Sourcetypes¶
| sourcetype | notes |
|---|---|
| pfsense:filterlog | None |
| pfsense:* | All programs other than filterlog |
Sourcetype and Index Configuration¶
| key | sourcetype | index | notes |
|---|---|---|---|
| pfsense | pfsense | netops | none |
| pfsense_filterlog | pfsense:filterlog | netfw | none |
Parser Configuration¶
#/opt/sc4s/local/config/app-parsers/app-vps-pfsense_firewall.conf
#File name provided is a suggestion it must be globally unique
application app-vps-test-pfsense_firewall[sc4s-vps] {
filter {
"${HOST}" eq "pfsense_firewall"
};
parser {
p_set_netsource_fields(
vendor('pfsense')
product('firewall')
);
};
};