{"id":294,"date":"2020-01-05T22:41:17","date_gmt":"2020-01-05T22:41:17","guid":{"rendered":"http:\/\/snehpatel.com\/?p=294"},"modified":"2020-01-05T22:41:17","modified_gmt":"2020-01-05T22:41:17","slug":"actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence","status":"publish","type":"post","link":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/","title":{"rendered":"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence"},"content":{"rendered":"\n<p>You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today&#8217;s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor any kind of activity that&#8217;s happening on the firewall. There are so many commercial siems available that can be easily integrated with your firewall, but if you are looking for some open source solution here is one.<\/p>\n\n\n\n<p>PFELK, it is an open-source solution for pfsence firewalls. pfsence itself is an ultimate open-source firewall with many premium features that can be found in commercial firewalls.<\/p>\n\n\n\n<p>With pfelk you can do so create the custom visualization as per your needs. For example (from the video link below), with some additional modules you can create visualizations for display from which counties the traffic is coming from or can see top blocked IP trying to access the network and many others.<\/p>\n\n\n\n<p>Being able to actively monitoring the traffic can prevent malicious activity on-the-spot and action can be taken immediately.<\/p>\n\n\n\n<p>The other thing I desire the most is the alerting ability of commercial products. By the way, ELK stack has the alert functionality but in the paid version. But since we are all about the opensource project I got some of the interesting projects which give elk stack the ability to alert you on the specific patterns. <\/p>\n\n\n\n<p>Here are the projects which I will be covering in future posts.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Sentinl<\/li><li>Elastalert<\/li><\/ol>\n\n\n\n<p>Here is a link for official pfelk GitHub: <a href=\"https:\/\/github.com\/a3ilson\/pfelk\/blob\/master\/README.md\">Link<\/a><\/p>\n\n\n\n<p>Refer video for installation and more details: <a href=\"https:\/\/www.youtube.com\/watch?v=of2ymhr9G3I\">Link<\/a><\/p>\n\n\n\n<p>REFERENCES<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/a3ilson\/pfelk\/blob\/master\/README.md\">https:\/\/github.com\/a3ilson\/pfelk\/blob\/master\/README.md<\/a><br><a href=\"https:\/\/www.youtube.com\/watch?v=of2ymhr9G3I\">https:\/\/www.youtube.com\/watch?v=of2ymhr9G3I<\/a><br><a href=\"https:\/\/sematext.com\/blog\/x-pack-alternatives\/\">https:\/\/sematext.com\/blog\/x-pack-alternatives\/<\/a><br><a href=\"https:\/\/forum.netgate.com\/topic\/107735\/elk-pfsense-2-3-working\">https:\/\/forum.netgate.com\/topic\/107735\/elk-pfsense-2-3-working<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today&#8217;s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor &#8230; <a title=\"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence\" class=\"read-more\" href=\"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/\" aria-label=\"Read more about Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[14,15,3,6,8],"tags":[29,35,44,45],"class_list":["post-294","post","type-post","status-publish","format-standard","hentry","category-elk","category-firewall","category-logging","category-opensource","category-siem","tag-elk-stack","tag-logs","tag-pfelk","tag-pfsence"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel\" \/>\n<meta property=\"og:description\" content=\"You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today&#8217;s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor ... Read more\" \/>\n<meta property=\"og:url\" content=\"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/\" \/>\n<meta property=\"og:site_name\" content=\"Sneh Patel\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-05T22:41:17+00:00\" \/>\n<meta name=\"author\" content=\"Sneh Patel\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sneh Patel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/\"},\"author\":{\"name\":\"Sneh Patel\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"headline\":\"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence\",\"datePublished\":\"2020-01-05T22:41:17+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/\"},\"wordCount\":321,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"keywords\":[\"elk stack\",\"logging\",\"pfelk\",\"pfsence\"],\"articleSection\":[\"ELK\",\"Firewall\",\"Logging\",\"opensource\",\"SIEM\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/\",\"name\":\"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\"},\"datePublished\":\"2020-01-05T22:41:17+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/snehpatel.com\\\/index.php\\\/2020\\\/01\\\/05\\\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\\\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#website\",\"url\":\"https:\\\/\\\/snehpatel.com\\\/\",\"name\":\"Sneh Patel\",\"description\":\"Cyber Security Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/snehpatel.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\\\/\\\/snehpatel.com\\\/#\\\/schema\\\/person\\\/a39105bc63f7e11a0e07b12a4c3dda73\",\"name\":\"Sneh Patel\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\",\"width\":672,\"height\":222,\"caption\":\"Sneh Patel\"},\"logo\":{\"@id\":\"https:\\\/\\\/i0.wp.com\\\/snehpatel.com\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1\"},\"sameAs\":[\"http:\\\/\\\/snehpatel.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/","og_locale":"en_US","og_type":"article","og_title":"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel","og_description":"You will notice that this article has something to do with ELK stack AGAIN!!!. ELK stack is so flexible that it can fit into many different use cases. Today&#8217;s use-case of elk stack will be with the firewall. Most firewalls hardly have any kind of dashboard integrated with them, which makes it harder to monitor ... Read more","og_url":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/","og_site_name":"Sneh Patel","article_published_time":"2020-01-05T22:41:17+00:00","author":"Sneh Patel","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sneh Patel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/#article","isPartOf":{"@id":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/"},"author":{"name":"Sneh Patel","@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"headline":"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence","datePublished":"2020-01-05T22:41:17+00:00","mainEntityOfPage":{"@id":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/"},"wordCount":321,"commentCount":0,"publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"keywords":["elk stack","logging","pfelk","pfsence"],"articleSection":["ELK","Firewall","Logging","opensource","SIEM"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/","url":"https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/","name":"Actively monitor pfsence firewall. PFELK: Elastic stack for pfsence - Sneh Patel","isPartOf":{"@id":"https:\/\/snehpatel.com\/#website"},"datePublished":"2020-01-05T22:41:17+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/snehpatel.com\/index.php\/2020\/01\/05\/actively-monitor-pfsence-firewall-pfelk-elastic-stack-for-pfsence\/"]}]},{"@type":"WebSite","@id":"https:\/\/snehpatel.com\/#website","url":"https:\/\/snehpatel.com\/","name":"Sneh Patel","description":"Cyber Security Blog","publisher":{"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/snehpatel.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/snehpatel.com\/#\/schema\/person\/a39105bc63f7e11a0e07b12a4c3dda73","name":"Sneh Patel","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","url":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","contentUrl":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1","width":672,"height":222,"caption":"Sneh Patel"},"logo":{"@id":"https:\/\/i0.wp.com\/snehpatel.com\/wp-content\/uploads\/2020\/09\/cropped-Slide4-1.jpg?fit=672%2C222&ssl=1"},"sameAs":["http:\/\/snehpatel.com"]}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/294","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/comments?post=294"}],"version-history":[{"count":0,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/posts\/294\/revisions"}],"wp:attachment":[{"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/media?parent=294"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/categories?post=294"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/snehpatel.com\/index.php\/wp-json\/wp\/v2\/tags?post=294"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}