Original Author: Barakat A. B. Abweh Updated by: W. Scott Howard
Version:
- 3.0.0
Supported products:
- pfsense >= 2.5.0
Supported CIM Version:
- >=4.0.0
Supported CIM Datamodels:
- Authentication
- Network Traffic
Sourcetypes:
pfsense:filterlogpfsense:filterdnspfsense:dhcpdpfsense:openvpnpfsense:nginxpfsense:unboundpfsense:snortpfsense:suricatapfsense:*
Add-on contains:
- Search and Parsing-Time configuration
Input requirements:
- This release requires pfsense to send data in syslog format
- Adjust pfsense sed replacements to remove duplicate timestamps / or set
no_appending_timestamp = truein inputs.conf for udp input
- The add-on has to be installed on both indexers & Search Heads
- If data is collected through Intermediate Heavy Forwarders, it has to be installed on Heavy Forwarders, otherwise on indexers
- The add-on expects an initial sourcetype named
pfsense, the sourcetype will be transformed into more specific ones (see sourcetype list) - A sample
inputs.confis provided (default/inputs.conf.sample)
- Compatible with pfsense 23.09.01 or higher (Not tested on older versions)
- 2.0.0 / 2021-07-18