Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/DataConnectors/pfsense
История
dicolanl 9f8f52491e workbook, connector, parsers 2021-03-02 22:23:45 +00:00
..
51-pfsense-filterlog.conf Update 51-pfsense-filterlog.conf 2021-03-02 12:59:01 -08:00
52-pfsense-nginx.conf Update 52-pfsense-nginx.conf 2021-03-02 21:46:42 +00:00
Connector_CommonSecurityLog_pfsense.json workbook, connector, parsers 2021-03-02 22:23:45 +00:00
README.MD workbook, connector, parsers 2021-03-02 22:23:45 +00:00

README.MD

pfSense Data Connecter

Author: Nicholas DiCola

This connector collects filterlog and nginx logs via RSYSLOG and parses them to CEF format so that they are ingested into Azure Sentinel in CommonEventFortmat.

Instructions

  1. Install the CEF collection agent from the Azure Sentinel Data connectors blade.
  2. Download the .conf files to /etc/rsyslog.d/ using the following commands: sudo wget -O /etc/rsyslog.d/51-pfsense-filterlog.conf https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/pfsense/51-pfsense-filterlog.conf sudo wget -O /etc/rsyslog.d/52-pfsense-nginx.conf https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/pfsense/52-pfsense-nginx.conf
  3. Restart rsyslog using the following command systemctl restart rsyslog

There are parsers located here