Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Hugo_vd_Kooij
Advisor

pfSense syslog parser

Hi,

I have been tinkering a bit and have basic parser for pfSense syslog events to enrich your SmartCenter with yet another gateway.

It's rather basic at the moment but so far it parses 100% of the events I had over 2 days. (And that is a box in front of a honeypot.)

Install with:

addParsingFile -p pfSense.C -d pfSense_dict.ini

Feel free to test it yourself.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
3 Replies
Vladimir
Champion
Champion

Thank you for sharing a parser!

While I do not have an immediate need for it, I do, on occasion use pFSense to emulate complex networks and it may come handy.

Always wandered why there is no shared repository with custom parsers for 3rd party products available. It seems that SmartEvent is one of the earlier SIEMs, but that it was crippled due to the lack of parsers.

0 Kudos
Hugo_vd_Kooij
Advisor

Well. I have written 2 now.

Both using a tool so they might be optimized slightly more if I go for hand-to-hand combat.

But there a a bunch out-of-the-box parsers present if you look into the Syslog tree on your SmartCenter.

I am still working on getting email details (Barracuda Email Security Gateway) into the logs. There isn't as much documentation on the subject as I would like to speed up the process.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Hugo_vd_Kooij
Advisor

Just created somethin on GitHub for this: GitHub - hvdkooij/syslog2checkpoint 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events