This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hugo_vd_Kooij
Advisor
‎2019-01-09 03:54 AM

pfSense syslog parser

Hi,

I have been tinkering a bit and have basic parser for pfSense syslog events to enrich your SmartCenter with yet another gateway.

It's rather basic at the moment but so far it parses 100% of the events I had over 2 days. (And that is a box in front of a honeypot.)

Install with:

addParsingFile -p pfSense.C -d pfSense_dict.ini

Feel free to test it yourself.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
pfSense.zip
3 Replies
Vladimir
Champion
Champion
‎2019-01-09 05:58 AM

Thank you for sharing a parser!

While I do not have an immediate need for it, I do, on occasion use pFSense to emulate complex networks and it may come handy.

Always wandered why there is no shared repository with custom parsers for 3rd party products available. It seems that SmartEvent is one of the earlier SIEMs, but that it was crippled due to the lack of parsers.

0 Kudos
Hugo_vd_Kooij
Advisor
‎2019-01-11 07:11 AM
In response to Vladimir

Well. I have written 2 now.

Both using a tool so they might be optimized slightly more if I go for hand-to-hand combat.

But there a a bunch out-of-the-box parsers present if you look into the Syslog tree on your SmartCenter.

I am still working on getting email details (Barracuda Email Security Gateway) into the logs. There isn't as much documentation on the subject as I would like to speed up the process.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
Hugo_vd_Kooij
Advisor
‎2019-01-14 06:46 AM

Just created somethin on GitHub for this: GitHub - hvdkooij/syslog2checkpoint 

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top