{ "name": "pfsense", "title": "pfSense", "version": "1.25.3", "release": "ga", "description": "Collect logs from pfSense and OPNsense with Elastic Agent.", "type": "integration", "download": "/epr/pfsense/pfsense-1.25.3.zip", "path": "/package/pfsense/1.25.3", "icons": [ { "src": "/img/pfsense.svg", "path": "/package/pfsense/1.25.3/img/pfsense.svg", "title": "pfsense", "size": "512x143", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "community", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "firewall_security", "network_security" ], "signature_path": "/epr/pfsense/pfsense-1.25.3.zip.sig", "format_version": "3.0.3", "readme": "/package/pfsense/1.25.3/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/firewall.png", "path": "/package/pfsense/1.25.3/img/firewall.png", "title": "pfSense Firewall Dashboard", "size": "2993x1646", "type": "image/png" }, { "src": "/img/dhcp.png", "path": "/package/pfsense/1.25.3/img/dhcp.png", "title": "pfSense DHCP Dashboard", "size": "2999x1640", "type": "image/png" }, { "src": "/img/unbound.png", "path": "/package/pfsense/1.25.3/img/unbound.png", "title": "pfSense Unbound Dashboard", "size": "1680x763", "type": "image/png" } ], "assets": [ "/package/pfsense/1.25.3/LICENSE.txt", "/package/pfsense/1.25.3/changelog.yml", "/package/pfsense/1.25.3/manifest.yml", "/package/pfsense/1.25.3/validation.yml", "/package/pfsense/1.25.3/docs/README.md", "/package/pfsense/1.25.3/img/dhcp.png", "/package/pfsense/1.25.3/img/firewall.png", "/package/pfsense/1.25.3/img/pfsense.svg", "/package/pfsense/1.25.3/img/unbound.png", "/package/pfsense/1.25.3/kibana/tags.yml", "/package/pfsense/1.25.3/data_stream/log/manifest.yml", "/package/pfsense/1.25.3/data_stream/log/sample_event.json", "/package/pfsense/1.25.3/kibana/dashboard/pfsense-986061c0-3a9a-11eb-96b2-e765737b7534.json", "/package/pfsense/1.25.3/kibana/dashboard/pfsense-bdb33ee0-3a8e-11eb-96b2-e765737b7534.json", "/package/pfsense/1.25.3/kibana/dashboard/pfsense-c8b42350-3a9c-11eb-96b2-e765737b7534.json", "/package/pfsense/1.25.3/kibana/search/pfsense-22edf800-3a8e-11eb-96b2-e765737b7534.json", "/package/pfsense/1.25.3/kibana/search/pfsense-ec91cf20-3a9c-11eb-96b2-e765737b7534.json", "/package/pfsense/1.25.3/kibana/search/pfsense-f9ed8947-6d26-4497-905f-57d08ee304f4.json", "/package/pfsense/1.25.3/data_stream/log/fields/agent.yml", "/package/pfsense/1.25.3/data_stream/log/fields/base-fields.yml", "/package/pfsense/1.25.3/data_stream/log/fields/ecs.yml", "/package/pfsense/1.25.3/data_stream/log/fields/fields.yml", "/package/pfsense/1.25.3/data_stream/log/agent/stream/tcp.yml.hbs", "/package/pfsense/1.25.3/data_stream/log/agent/stream/udp.yml.hbs", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/default.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/dhcp.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/firewall.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/haproxy.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/ipsec.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/openvpn.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/php-fpm.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/snort.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/squid.yml", "/package/pfsense/1.25.3/data_stream/log/elasticsearch/ingest_pipeline/unbound.yml" ], "policy_templates": [ { "name": "pfsense", "title": "pfSense logs", "description": "Collect logs from pfSense systems", "inputs": [ { "type": "udp", "title": "Collect pfSense logs (input: udp)", "description": "Collecting logs from pfSense systems (input: udp)" }, { "type": "tcp", "title": "Collect pfSense logs (input: tcp)", "description": "Collecting logs from pfSense systems (input: tcp)" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "pfsense.log", "title": "pfSense log logs", "release": "experimental", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "description": "The interface to listen to UDP based syslog traffic. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "description": "The UDP port to listen for syslog traffic. Ports below 1024 require Filebeat to run as root.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_networks", "type": "text", "title": "Internal Networks", "description": "The internal IP subnet(s) of the network.", "multi": true, "required": false, "show_user": true, "default": [ "private" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes (with no timezone) in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\"), abbreviated (e.g. \"EST\") or an HH:mm differential (e.g. \"-05:00\") from UCT.", "multi": false, "required": true, "show_user": true, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "pfsense", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "udp.yml.hbs", "title": "pfSense syslog logs", "description": "Collect pfsense logs using udp input", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "syslog_host", "type": "text", "title": "Syslog Host", "description": "The interface to listen to TCP based syslog traffic. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "syslog_port", "type": "integer", "title": "Syslog Port", "description": "The TCP port to listen for syslog traffic. Ports below 1024 require Filebeat to run as root.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_networks", "type": "text", "title": "Internal Networks", "description": "The internal IP subnet(s) of the network.", "multi": true, "required": false, "show_user": true, "default": [ "private" ] }, { "name": "tz_offset", "type": "text", "title": "Timezone Offset", "description": "By default, datetimes (with no timezone) in the logs will be interpreted as relative to the timezone configured in the host where the agent is running. If ingesting logs from a host on a different timezone, use this field to set the timezone offset so that datetimes are correctly parsed. Acceptable timezone formats are: a canonical ID (e.g. \"Europe/Amsterdam\"), abbreviated (e.g. \"EST\") or an HH:mm differential (e.g. \"-05:00\") from UCT.", "multi": false, "required": true, "show_user": true, "default": "local" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "pfsense", "forwarded" ] }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": true }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "tcp.yml.hbs", "title": "pfSense syslog logs", "description": "Collect pfsense logs using tcp input", "enabled": false, "ingestion_method": "Network Protocol" } ], "package": "pfsense", "path": "log" } ] }