Skip to content

shahin203/pfelk

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Version badge Gitter Donate

Star Fork Issues

YouTube

Welcome to (pfSense/OPNsense) + Elastic Stack

pfelk dashboard

Contents

Prerequisites

  • Ubuntu Server v18.04+ or Debian Server 9+ (stretch and buster tested)
  • pfSense v2.4.4+ or OPNsense 19.7.4+
  • The following was tested with Java v11 LTS (Java v13 LTS on Ubuntu) and Elastic Stack v7.10.2
  • Minimum of 4GB of RAM but recommend 32GB (WiKi Reference)
  • Setting up remote logging (WiKi Reference)

pfelk is a highly customizable open-source tool for ingesting and visualizing your firewall traffic with the full power of Elasticsearch, Logstash and Kibana.

Key features:

  • ingest and enrich your pfSense/OPNsense firewall traffic logs by leveraging Logstash

  • search your indexed data in near-real-time with the full power of the Elasticsearch

  • visualize you network traffic with interactive dashboards, Maps, graphs in Kibana

Supported entries include:

  • pfSense/OPNSense setups
  • TCP/UDP/ICMP protocols
  • DHCP message types with dashboard (dhcpdv4)
  • IPv4/IPv6 mapping
  • pfSense CARP data
  • openVPN log parsing
  • Unbound DNS Resolver with dashboard and Kibana SIEM compliance
  • Suricata IDS with dashboard and Kibana SIEM compliance
  • Snort IDS with dashboard and Kibana SIEM compliance
  • Squid with dashboard and Kibana SIEM compliance
  • HAProxy with dashboard
  • Captive Portal with dashboard

pfelk aims to replace the vanilla pfSense/OPNsense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually.

How pfelk works?

  • How pfelk works

Quick start

Installation

ansible-playbook

  • Clone the ansible-pfelk repository
  • $ ansible-playbook -i hosts --ask-become deploy-stack.yml

docker-compose

  • Clone the docker-pfelk repository
  • Setup MaxMind
  • $ docker-compose up
  • YouTube Guide

script installation method

  • Download installer script from pfelk repository
  • $ wget https://raw.githubusercontent.com/pfelk/pfelk/master/pfelk-installer.sh
  • Make script executable
  • $ chmod +x pfelk-installer.sh
  • Run installer script
  • $ ./pfelk-installer.sh
  • Finish Configuring here
  • YouTube Guide

manual installation method

Roadmap

This is the experimental public roadmap for the pfelk project.

See the roadmap »

Comparison to similar solutions

Comparisions »

Contributing

Please reference to the CONTRIBUTING file. Collectively we can enhance and improve this product. Issues, feature requests, PRs, and documentation contributions are encouraged and welcomed!

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

About

pfSense/OPNsense + ELK

Resources

License

Code of conduct

Stars

Watchers

Forks

Packages

No packages published

Languages

  • Shell 94.3%
  • Ruby 5.7%