I am attempting to centralize logs from different systems.
I installed the Elastick Stack (Elasticsearch, Logstash, Kibana) and WAZUH OSSEC on one server (named elk).
I have installed the OSSEC agent on three ubuntu server and I am able to check logs and file integrity.
However, how could I also get logs from a pfSense ? I tried installing OSSEC agent by compiling it, but it is not so easy... I was thinking to do it via remote syslog, but it doesn't seem to be working...
On the pfSense Interface -> Status -> System Logs -> Settings I put the address and port of my elk in the remote log server field, and I added this in /var/ossec/etc/ossec.conf of elk :
<remote>
<connection>syslog</connection>
<port>514</port>
<protocol>udp</protocol>
<allowed-ips>192.168.2.0/24</allowed-ips>
<local_ip>192.168.2.4</local_ip>
</remote>
But I don't get any logs of my pfSense when I visualize them with Kibana... Do you know how to make it work?