Welcome to (pfSense/OPNsense) + Elastic Stack
You can view installation guide guide on 3ilson.org YouTube Channel.
Prerequisites
- Ubuntu Server v18.04+ or Debian Server 9+ (stretch and buster are tested)
- pfSense v2.4.4+ or OPNsense 19.7.4+
- The following was tested with Java v11 LTS and Elastic Stack v7.8.0
- Minimum of 4GB of RAM but recommend 32GB
pfelk is a highly customizable open-source tool for ingesting and visualizing your firewall traffic with the full power of Elasticsearch, Logstash and Kibana.
Key features:
-
ingest and enrich your pfSense/OPNsense firewall traffic logs by leveraging Logstash
-
search your indexed data in near-real-time with the full power of the Elasticsearch
-
visualize you network traffic with interactive dashboards, Maps, graphs in Kibana
Supported entries include:
- pfSense/OPNSense setups
- TCP/UDP/ICMP protocols
- DHCP message types
- IPv4/IPv6 mapping
- pfSense CARP data
- openVPN log parsing
- Unbound DNS Resolver
- Suricata IDS with dashboards
- Snort IDS with dashboards
pfelk aims to replace the vanilla pfSense/opnSense web UI with extended search and visualization features. You can deploy this solution via ansible-playbook, docker-compose, bash script, or manually.
Contents
How pfelk works?
Quick start
Installation
ansible-playbook
- Clone the ansible-pfelk repository
$ ansible-playbook -i hosts --ask-become deploy-stack.yml
docker-compose
- Clone the docker-pfelk repository
- Setup MaxMind
$ docker-compose up
manual installation/script - preferred manual method
- Download installer script from pfelk repository
Ubuntu
$ sudo wget https://raw.githubusercontent.com/3ilson/pfelk/master/pfelk-install-1.0.0.sh- Make script executable
$ sudo chmod +x pfelk-install-1.0.0.sh- Run installer script
$ sudo ./pfelk-install-1.0.0.sh- Finish Configuring here
Debian
$ wget https://raw.githubusercontent.com/3ilson/pfelk/master/pfelk-install-1.0.0.sh- Make script executable
$ chmod +x pfelk-install-1.0.0.sh- Run installer script
$ ./pfelk-install-1.0.0.sh- Finish Configuring here
manual installation
Roadmap
This is the experimental public roadmap for the pfelk project.
Comparison to similar solutions
Contributing
Please reference to the CONTRIBUTING.md. Collectively we can enhance and improve this product. Issues, feature requests, pulls, and documentation contributions in are encouraged and welcomed!
License
This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.
