pfelk
docker-elk
Our great sponsors
pfelk | docker-elk | |
---|---|---|
23 | 11 | |
977 | 16,456 | |
2.3% | - | |
9.1 | 7.6 | |
5 days ago | about 1 month ago | |
Shell | Shell | |
GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pfelk
- Logs to LogStash then to Sentinel. Parsing problem.
- PfSense Guide for Viewing Traffic History?
-
Running a private mail server for six years, easy peasy
> So many chinese and russians IPs...
And Korean, and Dutch, I recall significant from Central America.
For anyone interested in what Geo's appear to be attacking you, and is a noob like me: https://github.com/pfelk/pfelk is really cool.
-
PFsense vs Mikrotik
I have been debating in my head whether to keep my current setup (PFsense on an old laptop) or buy a 'proper?' solution, by this I mean specialised hardware. PFsense has had a few issues like randomly dropping out, but it has been fine for around 4 days now. My question is: Should I buy a Mikrotik HEX S and use the laptop for other things, or not buy a Mikrotik and instead buy a Dell Optiplex 3020 from Ebay and run SecurityOnion (https://github.com/Security-Onion-Solutions/securityonion) or pfELK (https://github.com/pfelk/pfelk) on it.
-
Logwatch alternative?
I really like using ELK stack for centralized logging of my home servers. pfelk Is a great jumping off point with plenty of documentation to get you started ingesting logs.
- Rule IDs changing
docker-elk
-
Have an interview that the only thing I’m not familiar with is elastisearch
Here's a quick way to get your hands into an elasticstack using docker-compose: https://github.com/deviantony/docker-elk
-
Logwatch alternative?
I did end up kinda Frankensteining this project and docker-elk. Basically took out the entire etc/pfelk directory from pfelk project and added the pipelines/dashboard/groks etc to docker-elk. This works really will for me since I have several other devices that aren’t OPNSense that I wanted ingested to ELK.
What are some alternatives?
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
pfSense-Dashboard - A functional and useful dashboard for pfSense that utilizes influxdb, grafana and telegraf
HELK - The Hunting ELK
elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
docker-compose-macvlan - Docker-compose macvlan example - container using different IP address than host.
fast-geoip - A faster & low-memory replacement for geoip-lite, a node library that maps IPs to geographical information
securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
ansible-docker-compose-openvpn-secure-centos8 - Ansible Playbook for starting OpenVPN server on CentOS 8
imdb-trakt-sync - Sync IMDb to Trakt
core - OPNsense GUI, API and systems backend
praeco - Elasticsearch alerting made simple.