pfelk
docker-elk
| pfelk | docker-elk | |
|---|---|---|
| 23 | 11 | |
| 985 | 16,623 | |
| 0.8% | - | |
| 9.1 | 7.5 | |
| 6 days ago | 3 days ago | |
| Shell | Shell | |
| GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pfelk
-
Best way to use my SFF PCs
I understood that OPNsense runs fine with 8GB RAM and a relatively weak CPU, but then I saw this, which provides extended search and visualisation features to help you use the data created by OPNsense, and it recommends 32GB. pfelk/pfelk: pfSense/OPNsense + Elastic Stack (github.com)
-
pfELK won't receive syslog data on port 5140
I've carefully followed the manual Ubuntu setup of pfelk from https://github.com/pfelk/pfelk/tree/main, the instructions are pretty good. I did everything manually except for the dashboards, used the handy script. I've also configured syslog to remote log everything to it, plus unbound data.
- SIEM or Dashboards
- Logs to LogStash then to Sentinel. Parsing problem.
-
i'm looking for an PFsense app that i Can use it with splunk, i find only one but it miss Many options
I've been using pfElk. You could probably use some of the parsers from there to parse things yourself in Splunk.
-
My growing homelab, CS student in Germany
On the left is a Kibana dashboard, showing information from the firewall (blocks/passes, connection type, etc). I use pfelk and customised the dashboard and the indexing a bit to suit my needs.
- PfSense Guide for Viewing Traffic History?
-
Running a private mail server for six years, easy peasy
> So many chinese and russians IPs...
And Korean, and Dutch, I recall significant from Central America.
For anyone interested in what Geo's appear to be attacking you, and is a noob like me: https://github.com/pfelk/pfelk is really cool.
- How to best visualize Suricata alerts in pfsense
docker-elk
-
Can't use ELK with Docker Compose
Hello everyone! I am trying to get started with ELK and I am facing a very frustrating situation. I am trying to use the stack with Docker Compose. I have tried 2 versions: https://github.com/deviantony/docker-elk and also https://www.elastic.co/blog/getting-started-with-the-elastic-stack-and-docker-compose but they both have the same problem. I inspected the Docker container logs and I get some weird errors:
-
Having difficulty setting up basic syslog reception on elk cluster.
The waters are further muddied since I started out trying to spin up a docker instance https://github.com/deviantony/docker-elk but I found the config for docker is setup with a different layout, for example with logstash there is no conf.d directory, and pipelines are layed out differently, making it more challenging to use web examples. Overall I've tried many config examples and all have failed.
-
Stacks issue
This is the github project conainer I'm trying to create a stack with: https://github.com/deviantony/docker-elk
- FWG/FWP logs
-
Have an interview that the only thing I’m not familiar with is elastisearch
Here's a quick way to get your hands into an elasticstack using docker-compose: https://github.com/deviantony/docker-elk
-
Why does logstash keep adding event data to the ingested logs?
Essentially I've got 2 sets of standard JSON files that I'm trying to ingest into a dockerized ELK stack. The first set was downloaded cloudflare logs, standard line separated JSON data, tried to use Filebeat to ingest and it kept prefixing the JSON data with some dumb ECS event data, basically exactly what this post describes if its easier to see in pics. All of the cloudflare data was nested within the event.original field and would not get mapped. But once I tried to use just logstash directly, it was fine and mapped correctly and no more event data.
-
problem into logstash data ingestion
i use the elk into the docker,using the docker-elk compose , the logstash logs shows that it is reciving the logs:
-
I have OSSEC installed and I want software to monitor the logs. I am not sure the best way to do this. [homelab]
It depends on what you want to get out of visualizing your logs. I use the combination of Elastic + Logstash + Kibana (ELK Stack) on docker to visualize things like
- Thanks for all YOUR help, WiFi is finally working flawlessly in our full stack Fortinet network.
-
Logwatch alternative?
I did end up kinda Frankensteining this project and docker-elk. Basically took out the entire etc/pfelk directory from pfelk project and added the pipelines/dashboard/groks etc to docker-elk. This works really will for me since I have several other devices that aren’t OPNSense that I wanted ingested to ELK.
What are some alternatives?
ElastiFlow - Network flow analytics (Netflow, sFlow and IPFIX) with the Elastic Stack
elastdocker - 🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
pfSense-Dashboard - A functional and useful dashboard for pfSense that utilizes influxdb, grafana and telegraf
imdb-trakt-sync - Sync IMDb to Trakt
HELK - The Hunting ELK
praeco - Elasticsearch alerting made simple.
docker-compose-macvlan - Docker-compose macvlan example - container using different IP address than host.
fast-geoip - A faster & low-memory replacement for geoip-lite, a node library that maps IPs to geographical information
ansible-unifi
securityonion - Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It includes our own interfaces for alerting, dashboards, hunting, PCAP, and case management. It also includes other tools such as Playbook, osquery, CyberChef, Elasticsearch, Logstash, Kibana, Suricata, and Zeek.
drawio-export - Export Draw.io diagrams using docker