Sending the Firewall Purple logs to SIEM
Hi Firewall Community,
I have a Splunk environment where i have been centralized all the logs belongs to network devices. Prior to purchase the Firewall purple i was running the PfSense firewall on Esxi. Previously I have created the customized dashboard on splunk for pfsense via syslogs from pfsense.
Is there any method to get the syslogs from firewalla purple to achieve the similar result from pfsense?
Thank you.
Jesu
-
Firewalla runs linux, so syslog can be accessed https://help.firewalla.com/hc/en-us/articles/115004397274-How-to-access-Firewalla-using-SSH
Not everything inside the firewalla can be pushed to syslogs, so you may need API's to query things, see https://help.firewalla.com/hc/en-us/articles/5345330648083-Getting-Started-with-the-Firewalla-MSP-API
-
Take a look at https://help.firewalla.com/hc/en-us/community/posts/360048667694-Log-files?page=2#comments I was able to use rsyslog to sent my logs to a syslog server and then on the server import them into Elastic, but I would assume it would be the same for Splunk.
Please sign in to leave a comment.
Comments
4 comments