Overview
Blumira’s modern cloud SIEM platform integrates with pfSense firewall to stream security event logs to Blumira. With ready-to-use firewall traffic detection rules, Blumira can help you catch risky connections from public IPs, egress/ingress bulk transfers, and activity related to known threat sources that you may want to block.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Obtain the IP address of your Blumira sensor to use when configuring the external service.
To gather the IP address of the sensor:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Configuring log forwarding
To begin forwarding pfSense logs to Blumira:
- In pfSense, navigate to Status > System Logs > Settings.
- Under Status > System Logs > Log Message Format, select BSD (RFC 3164) if it is not already selected.
- Scroll down to Remote Logging Options at the bottom of the page and complete the following steps:
- In Enable Remote Logging, click the check box next to Send log messages to remote syslog server.
- In the Source Address box, select LAN.
- In the IP Protocol box, select IPv4.
- In the Remote log servers box, type the IP address of your Blumira sensor followed by port 514, as in this example: 192.168.100.1:514.
- In Remote Syslog Contents, click the check box next to Everything.
- Click Save.
Reference: See additional information provided by Netgate in Remote Logging with Syslog.