Overview

We are providing you with the steps to integrate your PfSense with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log forwarding.

Make sure that the port 514 is allowed from the firewall.

Steps Of Configuration

Step 1. Login to the firewall.

Step2.Go to Status/System logs, where each and every log inside pfSense is collected.

Step 3. Click on the Settings tab and on the page bottom Remote Logging option is located - like in the picture below:

...

VERIFICATION OF CONFIGURATION

Verification can be done either from CCE Server or from UI.

Using UI

STEP 1: Log in to UI >> SYSTEM

...

STEP 2: >> LOGS AND FLOWS COLLECTION STATUS.

...

STEP 3: >>Inside SOURCE DEVICE IP, IP will reflect.

...

Using CCE SERVER

Login to the CCE server as “seceon” user and run the below command

“sudo tcpdump -i any host 514 and host <IP address> -AAA” command should be running on the CCE server to check whether or not we are getting logs.