README.md

Welcome to (pfSense/OpnSense) + ELK

You can view installation guide guide on 3ilson.org YouTube Channel.

Prerequisites

• Ubuntu Server v18.04+
• pfSense v2.4.4+ or OPNsense 19.7.4+

Preparation

1. Add Oracle Java Repository

sudo add-apt-repository ppa:linuxuprising/java

2. Add Maxmind Repository

sudo add-apt-repository ppa:maxmind/ppa

3. Download and install the public GPG signing key

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -

4. Download and install apt-transport-https package

sudo apt-get install apt-transport-https

5. Add Elasticsearch|Logstash|Kibana Repositories (version 7+)

echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list

6. Update

sudo apt-get update

7. Install Java 12

sudo apt-get install oracle-java12-installer

8. Install Maxmind

sudo apt install geoipupdate

9. Configure Maxmind

sudo nano /etc/GeoIP.conf

• Append line 25 as follows:

EditionIDs GeoLite2-City GeoLite2-Country GeoLite2-ASN

8. Download Maxmind Databases

sudo geoipupdate

9. Add cron (automatically updates Maxmind everyweek on Sunday at 1700hrs)

sudo nano /etc/cron.weekly/geoipupdate

• Add the following and save/exit

00 17 * * 0 geoipupdate

Install

• Elasticsearch v7+ | Kibana v7+ | Logstash v7+

10. Install Elasticsearch|Kibana|Logstash

sudo apt-get install elasticsearch && sudo apt-get install kibana && sudo apt-get install logstash

Configure Kibana|v7+

11. Configure Kibana

sudo nano /etc/kibana/kibana.yml

12. Amend host file (/etc/kibana/kibana.yml)