Pfelk Versions Save

pfSense/OPNsense + Elastic Stack

v23.08

8 months ago

What's Changed

pfelk_rule_generator.sh | remove extra content after rule name by @nuggie in https://github.com/pfelk/pfelk/pull/473
fix use of host.name by @nuggie in https://github.com/pfelk/pfelk/pull/492
Update pfelk-kibana-saved-objects.sh by @nuggie in https://github.com/pfelk/pfelk/pull/493
fix usage of source.geo by @nuggie in https://github.com/pfelk/pfelk/pull/494
Updates by @a3ilson in https://github.com/pfelk/pfelk/pull/497
Updates by @a3ilson in https://github.com/pfelk/pfelk/pull/498

New Contributors

@nuggie made their first contribution in https://github.com/pfelk/pfelk/pull/473

Full Changelog: https://github.com/pfelk/pfelk/compare/23.03...v23.08

23.03

1 year ago

22.04

2 years ago

Incorporated default security (elastic) into the pfelk repo. Added more steps and inhibited script from doing a complete installation but it's a simple solution to getting started with OPNsense & pfSense remote logging.

22.01

2 years ago

Data Streams, native ILM support and various tidying (more efficient logging)

20.10

2 years ago

20.3a

3 years ago

Fixed a number of minor happy to glad changes and revised paths from master to main

20.3

3 years ago

Various updates and tweaks. This release was to capture the past several months of revisions. Additionally, the file structure was amended to allow for a more seamless install (docker/host). The pipelines.yml file points to the new conf file location (/etc/pfelk/conf.d) and those wishing to add multiple pipelines (e.g. Wazuh etc..) can now amend the pipelines.yml for additionally pipelines while utilizing the default conf.d folder (doesn't conflict with pfelk).

v6.0

3 years ago

v6.0 2020/10/18 -LOGSTASH

conf files - Removed host filtering (mitigate issues with logs traversing via routers/containers) - Added observer fields for enhanced filtering for multiple firewall setups
grok pattern - Updated to conform to Elastic Common Schema (ECS) and aligned with pfsense Raw Filter Format

-ELASTICSEARCH

templates - Added index settings and mappings - Templates are dependent upon underlying templates
-KIBANA
Visualizations - Updated and aligned with templates
Dashboards - Custom index pattern ID for each major template

v5.5.5

3 years ago

Updated with latest configuration files.

Refined configuration files
Merged Suricata, Snort and Squid within 10-apps.conf
Added haproxy.json and pfelk.json tempaltes

v5.5.0

3 years ago

Updated with latest configuration files.

Supporting Squid
Supporting HAProxy
Enhanced Unbound
Rebuilt Dashboards
Reconfigured Configuration Files For Future Enrichment
Versioning skipped to match pfELK and pfELK Docker