OPNsense NetFlow and EventLog configuration

pexels-sharon-mccutcheon-1148998

OPNsense is an open-source, FreeBSD-based firewall distro. It provides a modern GUI and numerous plugins. A great plus is its ease of use, in contrast to some other open-source firewalls in the past. Also, OPNsense is a fork of Pfsense (we wrote about Pfsense, so check out that blog post as well - the link is below).

...

pfSense

pfSense is a free network firewall distribution, based on FreeBSD OS and includes numerous third party free software packages intended to expand firewall functionality. pfSense hardware can be installed on common hardware or in the cloud. This variet

Netflow configuration

OPNsense NetFlow configuration is straightforward, and all the configurations are placed on a single page. Just slide to the Reporting/Netflow page on the GUI, where you will find the following parameters that should be set:

Let's go through the fields together:


  1. Listening interfaces - configure interfaces on which NetFlow will listen and send data.
  2. WAN interfaces - remove duplicate flows from NAT.
  3. Capture local - usually this field is used for local, Insight GUI app. Insight is a quick and simple NetFlow Analyzer, although limited to 100MB in size.
  4. Version - you can choose between v5 or v9.
  5. Destinations - it is possible to set multiple destinations that represent NetFlow collectors.
  6. Active and Inactive timeout - these last two options are best to be left to be a default.

Upon setting all the mentioned options and pressing the Apply button, NetFlow packets should start flowing to your NetVizura server.

Eventlog configuration

When it comes to the EventLog configuration, it is also very simple. Go to the System->Settings->Logging/Targets and Add a new Destination, and the next page should appear:

We will cover the options here as well:

  1. Enabled - this field allows you to enable the destination.
  2. Transport - set a message sending protocol.
  3. Applications - select applications from which you want to collect output, or choose every message that OPNsense creates. More than 20 options are available, so this pretty much covers every administrator's need.
  4. Levels - seven usual options are offered, though you can opt-in debug level additionally.
  5. Facilities - the field is similar to Applications one when it comes to the abundance of possibilities it gives. Here you can fine-grain logs you are receiving from applications.
  6. Hostname and Port - simply add the hostname and port of your NetVizura EventLog analyzer.


After one Save and Apply the messages will go from OPNsense to your NetVizura EventLog analyzer.

Palo Alto Active Directory and NetVizura End Users...

Related Posts

By accepting you will be accessing a service provided by a third-party external to https://www.netvizura.com/

Contact

Mailing and Visiting Address:
Soneco d.o.o.
Makenzijeva 24/VI, 11000 Belgrade, Serbia
Phone: +381.11.6356319
Fax: +381.11.2455210
sales@netvizura.com | support@netvizura.com

CONNECT WITH US:

linkedin facebook facebook