Skip to content

Illuminate my PFSense Data

What is Illuminate?

Graylog Illuminate provides pre-built content designed with common cybersecurity and log management questions in mind to give you the fast start you need for success. Available with Graylog Operations and Graylog Security, our pre-built content better equips you to monitor and manage challenges that can range from unlocking passwords to hunting for that bad actor that breached your network.

TLDR; Illuminate pasrses logs for you and comes with canned dashboards and events


I Want it

So let's get it enabled. Our labs come with an old version of illuminate installed but not running. Let's update and get it parsing our logs.

  • Open your Graylog instance

  • Navigate to Enterprise -> Illuminate

  • Check off Illuminate x.x.x:pfSense/OPNsense Firewall in the processing packs

    **It should look similar to this**


  • Click Enable Selected

    WITHOUT THIS STEP NOTHING WILL HAPPEN WITH YOUR LOG DATA - Configure the PFSense routing following Graylog Server Configuration for a Specific Input located in our docs page: https://go2docs.graylog.org/5-1/what_more_can_graylog_do_for_me/pfsense_firewall_security_content_pack.htm

    Seriously, did you do it yet?

    Send those logs in again from the Dataset tab!


GO SOLVE SOME CTF FLAGS!

8888888888888888888888888888888888888888888888888888888888888888888888@8888
88888888888888@8@888888888888888888888888@888@888@8888888888@88888888888888
8888888@888888888@8@8@8@88X8@8@8X8@8@8@@88@@@8X@@8X@@@@@@88@8X8X8@888888888
88888@88X888X8X888X8 88X%S88 8 8 8 8 8 8 8 8 8 88S8S8S8S8X8X8X88S8 8 8 8 8 
88@@8X8S8S8%X % 8@S88S  88X88 8S8X@X8@@ 88@8SS8 8S8 88888888888S8 8S8 888 8
88@8S8S8 8 @S88.88.888 88@ X88.;;@XXX8@@88888 888888888888:8S8 8S@8888%888 
@@XX8S88888X%88t888  @8@@88SS 8 8 XSXS8S888%8S 8 8888 88X88 8888888S888X88@
@@X88888888 88X8:XS8SS88@ @88%S8 X8;8.8:8.X8@S88888S888888888888 88888@SS8 
XX 8%8888 8XSt@S8S8X 8888:8X@8 %8%%St8.8 8;8t888888888888888888888888888888
S8S888888@88:8%8@tS@@8888X8:St. 88X8.8 tXS@t88 88888888888888888@888888888:
S 888X8 888 88@St@%: 888 Xt8:S;8:@8t8S8t8%t;88 8888888 8 888888888888888888
S8S88@%888 X8%:%8;8X88@ X8 t8:8S8;8t8tX8@@X888 8888888888888S8@88888@888888
S88@8S8888888 :8 8X.888tX%  :8%8@8X888% tSt%8X88888888 88888888S8 888888888
X8 8 888888888S  88SX8:8.8 8 XS%SS@;S@XS8888t8%88888888S@8888%88888888S8S88
@888888888 8S88S8 88%8:%8tXX8SS88XtS8888888888888888888888888@8888 888888@8
8S88888888888@ :8tS:88@:88.    @SX888 888888888@888%88@888@888@ 88X88888888
8888888888888888S8:%XtS888SX8888888 88 88888888888888888888888888@888888888
8888888888888888S;X@8S8888888 888 88 88888888888888888888888888888888888888
X88888@8@88@8@888t8XXS@888888888888888@8@8888888888888888888888@88888@8888 
S@88@8888X88SX@8t .;888@@8@8888888888888888888888@8888888888888888888888888
888888@888@@8@8@8888888888888888888888888888888888888888888888@8888888888@8
8S8888888888888888  8888@88@888@888888888888888888888888888888888888888888 
8888888888888888888@8888@8888888@888888888888888888888888888888888888888888
@888888888888888888S%888888888@88888@@888888@88888888@@88@88888@88@888888@8
@8888888888888888888888@@@888@@@8@88X88X@888@888@888X8X888888X8@8888@88@888
X88888888@8888@88X88%888X88XSX8888S88X88X8S88S8S88S88S8X8@X888X8X8X8@8X8@8@
S@88X88@88X8X88S88X8 XXS88%8S88S8%8%88S888%8%888%8%%88S8S8X8X888S88S8S88X88
X@8X8S88S88SSX88S88X8@ 8@%888%8t88t8%88%%8%8%8%8%8%8S8%SX88SSXS88XSX88X88X8
XX88X8S8S8S8X8%%X8S888X888%%8t8%8%%S%S%8%8%8%8%%8%8%%X8S8S8S88S8S8X8XS@8XX@
X@888X8SSX8SSS8S8%8S88;.@S88%SS%S8%8S8%%X8%SS8%SX8S8X8S8SSX8X8SX@SX8XXX88@8
@88@88X8X8S8X8SSX8S8X8:%;8S8S8S8S8S8SSX8SSX8SS@8SSX8SSX8X8XSXS@S8@8X@88@888
@888@88@@@X@8S8X8SX@88;t %88X8S8SXX8X8X8X8X8X8X8X8XX@X8XX88@8888@@888888888
@8888@@88@88X@@8XX88S88 X ;88X@@8@X@X8X@8X@88@@88@88@@8@8@888@8888888888888