thanks man for setting this up and for sharing. I've set this up and all is running however Grafana is not showing any data. Graylog seems fine, I can see the data arriving. I'm using pfSense 2.5 this might be the reason? Any idea? thanks.
Thank you Thank you Thank you! I followed your guide and it is working great. Hope you are able to update the repo with the new getGeo.sh parameters ( the private key ) Appreciate you putting together this video as well as the text guide.
Maxmind changed the way they provide the geo database, so the script gets an error trying to run getGeo.sh which is in /Docker/graylog folder You must create an account on their website and you will get a license key (it is free). Then edit the line in teh getGeo.sh file : download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=YOUR_LICENSE_KEY&suffix=tar.gz Make sure you replace YOUR_LICENSE_KEY with the license from maxmind.
@@austinmurdock8148 asuming you are in the /pfsense-analytics folder, type cd Docker , then cd graylog . It should look like this : /pfsense-analytics/Docker/graylog .Then pico getGeo.sh . Edit , then ctrl+o to write, then ctrl+x to exit/save
Before doing this.. run 'docker system prune -a' to clear the cached WRONG version of the script and when you put in the new URL above make sure to quote it.
May be missing something, but doesn't appear to work. Data is not getting sent over to Grafana. Not sure if it's a timestamp problem since graylog doesn't show any results unless I change query to 8 hours..
Hey lephisto, hab das alles soweit funktionsfähig. Leider funzt die Map nicht so. In deinem Reddit Thread ist im Bild auch Ingress+Egress auf der Map, zeigt bei mir aber nichts an. Ich habe nichts außer pfSense und InfluxDB laufen. Brauche ich da noch was? Vielen Dank!
Are there any extra steps to be able to switch the Timeseries Driver to Influx DB? I've tried and it will bring up an error code saying that it can't find a version of InfluxDB. Did you have to install InfluxDB seperately?
You could create multiple inputs in Graylog and add a tag for each in the Inputdefinition. Sadly the syslog lines from pfSense don't contain some sort of Hostname. However: there is a field called gl2_remote_ip, but this won't work in a container environment since you don't see the real orginating IP in there.
@@lephisto Failed to start Dokcer ... Any clue to fix this "RROR: Service 'graylog' failed to build: The command '/bin/sh -c chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh' returned a non-zero code: 2"
No connection to geolite.maxmind.com/ This causes the error: curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number github.com/lephisto/pfsense-analytics/issues/45 I would be glad for help or ideas on how to get around this problem.
hi i have problem date time in graylog server. we can configure to change the GRAYLOG_TIMEZONE= asia/tashkent in graylog.env but it is not change pls help me
Hello, is anyone experiencing the same issue when running the 5/6 step? `Step 5/6 : RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh ---> Running in b30dbe5bac10 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 20 100 20 0 0 112 0 --:--:-- --:--:-- --:--:-- 112 gzip: stdin: not in gzip format tar: Child returned status 1 tar: Error is not recoverable: exiting now ERROR: Service 'graylog' failed to build: The command '/bin/sh -c chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh' returned a non-zero code: 2` Thanks.
Yes. You need to get the key from Maxmind. There is a free GEO IP subscription. I am stuck nearly at the end. The grafana doesn't come preloaded with anything.
Thank you so much! - I followed around 10 guides trying to get his to work, yours was by far the best and all working !
Thank you! Working like a charm as of Feb 2022 (just make sure you get proper InfluxDB image).
Great video. Nice editing, appropriate background music, to the point. Thank you!
Cool ... Thank you for coming forward with this guide.
Great stuff. Keep being awesome.
thanks man for setting this up and for sharing. I've set this up and all is running however Grafana is not showing any data. Graylog seems fine, I can see the data arriving. I'm using pfSense 2.5 this might be the reason? Any idea? thanks.
Thank you Thank you Thank you! I followed your guide and it is working great. Hope you are able to update the repo with the new getGeo.sh parameters ( the private key ) Appreciate you putting together this video as well as the text guide.
Thank you very much, very usefull !
Maxmind changed the way they provide the geo database, so the script gets an error trying to run getGeo.sh which is in /Docker/graylog folder
You must create an account on their website and you will get a license key (it is free). Then edit the line in teh getGeo.sh file :
download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=YOUR_LICENSE_KEY&suffix=tar.gz
Make sure you replace YOUR_LICENSE_KEY with the license from maxmind.
How are you able to access the getGeo.sh file in order to edit it? New to linux and using github
@@austinmurdock8148 asuming you are in the /pfsense-analytics folder, type cd Docker , then cd graylog . It should look like this : /pfsense-analytics/Docker/graylog .Then pico getGeo.sh . Edit , then ctrl+o to write, then ctrl+x to exit/save
@@CiprianCosmaGTD Is this the URL you are using to sign up: www.maxmind.com/en/geolite2/signup ?
@ciprian hello sir. I have the geolite2-city.mmb .what do I do next?
Before doing this.. run 'docker system prune -a' to clear the cached WRONG version of the script and when you put in the new URL above make sure to quote it.
May be missing something, but doesn't appear to work. Data is not getting sent over to Grafana. Not sure if it's a timestamp problem since graylog doesn't show any results unless I change query to 8 hours..
Hey lephisto, hab das alles soweit funktionsfähig. Leider funzt die Map nicht so. In deinem Reddit Thread ist im Bild auch Ingress+Egress auf der Map, zeigt bei mir aber nichts an. Ich habe nichts außer pfSense und InfluxDB laufen. Brauche ich da noch was? Vielen Dank!
graylog interface won't start, try it on ubuntu 18.04. does anyone else have the same problem found a solution to it?
Are there any extra steps to be able to switch the Timeseries Driver to Influx DB? I've tried and it will bring up an error code saying that it can't find a version of InfluxDB. Did you have to install InfluxDB seperately?
Thank u very much for this guide.
How could i do to monitor several pfsense firewalls??
You could create multiple inputs in Graylog and add a tag for each in the Inputdefinition. Sadly the syslog lines from pfSense don't contain some sort of Hostname. However: there is a field called gl2_remote_ip, but this won't work in a container environment since you don't see the real orginating IP in there.
@@lephisto Failed to start Dokcer ... Any clue to fix this "RROR: Service 'graylog' failed to build: The command '/bin/sh -c chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh' returned a non-zero code: 2"
Thanks, very good guide
No connection to geolite.maxmind.com/
This causes the error:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
github.com/lephisto/pfsense-analytics/issues/45
I would be glad for help or ideas on how to get around this problem.
hi i have problem date time in graylog server. we can configure to change the GRAYLOG_TIMEZONE= asia/tashkent in graylog.env but it is not change pls help me
Asia/Tashkent kotta bilan yozin
Hello,
is anyone experiencing the same issue when running the 5/6 step?
`Step 5/6 : RUN chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh
---> Running in b30dbe5bac10
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 20 100 20 0 0 112 0 --:--:-- --:--:-- --:--:-- 112
gzip: stdin: not in gzip format
tar: Child returned status 1
tar: Error is not recoverable: exiting now
ERROR: Service 'graylog' failed to build: The command '/bin/sh -c chmod +x /etc/graylog/server/getGeo.sh && /etc/graylog/server/getGeo.sh' returned a non-zero code: 2`
Thanks.
Yes. You need to get the key from Maxmind. There is a free GEO IP subscription. I am stuck nearly at the end. The grafana doesn't come preloaded with anything.
Thanks for doing this guide