BSD Packet Filter

SamurAI [Local] Collector	SamurAI [Cloud] Collector

This guide describes the steps required to configure packet filter logs from a BSD based appliance to send syslog events to a Samurai Local Collector deployed in your network. This guide will cover the setup process for pfSense and OPNsense firewalls. Similar steps may be used for other BSD based systems.

Connectivity Requirements

Configure OPNsense

Perform the following steps to enable syslog forwarding:

• Log in your OPNsense web interface.
• Naviate to System > Settings > Logging
  • Click on the tab named Remote
• In the Remote tab, click on the + button to add a new remote host.
• Select either TCP(4) or UDP(4) as the transport. TCP is recommended.
• Select filter (filterlog) as Applications.
• Set the field hostname/ip to the IP of your Samurai Local Collector.
• Click on the RFC5424 checkbox
• Click the Save button followed by Apply

Configure pfSense

Follow the vendor documentation to setup a new remote logging destination:

• Remote Logging with Syslog

Adjust the following settings accordingly. If a setting is not mentioned below, proceed with the default value.

• Remote Log Servers: Insert the IP of your Samurai Local Collector
• Remote Syslog Contents: Select Firewall Events

For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the SamurAI MDR portal as we auto detect the vendor and product. The only reason you need to use the SamurAI MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the SamurAI MDR Portal and we shall get it updated.