Skip to content

[pfsense] update pfsense docs #15969

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

[pfsense] update pfsense docs #15969

wants to merge 4 commits into from

Conversation

@vinit-chauhan
Copy link
Contributor

@vinit-chauhan vinit-chauhan commented Nov 13, 2025

Proposed commit message

Update readme for PfSense

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
  • I have verified that any added dashboard complies with Kibana's Dashboard good practices

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Screenshots

image

@vinit-chauhan vinit-chauhan requested a review from a team as a code owner November 13, 2025 18:08
@vinit-chauhan vinit-chauhan added documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:pfsense pfSense (Community supported) Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience] labels Nov 13, 2025
@elasticmachine
Copy link

elasticmachine commented Nov 13, 2025

Pinging @elastic/integration-experience (Team:Integration-Experience)

@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Nov 13, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

mjwolf
mjwolf reviewed Nov 13, 2025
View reviewed changes
Copy link
Contributor

@mjwolf mjwolf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add a service_info file for this as well?

packages/pfsense/_dev/build/docs/README.md Outdated
# pfSense Integration for Elastic

## Overview
The pfSense integration for Elastic enables the collection of logs from pfSense and OPNsense firewalls. It parses logs received over the network via syslog (UDP, TCP, or TLS), providing visibility into network traffic, security events, and system health.
Copy link
Contributor

@mjwolf mjwolf Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(UDP, TCP, or TLS) - TLS isn't a transport, this should probably change to (UDP or TCP) or UDP or TCP, using TLS

packages/pfsense/_dev/build/docs/README.md Outdated
1. On a host connected to the pfSense network, generate traffic that will trigger a firewall log event. For example, attempt a connection that you know will be blocked by a firewall rule.
2. Check the pfSense system logs to confirm that new event data is being written. In the pfSense web interface, navigate to **Status > System Logs > Firewall**.
3. In Kibana, navigate to the **Discover** tab or open the pre-built **Firewall - Dashboard [pfSense]** dashboard.
4. Filter for pfSense data by using the KQL query `event.dataset : "pfsense.log"`.
Copy link
Contributor

@mjwolf mjwolf Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could be a bit confusing, you don't need to filter, if you choose to open the dashboard

Copy link
Contributor Author

@vinit-chauhan vinit-chauhan Nov 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In step 3 it says Navigate to discover or Open dashboard. If user opens discover then they have to add the query. And for dashboards, I think the query would most likely be there or adding it won't change anything.

@vinit-chauhan
Copy link
Contributor Author

vinit-chauhan commented Nov 14, 2025

Could you add a service_info file for this as well?

I did not use service_info.md for this because we support 2 different products in this integration so when I added service info file it get confused and would either mix things up or favour one product over other.
Moreover, the existing README is already quite good in terms of setup steps and other information that the LLM can directly work off of it.

@elasticmachine
Copy link

elasticmachine commented Nov 19, 2025

💚 Build Succeeded

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjwolf mjwolf mjwolf approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation. Applied to PRs that modify *.md files. enhancement New feature or request Integration:pfsense pfSense (Community supported) Team:Integration-Experience Security Integrations Integration Experience [elastic/integration-experience]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vinit-chauhan @elasticmachine @mjwolf