A Chatbot for pfSense Firewall Logs

30 Dec 2020

A side project I have been working on is a chat bot to stream pfSense firewall logs to a central chat server so I can view them without needing to log into the web interface. I am using Errbot, a Python chatbot framework. Errbot separates the backend chat server backend code from your bot functionality. This lets you write a bot and have it work for multiple backends (IRC, Slack, Mattermost, etc.). Bot functionality is implemented using a plugin API so it’s relatively easy to share your bot’s functionality with others. It’s surprisingly fun to write chatbots that you and your friends/coworkers can interact with.

Github link: https://github.com/austinkeeley/err-pfsense

To install, either clone the project into the Errbot plugins directory or run the bot command

!repos install https://github.com/austinkeeley/err-pfsense.git

Configure the bot to point to your pfsense syslog file and where to stream the messages (the default identifier) – this depends on your backend. For IRC, it’s a channel name.

!plugin config pfsense {'LOG_FILE': '/path/to/your/logfile', 'DEFAULT_IDENTIFIER_STR': '#bots' }

After it’s configured, start reading the logs with the bot command

!start log

Features:

Supports the firewall and the DHCP log events
Reverse DNS lookup to turn IP addresses in the logs into hostnames automatically
MAC address vendor lookup for DHCP logs

Espresso Ninja

A Chatbot for pfSense Firewall Logs

Related Posts

Linux Mystery: linux-vdso.so.1 25 Apr 2021

Reverse Engineering FTL: Faster Than Light 29 Oct 2019

Side Project: Entrance Song 21 Mar 2019