I searched now for a long time but could not find an answer.
I have the following setup:
- pfSense firewall with remote logging enabled
- RPi with Universal Forwarder installed
- Splunk in the cloud.
- pfSense points to the RPi with Universal Forwarder installed
- pfSense points to its own UDP-port. Like this I can add all the firewall logs to an index.
This works fairly well with one exception: In the search, the host for my pfSense is always the IP address and not the hostname. I tried to default the hostname for my UPD port in inputs.conf with `host=` but this did not solve the problem.
I can ping the hostname from my RPi, so I assume that DNS resolution works as well.
I do not know whether the problem is on the pfSense end or if it's an issue with the universal forwarder, so help is highly appreciated. My assumption is that this is the reason why my home monitor app does not work.
Thank you
Roger
↧