Good day everyone, I would really appreciate some suggestions/advice from more experienced users regarding a possible opensource IPS/IDS solution using OpenBSD 7.1 operating system. In short, I need to be able to have a runing IPS on openbsd to go deep and inspect for example TCP packets port 80 http and have some rules to decide in-line if packets would be allowed/blocked also in addition ideally if possible to be able to analyze packets later and review/introduce new rules.
During my research I found the following possible solution that could partially fit my needs but i would really appreciate if you can offer me an advice regarding this or other possible solution that I am not aware of. I found Suricata/Snort as an IPS/IDS, suricata I understood it would be a better choice. So OpenBSD + PF + Suricata seems to be a nice fit, except the fact that to me would be ideal to centralize the logs and monitoring logs on another machine, to not overload OpenBSD machine with analyzing logs. For this task(analysis and collection) I found ELK stack(beats+elasticsearch+kibana). Now I am not so entuziastic necessarily about this fancy tools, they are not so trusted to me, and it would be even better if there would be a built-in solution of OpenBSD without these tools(or at least to not need to install any agent on openBSD machine to send logs data to another machine where analysis happens. Any suggestions are welcome. Thank you.
