Netgate, Network Monitoring, Security Onion n00b

So I’m undertaking some log monitoring and I’m totally n00bing it…Looking for any tutorials or literature on establishing a Security Onion Console; note, in consult with a colleague, I setup VLANs inside my Netgate 4100 with pfSense and that’s the setup I’m working with now as I try to monitor any logs.

I don’t know if having those VLANs will create issues with trying to capture one holistic log file. I’m still learning about my whole network setup, with VLANs and switches, as well. All of this in furtherance of re-establishing a baseline of understanding how to read PCAP, log files, how logs are generated and what they contain, monitored…how to monitor network traffic in real time, and so on.

I am reading the Document section of SO and I’m Googlin and what I am learning is that SO is best served on bare metal for n00bs. I am ultimately trying to pipe Syslog from my pfSense Netgate to a SO Console, and I think I’m best served running it on a beefed up laptop, since I’ve never setup a bare metal server.

Welcome any thoughts, feedback, guidance or resources that folks care to share. Also, with all the new secure boot loading, I’m not sure what laptop hardware would even let me install SO on it these days. Been looking at System76 stuff - pricy, but seems the beefiest of choices.

Because SO works best with multiple NIC interfaces get a used server as it will be much better suited for the job. Then learn how to setup a port tap on the switch to feed SO.