Cisco FirePOWER GROK Extractors for Graylog

dscryber · March 15, 2022, 11:17pm

Cisco FirePOWER GROK Extractors for Graylog

@mrjohnson1024

UPDATED 10/6/2017: Added more lines to include various formats for web traffic detection. Seems to catch all HTTP/HTTPS now.

My first attempt at making an extractor for Graylog.

Tested and (mostly) working, probably horribly inefficient, but working well in our small, 1-firewall environment on FirePOWER version 6.1.0-330, and from what I gather, different versions can be problematic since the extractors that were already posted up on GitHub weren’t working for me and were built on a slightly older 6.x version.

Open to comments, criticism, etc. I’m a network admin, not a developer.

For those new to Graylog and working with Grok/extractors, just download the .JSON file and import it into Graylog using a “Raw/Plaintext UDP” Input for FirePOWER. Point your FirePOWER syslogs to your Graylog server IP:port.

Topic		Replies	Views
Need help with extractor grok pattern Graylog Tech Challenges pipeline-rules	6	1384	May 24, 2022
Cisco Firepower extractors Other Solutions other_solutions	0	1573	March 15, 2022
Cisco Firepower Management Center syslog decoding Graylog Central (peer support)	5	3824	July 24, 2017
Dell SonicWall Firewall Content Pack content-pack	9	4120	May 31, 2023
Cisco ASA Extractors for Graylog Other Solutions other_solutions	0	1475	March 15, 2022

Cisco FirePOWER GROK Extractors for Graylog

Cisco FirePOWER GROK Extractors for Graylog

Related topics