Cisco FirePOWER GROK Extractors for Graylog

dscryber · March 15, 2022, 11:17pm

Cisco FirePOWER GROK Extractors for Graylog

@mrjohnson1024

UPDATED 10/6/2017: Added more lines to include various formats for web traffic detection. Seems to catch all HTTP/HTTPS now.

My first attempt at making an extractor for Graylog.

Tested and (mostly) working, probably horribly inefficient, but working well in our small, 1-firewall environment on FirePOWER version 6.1.0-330, and from what I gather, different versions can be problematic since the extractors that were already posted up on GitHub weren’t working for me and were built on a slightly older 6.x version.

Open to comments, criticism, etc. I’m a network admin, not a developer.

For those new to Graylog and working with Grok/extractors, just download the .JSON file and import it into Graylog using a “Raw/Plaintext UDP” Input for FirePOWER. Point your FirePOWER syslogs to your Graylog server IP:port.

Topic		Replies	Views
Cisco Firepower Management Center syslog decoding Graylog Central (peer support)	5	3594	July 24, 2017
Dell SonicWall Firewall Content Pack content-pack	9	3599	May 31, 2023
pfSense Extractor - Sept 2022 Graylog Add-ons	4	1929	October 14, 2022
Networking Extractor Addons (ie: Untangle, Symantec, Infoblox, etc) Other Solutions other_solutions	0	1612	March 24, 2022
Grok pattern for proxmox firewall logs asking for advice Graylog Central (peer support)	3	604	January 18, 2023

Cisco FirePOWER GROK Extractors for Graylog

Cisco FirePOWER GROK Extractors for Graylog

Related Topics