Hi @wetsand24
I guess not. The post by @dscryber was to keep the fragments of the former marketplace somehow alive.
My recommendation would be to have a look at the json-files and build the extractors on your own.
I am using Graylog 5 to capture and report on logs from a Sonicwall. The Sonicwall took some tweaking to get it to send the data over Syslog, but once I did get the data flowing, I used pipelines to process the data rather than extractors, because there’s a lot of variability in the messages. Since I was using pipelines, it was easy enough to add processing rules for splitting fields, GeoIP resolution, and whois. Happy to share my pipeline rules if you like.
PS: I was using extractors on Graylog 4 with the Sonicwall, but I had almost 20 and still wasn’t catching all of the different types of messages. IMO, Pipelines are WAY better for Sonicwall.
Thanks, @faen, for your post. It’s always great to see community members sharing peer-to-peer experiences, successes, and “Aha moments!” with others.
Speaking for the community (as I’ll do in this instance because pipelines are ALWAYS of interest here), I invite you to post your rules in our pipeline rules forum. Alternatively, feel free to post a blog article or even a visual presentation. All three of these suggestions are welcome here!
I am running GL open 6.x and set up a bunch of extractors to work with my Sonicwalls. Seems to do okay; GeoIP works too. You just have to pay attention to the order they’re applied.
