Error This message would not be routed to this stream

mhondiwa · March 19, 2020, 9:29am

Greetings to you all,

I have some problems with my graylog server Graylog v3.2.3+a9c061c. I am sending pfsense snort logs from an rsyslog server and they are showing up in graylog. I have created a pipeline and connected it to a stream. The stream has the following rules;

Stream “Snort Alerts”

Rule 1:

message must match regular expression ^\s?[\d+:\d+:\d+].*

Rule 2:

application_name must match exactly snort-alerts

I have also followed this guide; [Pfsense Snort logs not parsing (Resolved) - #4 by hkj] for my setup. When i test a received message against my newly created stream, it fails with the following error. This message would not be routed to this stream and looks like it has issues with #Rule 1. As a result the snort logs are not being parsed and i’m stuck. Please help.

system · April 2, 2020, 9:29am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog Pfsense Snort Regex Graylog Central (peer support) pipeline-rules , debuggingpl	1	1047	January 5, 2020
pfSense Pipeline Graylog Central (peer support)	3	1093	April 19, 2019
Parsing Snort Logs w/ Regex Graylog Central (peer support) pipeline-rules	2	1262	June 6, 2020
Messages not routing into stream Graylog Central (peer support) pipeline-rules , route-to-streampl	4	2150	May 25, 2018
pfSense SNORT SYSLOG Log Parsing Graylog Central (peer support)	3	3000	February 24, 2019

Error This message would not be routed to this stream

Stream “Snort Alerts”

Rule 1:

Rule 2:

Related Topics