Greetings to you all,
I have some problems with my graylog server Graylog v3.2.3+a9c061c. I am sending pfsense snort logs from an rsyslog server and they are showing up in graylog. I have created a pipeline and connected it to a stream. The stream has the following rules;
Stream “Snort Alerts”
Rule 1:
message must match regular expression ^\s?[\d+:\d+:\d+].*
Rule 2:
application_name must match exactly snort-alerts
I have also followed this guide; [Pfsense Snort logs not parsing (Resolved) - #4 by hkj] for my setup. When i test a received message against my newly created stream, it fails with the following error. This message would not be routed to this stream and looks like it has issues with #Rule 1. As a result the snort logs are not being parsed and i’m stuck. Please help.