Extractors not working for pfsense

I have imported extractors.json into my input for pfsense just fine, but when you do search the messages are not parsed. I have tried multiple times with different pfsense extractors from the market place and the result is the same. The messages are not parsed.

Graylog 4.3.2

greenmoss pfsense_graylog

Thank you


Can I ask which plugin you using?

Is it possible to show an example of what has been tried and what the messages look like?


I have used:

Thorough extractors for pfsense filter logs

Pfsense extractor for Graylog


the result is the same for all


Do you see anything in Elasticsearch and/or Graylog log files pertaining to this issue?

I didn’t see anything in server.log. I don’t know of any other log to look for extractor messages.

Ok, The message/log from pfsense, test the extractor, does it show any information?

Navigate to the input used, click on “Manage extractors”. Use the message ID & Index number from pfsense logs.


This should give some what an idea what’s going on and maybe show something in Graylog log file.

When troubleshooting, I would look at all the logs just incase. Here is the default file location if need be.

This is hard to troubleshoot with the amount of information given.

Here is Example message:
filterlog[23052]: 113,1770008886,bce1,match,block,in,4,0x20,237,54355,0,none,6,tcp,44,,xx.xx.xx.xx,48568,5249,0,S,1192601897,1024,mss

Here is the regular expression:

When I click on “Try” I get “Regular Expression did not match”. What is wrong here??

Looks like you specifying filterlog in this regex. and I do not see filterlog


EDIT Correction I over looked it, I see it now

I fixed the regular expression. now it is working.
Thank you for your help.

Awesome, Glad to help troubleshoot with ya :+1:

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.