I have installed fluent-bit in my local vm
and done configuration as:
[INPUT]
Mode udp
Listen 0.0.0.0
Port 5140
Name syslog
Buffer_Chunk_Size 32000
Buffer_Max_Size 64000
[OUTPUT]
name udp
Host 192.168.15.8
Port 5518
Format json_lines
tls off
tls.verify Off
tls.ca_file /etc/graylog/server/
tls.crt_file /path/to/client_certificate
tls.key_file /path/to/client_certificate_key
I have installed fake sonicwall logs in my windows and given udp with 5140 port and vm ip.
Created graylog input raw/plaintext udp with 5518 port
These are my sonic fake loger
Oct 31 14:53:32 172.21.1.2 SSLVPN: id=sslvpn sn=18B1694D3878 time=2023-10-31 14:53:32 vp_time=2023-10-31 14:53:32 fw=192.168.200.1 pri=5 m=2 c=102 src=82.194.55.86 dst=46.42.102.165 user=“sarahrodriguez” user=“sarahrodriguez” msg=“NetExtender disconnected” duration=243 bytesIn=111879 bytesOut=619359 bytesTotal=731238 packetsIn=569 packetsOut=630 packetsTotal=1199 maxThroughput=144052 avgThroughput=3009 agent=“” Oct 31 14:53:36 172.21.1.2 SSLVPN: id=sslvpn sn=18B1694D3878 time=2023-10-31 14:53:36 vp_time=2023-10-31 14:53:36 fw=192.168.200.1 pri=5 m=2 c=2 src=84.235.97.175 dst=system.myhealth.com user=“sclark” user=“sclark” msg=“User logged out” active=1612 duration=1612 agent=“SonicWALL NetExtender for Windows 8.6.268 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1)”