Grok pattern for sonicwall firewall logs

bkkhatri · September 25, 2019, 3:27pm

can someone help me creating grok pattern for SonicWALL firewall logs?

cawfehman · September 25, 2019, 6:00pm

yes… “someone” can… but you really should just take a sample of the logs, look online for grok tutorials/debuggers and figure it out. You learn more and you can always post specific questions that someone can help with.

Here’s a couple of resources.

http://docs.graylog.org/en/3.1/pages/extractors.html#using-grok-patterns-to-extract-data

https://grokconstructor.appspot.com/

https://grokdebug.herokuapp.com/

g’luck

bkkhatri · September 26, 2019, 7:36pm

Hi Cawfehman

thanks for your reply and info, i really appreciate that, i have below example can you help me creating grok pattern for below line
src=10.0.0.3:53898:X1:win10comp-151

Thank you

cawfehman · September 27, 2019, 1:44am

What are you trying to extract? The IP address? The port? Something else?

bkkhatri · September 30, 2019, 7:09pm

Hi Cawfehman

i was trying to extract all of it as source interface, i was able to achieve it by using src=%{NOTSPACE:SourceInterface}. thanks for your help.

cawfehman · October 1, 2019, 2:26pm

Cool… well done… good luck

system · October 15, 2019, 2:26pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
One complex grok Vs a set of regex extractors Graylog Central (peer support)	5	2116	April 20, 2020
Grok pattern for proxmox firewall logs asking for advice Graylog Central (peer support)	3	821	January 18, 2023
Grok - How to extract substring Graylog Central (peer support)	5	4293	July 23, 2020
Grok pattern from documentation fails to match Graylog Central (peer support)	2	529	September 3, 2018
Netgear Log - Grok Patern Graylog Central (peer support) grok-patternspl	7	765	October 5, 2022

Grok pattern for sonicwall firewall logs

Related topics