Grok pattern for sonicwall firewall logs

can someone help me creating grok pattern for SonicWALL firewall logs?

yes… “someone” can… but you really should just take a sample of the logs, look online for grok tutorials/debuggers and figure it out. You learn more and you can always post specific questions that someone can help with.

Here’s a couple of resources.

http://docs.graylog.org/en/3.1/pages/extractors.html#using-grok-patterns-to-extract-data

https://grokconstructor.appspot.com/

https://grokdebug.herokuapp.com/

g’luck

Hi Cawfehman

thanks for your reply and info, i really appreciate that, i have below example can you help me creating grok pattern for below line
src=10.0.0.3:53898:X1:win10comp-151

Thank you

What are you trying to extract? The IP address? The port? Something else?

Hi Cawfehman

i was trying to extract all of it as source interface, i was able to achieve it by using src=%{NOTSPACE:SourceInterface}. thanks for your help.

Cool… well done… good luck

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.