Grok pattern for sonicwall firewall logs

can someone help me creating grok pattern for SonicWALL firewall logs?

yes… “someone” can… but you really should just take a sample of the logs, look online for grok tutorials/debuggers and figure it out. You learn more and you can always post specific questions that someone can help with.

Here’s a couple of resources.


Hi Cawfehman

thanks for your reply and info, i really appreciate that, i have below example can you help me creating grok pattern for below line

Thank you

What are you trying to extract? The IP address? The port? Something else?

Hi Cawfehman

i was trying to extract all of it as source interface, i was able to achieve it by using src=%{NOTSPACE:SourceInterface}. thanks for your help.

Cool… well done… good luck

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.