Help with creating input for log ingestion - Untangle Router

Graylog Server Version - 4.1.7

Hello Forum,

I tried importing these Add-ons into Graylog to help with ingesting log data from my Untangle Security router but both json files failed with messages that the json wasn’t correct. I think these also may be old as my Graylog server is newer at version 4.1.7. How can I check which version of Graylog these add-ons would work?

So I instead found this post here to help me setup an input on Graylog : Graylog with Untangle - #3 by gsmith

For instructions on how to add my Untangle Security Router logs to Graylog. The instructions say to complete the following:

  • On the graylog side make sure you have an input setup for untangle
  • On the input you need to add 2 extractors:

Extractor 1:

  • Select Regex
  • use the following :\s\s+(.*)
  • store field as “json”
  • give it a name

Extractor 2:

  • Select type JSON
  • Keep default values
  • Do not select “flatted values”

My questions are:

What kind of Input do I create? Do I create a UDP input with the following parms:

  • allow_override_date: true
  • bind_address:
  • expand_structured_data: false
  • force_rdns: false
  • number_worker_threads: 6
  • override_source:
  • port: 1514
  • recv_buffer_size: 1048576
  • store_full_message: false

Thank you.

Hi greavette

I suggest you see the link below .

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.