Graylog Server Version - 4.1.7
Hello Forum,
I tried importing these Add-ons into Graylog to help with ingesting log data from my Untangle Security router but both json files failed with messages that the json wasn’t correct. I think these also may be old as my Graylog server is newer at version 4.1.7. How can I check which version of Graylog these add-ons would work?
So I instead found this post here to help me setup an input on Graylog : Graylog with Untangle - #3 by gsmith
For instructions on how to add my Untangle Security Router logs to Graylog. The instructions say to complete the following:
- On the graylog side make sure you have an input setup for untangle
- On the input you need to add 2 extractors:
Extractor 1:
- Select Regex
- use the following
:\s\s+(.*)- store field as “json”
- give it a name
Extractor 2:
- Select type JSON
- Keep default values
- Do not select “flatted values”
My questions are:
What kind of Input do I create? Do I create a UDP input with the following parms:
- allow_override_date: true
- bind_address: 0.0.0.0
- expand_structured_data: false
- force_rdns: false
- number_worker_threads: 6
- override_source:
- port: 1514
- recv_buffer_size: 1048576
- store_full_message: false
Thank you.