Give steps , and extractors also.
Syslog is default on pfsense,
You could enable that and sens those logs tot graylog using a syslog input.
Basically extractors are only needed when you want tot extract specific data to monitor on that.
for fortinet and sophos , what needs to be done on graylog and frotinet and sophos.
On Sophos create an output @ System Services >> Log Settings
Look at their documentation for more information like this one:
On Graylog create a syslog input at the default port or one to your likings
How to use Graylog as a Syslog Server.
For Fortigate >> Graylog as a starting point, Fortigate seems buggi, search for topics and solutions on that on this forum:
On sophos firewall what needs to be enabled, can you send the configuration .
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.