How to ingest OpenVPN Logs

Hi All

I’ve started sending OpenVPN logs (Rsyslog) to Graylog but I am struggling to parse the information into something worth viewing. As anyone worked with OpenVPN? In particular, the logs related to a single connection are spread out across multiple lines in Rsyslog on the server and thus multiple log entries in Graylog.

Any help would be appreciated

Is it possible to post a few lines of the logs (anonymized as you see fit)?

Logstash has some options around processing logs where the relevant data is not all on a single line, and that can be fed directly into Graylog.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.