OPNSense Extractors

dscryber · March 24, 2022, 4:38pm

OPNSense Extractors

@IRQ10

Extractors for Graylog to parse OPNsense firewall logs. Should be able to parse most all IPv4/IPv6, ICMP, UDP, & TCP messages.

6/21/18 Update to IPv6 ICMP. OPNsense sends “ICMPv6”, remove case insensitive regex for better processing when under heavy load.
8/13/19 Update to support OPNsense message format change.+
6/26/21 Update - Removed some ICMP extractors. Updated to new OPNsense log message format.
12/2/21 Update - Fixed incorrect CSV headers. Removed OPNsense-Unbound_Extractor.

IRQ10 · January 29, 2025, 6:21pm

Note: I posted a few updates to my extractors on GitHub today.

Thanks to github user drheat for contributing IGMP extractors. I did a bit of clean up and standardized some fields afterwards, also added a new one for IPv6 IP traffic that didn’t meet any match criteria I had in the past.

As noted - I get no information from OPNsense, nor do they provide log reference structure any longer. I keep these up to date by observation running these tools, and contributions from others using my extractors that want to make them better. Contributions to my project repo with official OPNsense log reference would be most appreciated.

Topic		Replies	Views
Extractor works in test but not on message Graylog Central (peer support)	6	935	March 3, 2019
Suricata message extrator Graylog Add-ons	2	906	June 26, 2019
Graylog pfSense Extractors Other Solutions other_solutions	0	1172	March 24, 2022
Extractors for pfSense Graylog Add-ons	4	5541	July 19, 2017
Can't manage particular type of log (Extractof don't works) Graylog Central (peer support)	6	910	May 1, 2018

OPNSense Extractors

OPNSense Extractors

Related topics