pfSense and Graylog Help

I successfully installed graylog, elasticsearch, and successfully created an index and stream. I am injesting logs from a pfSense instance successfully. I created a custom template, pfsense-custom that has some of the following fields:

“PFSENSE_ICMP_DATA”: { “type”: “keyword” }, “PFSENSE_ICMP_ECHO_REQ_REPLY”: { “type”: “keyword” }, “PFSENSE_ICMP_RESPONSE”: { “type”: “keyword” }, “PFSENSE_ICMP_TYPE”: { “type”: “keyword” }, “PFSENSE_ICMP_UNREACHPORT”: { “type”: “keyword” }, “PFSENSE_IGMP_DATA”: { “type”: "key

The fields show up under graylog/streams/pfsense-logs/fields and I see the messages/logs to the right however, when I try and filter the logs nothing is selected on the right. I assume the mappings are not correct and I have spent a couple of days troubleshooting this issue without success, any suggestions or direction?


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.