Pfsense logs to graylogs

dj077 · March 13, 2017, 8:05pm

Apologies if this has already been asked. Cant seem to find it anywhere.
I am attempting to send pfsense logs to graylogs. This has been logging for the last couple of weeks however the issue I have is the source IP/hostname says filterlogs. Every other server sending logs to graylogs seems to be fine.

Sending pfsense logs to splunk seems to be fine. This has lead me to believe there is something, perhaps a setting, in graylogs that I may have missed. HAs any one come across this at all?
thanks

derPhlipsi · March 14, 2017, 5:40am

Hey @dj077,

take a look here regarding pfsense extractors

It seems that Graylog has some issue with the pfsense syslog format. Actually, is it syslog that pfsense is sending?

Greetings - Phil

hvdkooij · March 14, 2017, 11:30am

I had a look at the parser and it looks to me it is not doing things very smartly.
Based on the protocol descript one could scoop up multiple fields instead of doing the whole regex again and again.

dj077 · March 14, 2017, 12:07pm

Thanks Phil. I will take a look at this a bit more later today. thanks for the pointer

dj077 · March 14, 2017, 12:08pm

Always good to have a helpful community. Thank you

Topic		Replies	Views
Extractors for pfSense Graylog Add-ons	4	5237	July 19, 2017
Pfsense snort, logs not parsing correctly Graylog Central (peer support)	14	2293	December 19, 2018
pfSense Extractor - Sept 2022 Graylog Add-ons	4	1890	October 14, 2022
Pfsense Syslog issue Graylog Central (peer support)	16	3213	June 16, 2020
How to collect logs from non-rfc5424 protocol Graylog Central (peer support) basic-configuration	3	405	May 14, 2022

Pfsense logs to graylogs

Related Topics