Pfsense logs to graylogs

dj077 · March 13, 2017, 8:05pm

Apologies if this has already been asked. Cant seem to find it anywhere.
I am attempting to send pfsense logs to graylogs. This has been logging for the last couple of weeks however the issue I have is the source IP/hostname says filterlogs. Every other server sending logs to graylogs seems to be fine.

Sending pfsense logs to splunk seems to be fine. This has lead me to believe there is something, perhaps a setting, in graylogs that I may have missed. HAs any one come across this at all?
thanks

derPhlipsi · March 14, 2017, 5:40am

Hey @dj077,

take a look here regarding pfsense extractors

It seems that Graylog has some issue with the pfsense syslog format. Actually, is it syslog that pfsense is sending?

Greetings - Phil

hvdkooij · March 14, 2017, 11:30am

I had a look at the parser and it looks to me it is not doing things very smartly.
Based on the protocol descript one could scoop up multiple fields instead of doing the whole regex again and again.

dj077 · March 14, 2017, 12:07pm

Thanks Phil. I will take a look at this a bit more later today. thanks for the pointer

dj077 · March 14, 2017, 12:08pm

Always good to have a helpful community. Thank you

Topic		Replies	Views
pfSense SNORT SYSLOG Log Parsing Graylog Central (peer support)	3	3217	February 24, 2019
Extractors for pfSense Graylog Add-ons	4	5437	July 19, 2017
Pfsense snort, logs not parsing correctly Graylog Central (peer support)	14	2468	December 19, 2018
pfSense Extractor - Sept 2022 Graylog Add-ons	4	2256	October 14, 2022
Pfsense Syslog issue Graylog Central (peer support)	16	3443	June 16, 2020

Pfsense logs to graylogs

Related topics