Processing SYSLOG from UNTANGLE

breakandinspect · May 10, 2017, 7:17pm

Hey All – i am new to GrayLog, but not to SIEMs, ie: Splunk, LogRhythm, standard ELK, etc.
I was wondering if anyone might be working on a plugin to better process/intercept data coming from an Untangle FW?

right now, the Untangle logs are being processing as separate LogSource sources, for example, general logs are coming in as “LOCALHOST” (and not the hostname of the system) but the IDS/IPS process running on Untangle reports as “FILTERLOG:” (which is the process name), additionally some logs are being parsed as “…class” or “…lass” or some other shortening. (seems like a processing bug).

Graylog sees all these as separate sources, when in reality they are not.

Any/All help is appreciated.

breakandinspect · May 10, 2017, 7:28pm

also, i downloaded this: https://marketplace.graylog.org/addons?search=untangle
and it does not seem to work

breakandinspect · May 10, 2017, 7:31pm

nevermind, switched the dPort and the plugin now works.

system · May 24, 2017, 7:44pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog with Untangle Graylog Add-ons	5	1288	June 17, 2021
Help with creating input for log ingestion - Untangle Router Graylog Central (peer support)	2	612	November 30, 2021
Pfsense logs to graylogs Graylog Central (peer support)	4	7626	March 14, 2017
Source coming in as IP address and not resolved DNS name Graylog Central (peer support)	15	6205	April 22, 2019
Problem - unprocessed messages Graylog Central (peer support)	4	732	November 14, 2019

Processing SYSLOG from UNTANGLE

Related Topics