Hey All – i am new to GrayLog, but not to SIEMs, ie: Splunk, LogRhythm, standard ELK, etc.
I was wondering if anyone might be working on a plugin to better process/intercept data coming from an Untangle FW?
right now, the Untangle logs are being processing as separate LogSource sources, for example, general logs are coming in as “LOCALHOST” (and not the hostname of the system) but the IDS/IPS process running on Untangle reports as “FILTERLOG:” (which is the process name), additionally some logs are being parsed as “…class” or “…lass” or some other shortening. (seems like a processing bug).
Graylog sees all these as separate sources, when in reality they are not.
Any/All help is appreciated.