Processing SYSLOG from UNTANGLE


(Eric M) #1

Hey All – i am new to GrayLog, but not to SIEMs, ie: Splunk, LogRhythm, standard ELK, etc.
I was wondering if anyone might be working on a plugin to better process/intercept data coming from an Untangle FW?

right now, the Untangle logs are being processing as separate LogSource sources, for example, general logs are coming in as “LOCALHOST” (and not the hostname of the system) but the IDS/IPS process running on Untangle reports as “FILTERLOG:” (which is the process name), additionally some logs are being parsed as “…class” or “…lass” or some other shortening. (seems like a processing bug).

Graylog sees all these as separate sources, when in reality they are not.

Any/All help is appreciated.


(Eric M) #2

also, i downloaded this: https://marketplace.graylog.org/addons?search=untangle
and it does not seem to work


(Eric M) #3

nevermind, switched the dPort and the plugin now works.


(system) #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.