Processing SYSLOG from UNTANGLE

breakandinspect · May 10, 2017, 7:17pm

Hey All – i am new to GrayLog, but not to SIEMs, ie: Splunk, LogRhythm, standard ELK, etc.
I was wondering if anyone might be working on a plugin to better process/intercept data coming from an Untangle FW?

right now, the Untangle logs are being processing as separate LogSource sources, for example, general logs are coming in as “LOCALHOST” (and not the hostname of the system) but the IDS/IPS process running on Untangle reports as “FILTERLOG:” (which is the process name), additionally some logs are being parsed as “…class” or “…lass” or some other shortening. (seems like a processing bug).

Graylog sees all these as separate sources, when in reality they are not.

Any/All help is appreciated.

breakandinspect · May 10, 2017, 7:28pm

also, i downloaded this: https://marketplace.graylog.org/addons?search=untangle
and it does not seem to work

breakandinspect · May 10, 2017, 7:31pm

nevermind, switched the dPort and the plugin now works.

system · May 24, 2017, 7:44pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog with Untangle Graylog Add-ons	5	1433	June 17, 2021
Help with creating input for log ingestion - Untangle Router Graylog Central (peer support)	2	710	November 30, 2021
General Question Making Sense of Data Graylog Central (peer support)	12	593	September 6, 2022
Problem - unprocessed messages Graylog Central (peer support)	4	766	November 14, 2019
GrayLog DNS UNBOUD Help Graylog Central (peer support)	5	557	July 23, 2021

Processing SYSLOG from UNTANGLE

Related topics