Sonicwall Pipeline Rules

poisedforflight · October 31, 2023, 4:01pm

I am trying to implement these rules one at a time but it does not appear like anything is being done. I am showing 0 messages being processed:

rule "Extract: Sonicwall Extraction"
when
    has_field("source") AND contains(to_string($message.source), "192.168.1.1", true)
then
    set_fields(
        fields:key_value(
            value:to_string($message.message),
            //remove double quotes from keys and values
            trim_value_chars:"\"", 
            trim_key_chars:"\""
            )
        );
end

Screenshot does not show it but it’s tied to the correct stream.

Message from stream:

Topic		Replies	Views
Pfsense firewall Graylog Central (peer support)	2	336	December 9, 2023
Pipeline Not Getting Throughput Graylog Central (peer support)	6	268	November 14, 2023
Unifi syslog, stream, pipline, regex Graylog Central (peer support) pipeline-rules , regex-special-charac	11	1747	January 11, 2023
Pipeline Rule + Regex Graylog Central (peer support) pipeline-rules	5	1520	May 17, 2022
Sonicwall SMA logs Not able to parse values in Pipeline Graylog Central (peer support) pipeline-rules , debuggingpl	3	738	March 22, 2021

Sonicwall Pipeline Rules

Related Topics