UDM Pro setup with parsing logs

bigmikey00 · October 31, 2021, 2:26am

I am extremly new to Graylog.
I have went through most of the documentation and have gotten lost in a bind lol. I setup a UDM Pro to log to Graylog with no issues thats working fine. I am now trying to parse the data coming back so its easier to read. i found the following from another user

IN=%{WORD:IN} OUT=%{WORD:OUT} MAC=%{NOTSPACE:MAC} SRC=%{IPV4:SRC} DST=%{IPV4:DST} LEN=%{WORD:LEN} TOS=%{WORD:TOS} PREC=%{WORD:PREC} TTL=%{WORD:TTL} ID=%{WORD:ID} DF PROTO=%{WORD:DF} SPT=%{NUMBER:SPT} DPT=%{NUMBER:DPT}

This doesnt work as per the documentation i have to setup the actual Grok Patterns or something. that part is where i am confused how do i set those up and what information is needed? all i want is a way to see this data cleaner.

thanks for the help

bigmikey00 · October 31, 2021, 2:37am

I actually figured it out. for anyone in the future its as simple as creating the grok itself for example the MAC one shows NOTSPACE that would be a Grok you would have to create to be able in order to use that

system · November 14, 2021, 2:38am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Grok Pattern in Pipelines Graylog Central (peer support)	5	69	October 17, 2024
Basic, basic tutorial Graylog Central (peer support)	1	3289	August 16, 2017
Grok pattern for dd-wrt syslog input Graylog Central (peer support)	4	1325	October 16, 2017
Log Extractor Help Graylog Central (peer support) grok-patternspl	2	573	April 24, 2023
Ntop-NG to Graylog Graylog Central (peer support)	4	616	February 13, 2023

UDM Pro setup with parsing logs

Related topics