I am new to Graylog and I would like to use it with our firewall, specially when somebody wants to access blocked sites.
The firewall is producing 2 messages
2017-09-27 14:01:48.000 balance-73ee balance-73ee URL Logging: SSLCERT=www.gamingclub.com SRC=192.168.1.123 DST=126.96.36.199 SNATIP=188.8.131.52 SRCMAC=xx:xx:xx:xx:xx:xx SPT=53358 DPT=443 2017-09-27 14:01:48.000 balance-73ee balance-73ee URL Logging: Domain <www.gamingclub.com> has been blocked by content filter category <ads>
I would like to be able to have an alert that somebody (IP + MAC address) tried to acces the site and has been blocked due to category
But these are in 2 differents messages. Is that possible to make this extract ?
Thanks in advance,