Hi
Noticed today that my Graylog instance wasn't parsing the filterlog events, after looking at my regex I noticed that there appears to be a number in square brackets after filterlog.
used to be like this:
<134>Oct 14 18:28:48 gw.domain.com filterlog: 80,,,0,igb0,match,pass,out....
now it's:
<134>Oct 14 18:28:48 gw.domain.com filterlog[55753]: 80,,,0,igb0,match,pass,out....
This must have changed after 20.1? Any indication what the number is, my guess is the PID of the pf daemon/service.
Thanks