The latest version of Graylog now includes support for OPNsense log parsing. No need to maintain custom code for parsing and best of all it is available in the Open community version: https://go2docs.graylog.org/illuminate-current/what_is_illuminate/graylog_illuminate.html (https://go2docs.graylog.org/illuminate-current/what_is_illuminate/graylog_illuminate.html)
The only downside I've found is that it is labeled as "pfsense" :)
Good news 8)
Quote from: julsssark on November 09, 2024, 07:52:01 PMThe latest version of Graylog now includes support for OPNsense log parsing. No need to maintain custom code for parsing and best of all it is available in the Open community version: https://go2docs.graylog.org/illuminate-current/what_is_illuminate/graylog_illuminate.html (https://go2docs.graylog.org/illuminate-current/what_is_illuminate/graylog_illuminate.html)
The only downside I've found is that it is labeled as "pfsense" :)
are you sure its avaiable in the opensource version of graylog? Was what I can find, you need for illuminate the Enterprise version of Graylog.
Requirement(s)
Supported versions include Sense CE edition 2.6 and OPNsense 23.1.
Graylog server with a valid Enterprise license running Graylog 5.0.3+.
(https://go2docs.graylog.org/illuminate-current/content_packs/pfsense_firewall_security_content_pack.htm)
See the link from my original post and note: Hint: Graylog Open users must first upgrade their Graylog 6.1+ instance to include the Enterprise plugin before being able to install the Illuminate content hub.