OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: deekdeeker on April 29, 2019, 12:56:25 am
-
Does anyone have a graylog extractor for suricata messages send to syslog? :)
-
i'm looking for it too
-
19.7 will bring better syslog support, hopefully this will fix this
-
right now im using this grok pattern to help out.
%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}
-
right now im using this grok pattern to help out.
%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}
Thanks a lot !!! :)