Graylog extractor for suricata syslog messages

Started by deekdeeker, April 29, 2019, 12:56:25 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 29, 2019, 12:56:25 AM
Does anyone have a graylog extractor for suricata messages send to syslog? :)
July 01, 2019, 08:53:30 AM #1
i'm looking for it too
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
July 01, 2019, 09:08:41 AM #2
19.7 will bring better syslog support, hopefully this will fix this
July 10, 2019, 05:55:57 PM #3
right now im using this grok pattern to help out.

%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}
July 16, 2019, 08:46:13 AM #4
Quote from: deekdeeker on July 10, 2019, 05:55:57 PM
right now im using this grok pattern to help out.

%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}


Thanks a lot !!! :)
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
Print
Go Up Pages1
User actions