OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Graylog extractor for suricata syslog messages
« previous next »
  • Print
Pages: [1]

Author Topic: Graylog extractor for suricata syslog messages  (Read 4745 times)

deekdeeker

  • Newbie
  • *
  • Posts: 36
  • Karma: 4
    • View Profile
Graylog extractor for suricata syslog messages
« on: April 29, 2019, 12:56:25 am »
Does anyone have a graylog extractor for suricata messages send to syslog? :)
Logged

lfirewall1243

  • Hero Member
  • *****
  • Posts: 1386
  • Karma: 45
    • View Profile
Re: Graylog extractor for suricata syslog messages
« Reply #1 on: July 01, 2019, 08:53:30 am »
i'm looking for it too
Logged
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support

mimugmail

  • Hero Member
  • *****
  • Posts: 6767
  • Karma: 494
    • View Profile
Re: Graylog extractor for suricata syslog messages
« Reply #2 on: July 01, 2019, 09:08:41 am »
19.7 will bring better syslog support, hopefully this will fix this
Logged
WWW: www.routerperformance.net
Support plans: https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German): https://opnsense.max-it.de/

deekdeeker

  • Newbie
  • *
  • Posts: 36
  • Karma: 4
    • View Profile
Re: Graylog extractor for suricata syslog messages
« Reply #3 on: July 10, 2019, 05:55:57 pm »
right now im using this grok pattern to help out.

%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}
Logged

lfirewall1243

  • Hero Member
  • *****
  • Posts: 1386
  • Karma: 45
    • View Profile
Re: Graylog extractor for suricata syslog messages
« Reply #4 on: July 16, 2019, 08:46:13 am »
Quote from: deekdeeker on July 10, 2019, 05:55:57 pm
right now im using this grok pattern to help out.

%{WORD:ips}\[%{NUMBER:UNWANTED}\]: \[%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}:%{NUMBER:UNWANTED}\] %{DATA:description} \[Classification:%{DATA:classification}\] \[Priority: %{NUMBER:priority}\] \{%{WORD:protocol}\} %{IP:src_ip}:%{NUMBER:src_port} \-\> %{IP:dst_ip}:%{NUMBER:dst_port}


Thanks a lot !!! :)
Logged
(Unoffial Community) OPNsense Telegram Group: https://t.me/joinchat/0o9JuLUXRFpiNmJk

PM for paid support
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • Graylog extractor for suricata syslog messages
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2