syslog (filterlog) format change

Started by utahbmxer, October 15, 2020, 02:36:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2020, 02:36:22 AM
Hi

Noticed today that my Graylog instance wasn't parsing the filterlog events, after looking at my regex I noticed that there appears to be a number in square brackets after filterlog.

used to be like this:
<134>Oct 14 18:28:48 gw.domain.com filterlog: 80,,,0,igb0,match,pass,out....

now it's:
<134>Oct 14 18:28:48 gw.domain.com filterlog[55753]: 80,,,0,igb0,match,pass,out....

This must have changed after 20.1?  Any indication what the number is, my guess is the PID of the pf daemon/service.

Thanks
Print
Go Up Pages1
User actions