OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • logging format
« previous next »
  • Print
Pages: [1]

Author Topic: logging format  (Read 1355 times)

kamaradski

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
logging format
« on: August 13, 2021, 01:51:26 pm »
Hi all,

I'm a long-time user of the *sense products dating all the way back to a dusty m0nowall server in my basement at the time. And I have recently switched to opnsense which is a large breeze of fresh air I must say, if not a storm of fresh air:).

Anyway, with the opnsense fork, I think we now have an environment where we can maybe more openly discuss ideas for the future and are no longer stuck with the roadmap vision of only a few. And this is why i think I shall come out of hiding and make my first post.

One thing I always found to be a large obstacle in the usage of pfsense was that the logs have their very specific native format. This in itself is fine since they take little space on the embedded servers where most of these instances run, i would not want to change that in any way.

However, it would be great that if the log-shipper is used to ship these logs to a logsever of sorts, we would have the option to send these logs in JSON format. Basically enriching the logs in a field:value format that can be parsed by the majority of log-servers out there. I have tried and failed so many times to make the logs useful in native ELK or Nagios logserver, etc...

As a family man and having a busy job that takes way more hours of my life than what I would like, I just don't have the time or energy to write complicated grok-filters or something. There are a few solutions available on the internet but these often require special plugins that one might not be able to install in the solution one is running, or they are so outdated that they stopped working years ago.

I would like to kickstart a discussion on this topic by opening this thread and maybe we can find a good solution that will benefit all of us that use different types of log-servers out there. Or maybe there is already a good solution and I have just overlooked it.

Opinions and ideas are very welcome.
Logged

vermontfarmer

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
Re: logging format
« Reply #1 on: January 26, 2023, 07:24:45 pm »
I would LOVE JSON log format in OPNSense.  I keep checking in every now and then.  I REALLY do not want to do a customer parser......  JSON is self-parsing.
Logged

badsmoke

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
Re: logging format
« Reply #2 on: May 28, 2024, 04:51:02 pm »
after a long search i still haven't found a reasonable way to output the logs as json, or have i missed something?

well anyway, i have now built a parser which i think does the job very well, feel free to try it out


https://github.com/badsmoke/LogSense2Loki
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • logging format
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2