Skip to content

Instantly share code, notes, and snippets.

View gist:ebe10acd6703f2cd79d5c815866c69b4
{
"extractors": [
{
"condition_type": "regex",
"condition_value": "^filterlog:.*,(in|out),4,.*",
"converters": [],
"cursor_strategy": "copy",
"extractor_config": {
"index": 17,
"split_by": ","
@dnauck
dnauck / pfsense.grok
Created Dec 1, 2016 — forked from bzed/pfsense.grok
Logstash pfsense pattern
View pfsense.grok
# GROK match pattern for logstash.conf filter: %{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}
# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):
# GROK Patterns for pfSense 2.2 Logging Format
#
# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
# Edited 14 Feb 2015 by E. Paul
# Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de>
# taken from https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2