Daniel Nauck dnauck
dnauck
/ gist:ebe10acd6703f2cd79d5c815866c69b4
Created
December 1, 2016 13:14
— forked from nmanzi/gist:a6259f69cfe00c5ddf1e
pfSense 2.2 Graylog extractors
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "extractors": [ | |
| { | |
| "condition_type": "regex", | |
| "condition_value": "^filterlog:.*,(in|out),4,.*", | |
| "converters": [], | |
| "cursor_strategy": "copy", | |
| "extractor_config": { | |
| "index": 17, | |
| "split_by": "," |
dnauck
/ pfsense.grok
Created
December 1, 2016 11:00
— forked from bzed/pfsense.grok
Logstash pfsense pattern
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # GROK match pattern for logstash.conf filter: %{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA} | |
| # GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events): | |
| # GROK Patterns for pfSense 2.2 Logging Format | |
| # | |
| # Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries) | |
| # Edited 14 Feb 2015 by E. Paul | |
| # Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de> | |
| # taken from https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2 |