[graylog2] Re: WebTrends Enhanced Log file Format (Welf) to graylog

Wed, 14 Dec 2016 07:37:03 -0800 

it's straight to syslog, basicly that's a NETASQ Firewall logs, if i try 
that with a GELf input will it be resolved?


Le mercredi 14 décembre 2016 16:28:15 UTC+1, Jochen Schalanda a écrit :
>
> Hi,
>
> that looks like it went through Logstash already. Why not use some 
> Logstash filter?
>
> Cheers,
> Jochen
>
> On Wednesday, 14 December 2016 15:42:46 UTC+1, Benbrahim Anass wrote:
>>
>> here is an exemple of what i'm recieving: 
>> {"@timestamp":"2016-12-14T12:44:12+01:00","@version":"1","message":" 
>> time=\"2016-12-14 13:01:03\" fw=\"firewall\" tz=+0100 
>> startime=\"2016-12-14 12:59:02\" 
>> pri=5 confid=01 slotlevel=2 ruleid=40 srcif=\"Vlan88\" 
>> srcifname=\"Nottoday\" ipproto=udp 
>> dstif=\"Ethernet1\" dstifname=\"somewheren\" proto=dns src=172.16.8.8 
>> srcport=6788 
>> srcname=a_pc dst=172.5.66.5 dstport=77 dstportname=dns_udp 
>> dstname=test.infra modsrc=172.16..66.4 
>> modsrcport=6598 origdst= origdstport=83 sent=42 rcvd=122 duration=0.01 
>>
>> ogtype=\"connection\"#015#012#000","sysloghost":"172.16.55.88","severity_label":"info","severity":"info","facility":"user","programname":
>> "id=firewall","rawmsg":"<14>Dec 14 12:44:12 172.55.66.220 id=firewall 
>> time="2016-12-14 13:01:03" fw="toto" tz=+0100 startime="2016-12-14 
>> 12:59:02" 
>> pri=5 confid=01 slotlevel=2 ruleid=40 srcif="Vlan88" srcifname="Nottoday" 
>> ipproto=udp dstif="Ethernet1" dstifname="production" proto=dns 
>> src=172.16..554.3 
>> srcport=62784 srcname= dst=1 dstport= dstportname=dns_udp dstname= 
>> modsrc=172.16.100.117 modsrcport=
>> origdst= origdstport= sent=42 rcvd=122 duration=0.01 
>> logtype="connection"#015#012#000","procid":"-"}
>>
>> Le mercredi 14 décembre 2016 15:33:10 UTC+1, Jochen Schalanda a écrit :
>>>
>>> Hi Anas,
>>>
>>> WELF (?) is not being supported by Graylog out-of-the-box, but you could 
>>> quite easily write a plugin for that format.
>>>
>>> Cheers,
>>> Jochen
>>>
>>> On Wednesday, 14 December 2016 15:08:11 UTC+1, Benbrahim Anass wrote:
>>>>
>>>> Hi everybody,
>>>>
>>>> i'm wondering if there is an input for Welf Logs or they will work with 
>>>>  a gelf input in graylog.
>>>>
>>>> thanks.
>>>> cheers
>>>>
>>>> Anas
>>>>
>>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/71605eec-59fb-4fcd-9271-bd46c89259d6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to