apt...@gmail.com
unread,Nov 6, 2017, 6:07:53 AM11/6/17Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to security-onion
I am forwarding logs from pfsense 2.4.1 to Security Onion 2017 Beta. The log count in Kabana increases and it displays the _id but it doesn't display anything else.
The following is what is displayed in Kabana when searching for pfsense.
tags:
syslogng, syslog, _grokparsefailure, pfsense, firewall
syslog-priority:
info
logstash_time:
0.001
message:
5,,,1000000003,igb0,match,block,in,6,0x00,0x00000,255,ICMPv6,58,48,fe80::201:5cff:fe67:b246,ff02::1,
type:
firewall
syslog-host:
10.xx.xxx.x
@timestamp:
November 5th 2017, 18:47:08.760
port:
45614
syslog-legacy_msghdr:
filterlog:
syslog-facility:
local0
@version:
1
host:
172.xx.x.x
syslog-tags:
.source.s_network
syslog-host_from:
10.xx.xxx.x
syslog-sourceip:
10.xx.xxx.x
_id:
AV-Oy5navmYTjGe8bJRO
_type:
firewall
_index:
onion:logstash-syslog-2017.11.06
_score:
-
I am assuming the _grokparsefailure message above is the issue.