Syslog Parsing for Opnsense
256 views
Skip to first unread message
Joe Volpe
Aug 28, 2020, 10:20:39 AM8/28/20
to security-onion
Hello Everyone,
I recently installed Security Onion 2.1.0 RC2 in my home environment. What an amazing job you guys have done. Everything appears to be working, however, I have a question about some Syslog parsing. I am throwing my firewall logs at SecOnion and it doesn't appear to be parsing the message field and pulling out the data within that field. The older version of SecOnion had no problem parsing this field. I've provided what it currently looks like below. I'm wondering if my FW is at fault or if there's something else is going on with 2.1 and the way it parses Syslog from Opnsense? Any ideas or suggestions? Thanks. - Joe
@timestamp
Aug 27, 2020 @ 16:45:46.131
@version
1
Push to TheHive
Click to create an alert in TheHive
_id
5YcZMnQBr1Q9MFqeSUAt
_index
securityonion:so-syslog-2020.08.27
_score
-
_type
_doc
ecs.version
1.5.0
event.dataset
syslog
event.module
syslog
securityonion
log.source.address
message
<134>Aug 27 16:45:46 OPNsense filterlog[46481]: 15,,,0,em0,match,block,in,4,0x20,,237,26312,0,none,6,tcp,40,128.199.92.187,<My_Gateway_IP>,58925,2806,0,S,481107627,,1024,,
tags
beats_input_codec_plain_applied
Wes Lambert
Aug 28, 2020, 10:25:57 AM8/28/20
to securit...@googlegroups.com
Hi Joe,
Thanks for the feedback. We are still in the process of implementing full functionality for this, and are tracking its completion via the following issue:
Thanks,
Wes
--
Follow Security Onion on Twitter!
https://twitter.com/securityonion
---
You received this message because you are subscribed to the Google Groups "security-onion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/security-onion/e9583946-77c4-418f-b7d0-ed7451b9c9d7n%40googlegroups.com.
Joe Volpe
Aug 28, 2020, 10:27:29 AM8/28/20
to security-onion
Awesome. Thanks, Wes. Again, this is one hell of a product you guys put together. Really well done. Keep up the amazing work!
Regards,
Joe
Reply all
Reply to author
Forward
0 new messages