You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am sending logs from a pfsense 2.5.2 firewall, i got it working but my firewall messages were not getting Groked.
i did some investigation and the the cause was the Regex statement in this line.
if [prog] =~ /^filterlog$/ {
the problem was that the statement was just looking for the word "filterlog" in the [prog] field, when the real contents of the field was "filterlog[24523]", i assume the number is the PID of the process, so i added some regex to the if statment and now it works for most messages, im still trying to figure out an issue with Grok itself
for those of you who have this issue just replace the line with the following line and it should work
if [prog] =~ /^filterlog[([0-9]*)]$/ {
The text was updated successfully, but these errors were encountered:
I am sending logs from a pfsense 2.5.2 firewall, i got it working but my firewall messages were not getting Groked.
i did some investigation and the the cause was the Regex statement in this line.
if [prog] =~ /^filterlog$/ {
the problem was that the statement was just looking for the word "filterlog" in the [prog] field, when the real contents of the field was "filterlog[24523]", i assume the number is the PID of the process, so i added some regex to the if statment and now it works for most messages, im still trying to figure out an issue with Grok itself
for those of you who have this issue just replace the line with the following line and it should work
if [prog] =~ /^filterlog[([0-9]*)]$/ {
The text was updated successfully, but these errors were encountered: