Remote logging with Graylog
-
Has anyone here been using Graylog with pfSense?
I have set up the remote server and messages are coming in - but from what I see the syntax is not compatible and the hostname is missing. That makes distinguishing the different pfSense's we're running almost impossible. Graylog takes the filterlog, security etc. parts from messages for the hostname.
Is there a way to customize the syslog remote syntax or are there any other recommendations to use pfSense remote logging with Graylog (which btw is an awesome piece of software IMHO).
Thanks,
Seb -
This is mabey too late, but I recently tried to let PfSense send syslog to Graylog2 and yes the syntax is not right!
I don't know if you added the right extractors for Pfsense. I have made a copy of all of my extractors http://hastebin.com/oqahihewim.pl
it iwll make the logs from Pfsense easier but not complete! plz let me know if you have found a better solution ;)