How to get Suricata logs into Graylog?

logan5247

I'm running pfSense 2.4.5-RELEASE-p1 on an APU2D4 at home.

I have already configured my firewall logs to go to Graylog and that is working. In my syslog settings under Status --> System Logs --> Settings, I have set:
Screenshot_2020-12-16 pfsense internal loganmarchione xyz - Status System Logs Settings.png

I have Suricata running on my LAN interface and I can see alerts on the Alerts page. Now I'm trying to send Suricata alerts to Graylog as well. In my mind, I thought if I sent Suricata logs to syslog, they would just get sent to Graylog. In my Suricata settings for the LAN interface, I have set:
Screenshot_2020-12-16 pfsense internal loganmarchione xyz - Services Suricata Edit Interface Settings - LAN.png

I'm not seeing anything other than my normal firewall traffic in Graylog? Do I need to change LOCAL1 to SYSLOG, or do I need to check a different category in the remote logging options section?

kiokoman

@logan5247
you need "System Events"

logan5247

@kiokoman Ugh, thank you! Working now!