• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Syslog parser for Microsoft Defender for Cloud Apps Discovery

Scheduled Pinned Locked Moved General pfSense Questions
2 Posts 2 Posters 692 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    aetherpirate
    last edited by Mar 30, 2022, 7:35 PM

    I am trying to make use of the Microsoft Defender for Cloud Apps Discovery, and I need to collect the logs from my Netgate SG-7100. I have it sending now to a kiwi syslog server on-prem.

    The format that Netgate uses doesn't seem to conform to any of the presets available, I think I need to make a custom log parser. I am a bit lost at this step. Can anyone provide a bit of guidance?

    1 Reply Last reply Reply Quote 0
    • S
      stephenw10 Netgate Administrator
      last edited by Mar 30, 2022, 10:00 PM

      You can change the log format in 2.6/22.01 to use RFC 5424 instead:
      https://docs.netgate.com/pfsense/en/latest/monitoring/logs/settings.html#global-log-settings

      The filter log format is described here:
      https://docs.netgate.com/pfsense/en/latest/monitoring/logs/raw-filter-format.html

      Steve

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received