PfSense syslog and ELSA
-
Does this work for 2.5
-
donĀ“t work with pfsense 2.2
-
The patch is not needed on 2.2.
2.2 changed the native log format to be one line already: https://doc.pfsense.org/index.php/Filter_Log_Format_for_pfSense_2.2
-
Hi folks, I'm looking into teach myself how to write a syslog-ng parser for pfsense 2.2 output. There are a few fields where I want to query exactly what content might be in them because the documentation page isn't quite specific enough. If someone's already written a parser - great! I'll look at it after I've taught myself to do it first, and maybe learn if I've made any mistakes. But the learning comes firstĀ :D
Specifically, I need to know what I might encounter in the following fields:
- IP Flags - will it simply be "DNF" or "MF" or could it be more complicated?
- ECN - is it going to give the numeric value or a text representation?
- URG - will it say "set" or "true" or "urg" or something else?
-
Further to the above, I'm making good progress with the basic version of pfsense 2.2 firewall syslog events - just about have all IPv4 TCP/UDP working and will start on ICMP and IPv6 after that. One thing I don't have the facility to do at home is CARP, so I would very much appreciate it if people could post me some example CARP event messages for me to make sure my patterns are matching correctly.
