PfSense Regex Help for AlienVault OSSIM
Unless anyone has a plugin already written for PfSense 2.X.X im trying to do my own , im not the best person and i am learning as i go, but i do want my logs to show in the OSSIM console. I dont want to reinvent the wheel but if there is no wheel here is what i am asking for help with ….
Am i barking up the wrong tree ???
Below is a line output from PfSense logs being sent to OSSIM.
I'm trying to write a plugin for OSSIM to parse PfSense Logs
I've got the following regex that covers upto where it says filterlog, but i need help identifying what the other bits are
I'm trying to work out what the
section is from
the what the
Sep 2 15:43:43 192.168.1.9 filterlog: 9,16777216,,1000000103,pppoe2,match,block,in,4,0x78,,44,47494,0,none,1,icmp,71,188.8.131.52,184.108.40.206,unreachport,220.127.116.11,UDP,1004951
Anyone able to help me write this regex for the OSSIM plugin?
I've worked out a bit more, as above
I'm not sure about what $actions are correct so for now i have just given them my own name until i know what to replace them with…
This lists and explains all the fields:
i tried to get this working and failed, anyone else managed to create a regex that works ?
McGlenn last edited by
Alienvault has now release a pfsense plugin.