Comments (3)
a3ilson
commented on August 23, 2024
1
Glad to hear.
-
OpenVPN has been a long overdue item and is listed within this project. The piece I'm struggling with is the output format of OpenVPN which is unfortunately a bit messy (too many variations) coupled with the lack of time to dedicate. I'll get to it eventually...
-
Feel free to close this issue out and open another for the Kibana Autocomplete...I'll look into that one as well.
from pfelk.
a3ilson
commented on August 23, 2024
- 20-interfaces.pfelk
- The issue regarding the 20-interfaces.pfelk
- The referenced file is outdated and references the host by
[host][name]updating will spend that field to read[log][syslog][hostname] - The initial filer (01-inputs.pfelk) enriches the syslog message via the pfelk.grok pattern
- pfelk.grok pattern:
[event][created],[log][syslog][hostname],[log][syslog][appname], and[log][syslog][procid]are created.
- pfelk.grok pattern:
- The 20-interfaces.pfelk (optional) adds additional fields based on the
[log][syslog][hostname]field value but requires minor configuration (e.g.,[log][syslog][hostname]and[interface][name])
- The referenced file is outdated and references the host by
- Network Transport
- More context is needed...the
[network][transport]is utilized within the pfelk.grok pattern file but is associated to Snort, Suricate, OpenVPN and the depreciated PF Grok patterns for which (02-firewall.pfelk) filters based on comma (structured PF logging).
from pfelk.
kozistan
commented on August 23, 2024
Thanks a lot helping me with that, actually what i did is replaced the [host][name] for [log][syslog][hostname] and everything started to work with 20-interfaces.pfelk, the rest additional fields are parsed.
Regarding [network][transport] i've replaced the field with [network][protocol] and is enough for me to have separated protocols as output.
I'm not using Snort and Suticata, well and OpnVPN is another part of what i would have fixed :) Have seen ad add a comment to closed issue, where you've been trying to fix with no luck.
There is a comment from my in that issue, so would appreciate to continue with that if you do not mind, OpenVPN is a often used protocol and regarding the right logging would be nice to have it on.
As you're not interacting with the Kibana autocomplete issue i understand that it just not belong here, just thought you've been dealing with that too, if not just forget about it.
Thanks again for your participation @613377
from pfelk.
Related Issues (20)
- OpenVPN+ELK Stack HOT 3
- Is there any updated documentation on starting this up in Docker? HOT 2
- Unable to create DHCP Dashboard, DHCP Saved Objects as there is a data view conflict HOT 7
- Error in logstash parse: illegal_argument_exception HOT 3
- issue when installing docker pfelk HOT 5
- Can't select firewall entry in Dashboard after uprade with Unable to fetch terms, error HOT 2
- Dashboard templates not receiving data HOT 11
- Excessive Null Values/Fields Due To "pfelk-mappings-ecs" HOT 1
- PFsense logs not being sent to PFelk HOT 1
- Data not appearing in dashboards HOT 15
- kea dhcp support HOT 15
- ngnix template error HOT 1
- Snort Dashboard - most data missing HOT 18
- Error loading Suricate template HOT 4
- Kibana will not start after changing VM (Ubuntu) IP Address HOT 1
- Cannot get data to display on NGINX dashboard HOT 16
- Cannot get data to display Suricata dashbord and Firewall dashbord HOT 8
- index_not_found_exception on logs-pfelk-haproxy HOT 1
- HAProxy dashboard / HAProxy HTTP Status Codes: field invalid HOT 13
- Unmapped fields in template HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pfelk.