siemonster

siemonster / tcptweaks.txt

Created March 10, 2020 23:49

siemonster / smlogo.svg

Created July 14, 2019 06:17

Sorry, something went wrong. Reload?

Sorry, we cannot display this file.

Sorry, this file is invalid so it cannot be displayed.

siemonster / pfsense2-2.grok

Created June 14, 2016 20:45 — forked from elijahpaul/pfsense2-2.grok

pfsense2-2.grok

	# GROK match pattern for logstash.conf filter: %{LOG_DATA}%{IP_SPECIFIC_DATA}%{IP_DATA}%{PROTOCOL_DATA}

	# GROK Custom Patterns (add to patterns directory and reference in GROK filter for pfSense events):

	# GROK Patterns for pfSense 2.2 Logging Format
	#
	# Created 27 Jan 2015 by J. Pisano (Handles TCP, UDP, and ICMP log entries)
	# Edited 14 Feb 2015 by E. Paul
	#
	# Usage: Use with following GROK match pattern

siemonster / pfsense2-2.conf

Created June 14, 2016 20:44 — forked from elijahpaul/pfsense2-2.conf

pfSense 2.2 Logstash Filter

	# Use this filter with pattern file https://gist.github.com/elijahpaul/f5f32d4e914dcb7fedd2
	filter {
	if "PFSense" in [tags] {
	grok {
	add_tag => [ "firewall" ]
	match => [ "message", "<(?<evtid>.)>(?<datetime>(?:Jan(?:uary)?\|Feb(?:ruary)?\|Mar(?:ch)?\|Apr(?:il)?\|May\|Jun(?:e)?\|Jul(?:y)?\|Aug(?:ust)?\|Sep(?:tember)?\|Oct(?:ober)?\|Nov(?:ember)?\|Dec(?:ember)?)\s+(?:(?:0[1-9])\|(?:[12][0-9])\|(?:3[01])\|[1-9]) (?:2[0123]\|[01]?[0-9]):(?:[0-5][0-9]):(?:[0-5][0-9])) (?<prog>.?): (?<msg>.*)" ]
	}
	mutate {
	gsub => ["datetime"," "," "]
	}