Last active
April 22, 2024 12:06
-
-
Save xbb/00b5bf8fb353a5947c60914f996b2691 to your computer and use it in GitHub Desktop.
Revisions
-
xbb revised this gist
Jan 23, 2022 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,14 +1,14 @@ # # OPNsense filterlog GROK patterns # Based on: https://github.com/opnsense/ports/blob/b221352/opnsense/filterlog/files/description.txt # # Entrypoint: %{OPNSENSE_FILTERLOG} # # TODO: OPNSENSE_CARP # OPNSENSE_DIRECTION \bin(?:/out)?|out\b OPNSENSE_WORD \b[\w-]+\b OPNSENSE_FILTERLOG %{OPNSENSE_TCP}|%{OPNSENSE_UDP}|%{OPNSENSE_IPV4}|%{OPNSENSE_IPV6} OPNSENSE_IPV4 %{OPNSENSE_PACKETFILTER},%{INT:ip_ver},%{BASE16NUM:tos},%{OPNSENSE_WORD:ecn}?,%{INT:ttl},%{INT:id},%{INT:offset},%{OPNSENSE_WORD:flags},%{INT:proto_num},%{OPNSENSE_WORD:proto},%{INT:length},%{IPV4:src},%{IPV4:dst} OPNSENSE_IPV6 %{OPNSENSE_PACKETFILTER},%{INT:ip_ver},%{BASE16NUM:class},%{BASE16NUM:flow},%{INT:hop_limit},%{OPNSENSE_WORD:proto},%{INT:proto_num},%{INT:length},%{IPV6:src},%{IPV6:dst} OPNSENSE_LABEL (?:\b%{OPNSENSE_WORD:label}\b|\(null\)) -
Aug 3, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,17 @@ # # OPNsense filterlog GROK patterns # Based on: https://github.com/opnsense/ports/blob/95ff6a3/opnsense/filterlog/files/description.txt # # Entrypoint: %{OPNSENSE_FILTERLOG} # # TODO: OPNSENSE_CARP # OPNSENSE_DIRECTION \bin(?:/out)?|out\b OPNSENSE_WORD \b[\w-]+\b OPNSENSE_FILTERLOG %{OPNSENSE_TCP}|%{OPNSENSE_UDP} OPNSENSE_IPV4 %{OPNSENSE_PACKETFILTER},%{INT:ip_ver},%{BASE16NUM:tos},%{OPNSENSE_WORD:ecn}?,%{INT:ttl},%{INT:id},%{INT:offset},%{OPNSENSE_WORD:flags},%{INT:proto_num},%{OPNSENSE_WORD:proto},%{INT:length},%{IPV4:src},%{IPV4:dst} OPNSENSE_IPV6 %{OPNSENSE_PACKETFILTER},%{INT:ip_ver},%{BASE16NUM:class},%{BASE16NUM:flow},%{INT:hop_limit},%{OPNSENSE_WORD:proto},%{INT:proto_num},%{INT:length},%{IPV6:src},%{IPV6:dst} OPNSENSE_LABEL (?:\b%{OPNSENSE_WORD:label}\b|\(null\)) OPNSENSE_PACKETFILTER %{INT:rule},%{INT:subrule}?,%{INT:anchor}?,%{OPNSENSE_LABEL:label},%{OPNSENSE_WORD:interface},%{OPNSENSE_WORD:reason},%{OPNSENSE_WORD:action},%{OPNSENSE_DIRECTION:dir} OPNSENSE_TCP (?:%{OPNSENSE_IPV4}|%{OPNSENSE_IPV6}),%{INT:src_port},%{INT:dst_port},%{INT:data_len},%{OPNSENSE_WORD:tcp_flags},(?:%{INT:tcp_seq}(?:\:\d+)?)?,%{INT:tcp_ack}?,%{INT:tcp_win},%{INT:tcp_urg}?,(?<tcp_options>[^,]+)? OPNSENSE_UDP (?:%{OPNSENSE_IPV4}|%{OPNSENSE_IPV6}),%{INT:src_port},%{INT:dst_port},%{INT:data_len}