Hello, I am new to graylog. I used Splunk before but I reached the space limit of splunk. Thats why I installed Graylog. I want to log firewall Logs and create reports and graphs out of this Logs.
- how similar is the Search syntax between Splunk and Graylog? Is it complicated to migrate this? - But the main issue at the moment is that the syslog messages which I get are different if you compare graylog and Splunk Splunk Syslog message: <14>Jun 27 12:27:30 FW-02 2/C1/WN02/box_Firewall_Activity: Info C-WN02-FW Detect: type=FWD|proto=TCP|srcIF=port7.101|srcIP=10.244.130.143|srcPort= 52365|srcMAC=00:00:00:00:00:00|dstIP=194.232.104.167|dstPort=80|dstService=| dstIF=port7.910|rule=|info=Normal Operation|srcNAT=80.120.132.156|dstNAT=194 .232.154.127|duration=0|count=1|receivedBytes=0|sentBytes=0|receivedPackets= 0|sentPackets=0|user=n600771|protocol=HTTP direct|application=Web browsing| target=steiermark.orf.at|content=|urlcat=Search Engines/Portals Graylog Syslog message: message NG_Firewall[]: 1467031812 1 10.244.120.142 194.232.112.146 image/png 10.244.120.142 http://steiermark.orf.at/mojo/1_3/storyserver/oeka/images/arrow.right.png 1020 BYF ALLOWED CLEAN 2 1 0 0 0 (-) 0 Search-Engines/Portals 0 - 0 steiermark.orf.at Search-Engines/Portals [00user] steiermark.orf.at - - 0 How can I receive or display the Syslogs in the same format like in Splunk.I installed on my Splunk installation this App: https://splunkbase.splunk.com/app/2634/ The Syslog Logs have mor informations like SrcNAT, dstNAT and so on. Also a name like target= or urlcat=....How can I change this settings ? On Splunk there was no additional configuration needed. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/50f12601-9526-48d5-8641-aac72e8c86c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
