My main problem is find away to parse eve.json messages. I followed the study case on graylog about snort but it was unsuccessfully for us. Is there an example of graylog parsing eve.json output coming from pfsense suricata?
On Tue, Jan 31, 2017 at 5:29 AM, sean harvey <[email protected]> wrote: > Which inputs are running in Graylog and how did you specifically configure > them? > *syslog udp > *Squid-Access > *Raw/Plaintext UDP input > *Netflow UDP > *WinLogs-gelf > How are you shipping these logs to Graylog (please include relevant > configuration settings)? > > * using barnyard2 udp 5140 > > > > On Tue, Jan 31, 2017 at 5:14 AM, Jochen Schalanda <[email protected]> > wrote: > >> Hi Sean, >> >> On Tuesday, 31 January 2017 11:12:07 UTC+1, sean harvey wrote: >>> >>> thank you for responding. We are using the syslog udp not gelf udp input >>> for suricata alerts >>> >> >> The error message clearly states otherwise. >> >> In order to find the cause for your problem, please answer the following >> questions: >> >> Which inputs are running in Graylog and how did you specifically >> configure them? >> How are you shipping these logs to Graylog (please include relevant >> configuration settings)? >> >> >> Cheers, >> Jochen >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Graylog Users" group. >> To unsubscribe from this topic, visit https://groups.google.com/d/to >> pic/graylog2/5lYK8Claym4/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ms >> gid/graylog2/bbca68f4-8476-43d3-9fd0-5af590aae51b%40googlegroups.com >> <https://groups.google.com/d/msgid/graylog2/bbca68f4-8476-43d3-9fd0-5af590aae51b%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CAPRYMafe3Hgk%2BKiF%2Bf69t2_eejyFNC8nvTVX9QpS0ws1OwP-mg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
