Hi,
please read the documentation again:
http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor
I've already quoted the relevant parts in my previous post.
You have to extract the information into separate fields. Currently
everything is in the "message" field.
Here is some log for example:
---
message
192.168.99.1 date=2017-02-07 time=14:56:43 devname=PrimaryFGT
devid=FG100D3G16814848 logid=13 type=traffic subtype=forward
level=notice vd=root srcip=27.214.37.81 srcport=29770 srcintf="wan1"
dstip=199.203.140
Hi,
On Tuesday, 7 February 2017 13:46:47 UTC+1, CTuser wrote:
>
> Yes, of course.
> I'm getting lots of messages contain IPV4 from the FW.
>
Do they have any field that *only* contains an IPv4 address and no other
content?
Cheers,
Jochen
--
You received this message because you are subscribed
Hi Jochen,
Yes, of course.
I'm getting lots of messages contain IPV4 from the FW.
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googleg
Hi,
are there any other messages which exclusively contain an IPv4 or IPv6
address in the "message" field?
I'll quote
http://docs.graylog.org/en/2.1/pages/geolocation.html#configure-the-message-processor
:
That’s it, at this point Graylog will start looking for fields *containing
> exclusivel