<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Parsing pfsense 2.3.4 firewall logs in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Parsing-pfsense-2-3-4-firewall-logs/m-p/420057#M73991</link>
    <description>&lt;P&gt;I am trying to parse pfsense 2.3.4 firewall logs in splunk, but I am not able to extract the fields properly.&lt;/P&gt;

&lt;P&gt;I tried changing the props and transforms config files as stated here: &lt;A href="http://blog.basementpctech.com/2012/02/splunk-and-pfsense-what-pair.html"&gt;http://blog.basementpctech.com/2012/02/splunk-and-pfsense-what-pair.html&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;But its not working for me. Can anyone help regarding this.&lt;/P&gt;

&lt;P&gt;Sample logs:&lt;/P&gt;

&lt;P&gt;filterlog: 7,16777216,,1000000105,em2_vlan11,match,block,in,6,0x00,0x00000,1,UDP,17,982,fe90::125:36ff:f0fe:3a69,f062::c,3702,3702,982&lt;BR /&gt;
host =10.10.4.3        source =udp:514        sourcetype =syslog&lt;/P&gt;</description>
    <pubDate>Mon, 28 May 2018 10:09:13 GMT</pubDate>
    <dc:creator>jawadak</dc:creator>
    <dc:date>2018-05-28T10:09:13Z</dc:date>
    <item>
      <title>Parsing pfsense 2.3.4 firewall logs</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Parsing-pfsense-2-3-4-firewall-logs/m-p/420057#M73991</link>
      <description>&lt;P&gt;I am trying to parse pfsense 2.3.4 firewall logs in splunk, but I am not able to extract the fields properly.&lt;/P&gt;

&lt;P&gt;I tried changing the props and transforms config files as stated here: &lt;A href="http://blog.basementpctech.com/2012/02/splunk-and-pfsense-what-pair.html"&gt;http://blog.basementpctech.com/2012/02/splunk-and-pfsense-what-pair.html&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;But its not working for me. Can anyone help regarding this.&lt;/P&gt;

&lt;P&gt;Sample logs:&lt;/P&gt;

&lt;P&gt;filterlog: 7,16777216,,1000000105,em2_vlan11,match,block,in,6,0x00,0x00000,1,UDP,17,982,fe90::125:36ff:f0fe:3a69,f062::c,3702,3702,982&lt;BR /&gt;
host =10.10.4.3        source =udp:514        sourcetype =syslog&lt;/P&gt;</description>
      <pubDate>Mon, 28 May 2018 10:09:13 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Parsing-pfsense-2-3-4-firewall-logs/m-p/420057#M73991</guid>
      <dc:creator>jawadak</dc:creator>
      <dc:date>2018-05-28T10:09:13Z</dc:date>
    </item>
  </channel>
</rss>

