Getting Data In

Parsing pfsense 2.3.4 firewall logs

New Member

I am trying to parse pfsense 2.3.4 firewall logs in splunk, but I am not able to extract the fields properly.

I tried changing the props and transforms config files as stated here:

But its not working for me. Can anyone help regarding this.

Sample logs:

filterlog: 7,16777216,,1000000105,em2_vlan11,match,block,in,6,0x00,0x00000,1,UDP,17,982,fe90::125:36ff:f0fe:3a69,f062::c,3702,3702,982
host = source =udp:514 sourcetype =syslog

0 Karma