Getting Data In
Highlighted

Parsing pfsense 2.3.4 firewall logs

New Member

I am trying to parse pfsense 2.3.4 firewall logs in splunk, but I am not able to extract the fields properly.

I tried changing the props and transforms config files as stated here: http://blog.basementpctech.com/2012/02/splunk-and-pfsense-what-pair.html

But its not working for me. Can anyone help regarding this.

Sample logs:

filterlog: 7,16777216,,1000000105,em2_vlan11,match,block,in,6,0x00,0x00000,1,UDP,17,982,fe90::125:36ff:f0fe:3a69,f062::c,3702,3702,982
host =10.10.4.3 source =udp:514 sourcetype =syslog

0 Karma