Activity Feed
- Posted Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Tagged Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Tagged Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Tagged Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Tagged Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Tagged Why is the timing off between the actual log's time and the indexed event's timestamp? Logs stop displaying on Getting Data In. 11-19-2015 11:20 AM
- Posted How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
- Tagged How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
- Tagged How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
- Tagged How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
- Tagged How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
- Tagged How to troubleshoot why my PFsense logs are not getting indexed correctly and logs stop at 11:59:59? on Getting Data In. 11-05-2015 09:00 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
11-19-2015
11:20 AM
Time Event
11/19/10 11:59:37.000 PM Nov 18 23:59:37 10.0.0.10 Nov 19 04:59:37 filterlog: 81,16777216,,1446589294,fxp0,match,pass,in,4,0x0,,1,9886,0,none,2,igmp,28,10.0.0.13,224.0.0.251,datalength=8
date_second = 37
host = 10.0.0.10
index = main
source = udp:5140
sourcetype = PFsense1
... View more
11-05-2015
09:00 AM
I have PFsense sending logs to Splunk running on Ubuntu 14.04 server. When I check pfsense internal logs, everything works fine, but when I go to Splunk, it shows me output that's not in pfsense and the date is far off.
11/5/10 11:59:59.000 PM Nov 4 23:59:59 10.0.0.10 Nov 5 05:00:00 /usr/sbin/cron[77798]: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout)
host = 10.0.0.10
source = udp:514
sourcetype = pfsense
When I check the count on the main page in Splunk, I see the right count and time, but when I click on the host, that's what I see. I tried to restart Splunk, but didn't help.
Please, suggest what could be the issue. Thanks
... View more
