Hello, I am new to graylog. I used Splunk before but I reached the space limit of splunk. Thats why I installed Graylog. I want to log firewall Logs and create reports and graphs out of this Logs.
- how similar is the Search syntax between Splunk and Graylog? Is it complicated to migrate this? - But the main issue at the moment is that the syslog messages which I get are different if you compare graylog and Splunk Splunk Syslog message: <14>Jun 27 12:27:30 FW-02 2/C1/WN02/box_Firewall_Activity: Info C-WN02-FW Detect: type=FWD|proto=TCP|srcIF=port7.101|srcIP=10.244.130.143|srcPort= 52365|srcMAC=00:00:00:00:00:00|dstIP=194.232.104.167|dstPort=80|dstService=| dstIF=port7.910|rule=|info=Normal Operation|srcNAT=80.120.132.156|dstNAT=194 .232.154.127|duration=0|count=1|receivedBytes=0|sentBytes=0|receivedPackets= 0|sentPackets=0|user=n600771|protocol=HTTP direct|application=Web browsing| target=steiermark.orf.at|content=|urlcat=Search Engines/Portals Graylog Syslog message: message NG_Firewall[]: 1467031812 1 10.244.120.142 194.232.112.146 image/png 10.244.120.142 http://steiermark.orf.at/mojo/1_3/storyserver/oeka/images/arrow.right.png 1020 BYF ALLOWED CLEAN 2 1 0 0 0 (-) 0 Search-Engines/Portals 0 - 0 steiermark.orf.at Search-Engines/Portals [00user] steiermark.orf.at - - 0 How can I receive or display the Syslogs in the same format like in Splunk.I installed on my Splunk installation this App: https://splunkbase.splunk.com/app/2634/ The Syslog Logs have mor informations like SrcNAT, dstNAT and so on. Also a name like target= or urlcat=....How can I change this settings ? On Splunk there was no additional configuration needed. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/50f12601-9526-48d5-8641-aac72e8c86c4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
