[graylog2] Re: WebTrends Enhanced Log file Format (Welf) to graylog

Wed, 14 Dec 2016 06:43:09 -0800 

here is an exemple of what i'm recieving: 
{"@timestamp":"2016-12-14T12:44:12+01:00","@version":"1","message":" 
time=\"2016-12-14 13:01:03\" fw=\"firewall\" tz=+0100 startime=\"2016-12-14 
12:59:02\" 
pri=5 confid=01 slotlevel=2 ruleid=40 srcif=\"Vlan88\" 
srcifname=\"Nottoday\" ipproto=udp 
dstif=\"Ethernet1\" dstifname=\"somewheren\" proto=dns src=172.16.8.8 
srcport=6788 
srcname=a_pc dst=172.5.66.5 dstport=77 dstportname=dns_udp 
dstname=test.infra modsrc=172.16..66.4 
modsrcport=6598 origdst= origdstport=83 sent=42 rcvd=122 duration=0.01 
ogtype=\"connection\"#015#012#000","sysloghost":"172.16.55.88","severity_label":"info","severity":"info","facility":"user","programname":
"id=firewall","rawmsg":"<14>Dec 14 12:44:12 172.55.66.220 id=firewall 
time="2016-12-14 13:01:03" fw="toto" tz=+0100 startime="2016-12-14 
12:59:02" 
pri=5 confid=01 slotlevel=2 ruleid=40 srcif="Vlan88" srcifname="Nottoday" 
ipproto=udp dstif="Ethernet1" dstifname="production" proto=dns 
src=172.16..554.3 
srcport=62784 srcname= dst=1 dstport= dstportname=dns_udp dstname= 
modsrc=172.16.100.117 modsrcport=
origdst= origdstport= sent=42 rcvd=122 duration=0.01 
logtype="connection"#015#012#000","procid":"-"}

Le mercredi 14 décembre 2016 15:33:10 UTC+1, Jochen Schalanda a écrit :
>
> Hi Anas,
>
> WELF (?) is not being supported by Graylog out-of-the-box, but you could 
> quite easily write a plugin for that format.
>
> Cheers,
> Jochen
>
> On Wednesday, 14 December 2016 15:08:11 UTC+1, Benbrahim Anass wrote:
>>
>> Hi everybody,
>>
>> i'm wondering if there is an input for Welf Logs or they will work with 
>>  a gelf input in graylog.
>>
>> thanks.
>> cheers
>>
>> Anas
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/a497d0b5-6232-4762-b3a4-10ff53df5615%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to