Netfilter Firewall Log Parser

Content Pack

Chateau-Lav

free!

Download from Github View on Github 0 1

Published

28 May 08:25

Last Push

28 May 08:24

Marketplace Rating

Discussion

0 Comments

Readme from Github

Graylog3 supported

Content Pack for NetFilter Logs with Graylog

This Content Pack will automatically parses your netfilter logs, and will parse it based on the traffic headers. It appends IP_HEADER_, TCP_HEADER_, and UDP_HEADER_ to all the appropriate fields. It also includes setting GeoIP, so ensure you download the current City db from Maxmind.

Content Pack includes:

GROK patterns:
Defines all new fields to be set when matched in pipeline
- NETFILTERHEADER
- NETFILTERMAC
- NETFILTERIPHEADER
- NETFILTERUDPHEADER
- NETFILTERTCPHEADER
Pipeline:
Creates Multiple fields to enable stronger queries and analytics
- -1 Rules:
  - process netfilter logs
- 0 Rules:
  - process TCP netfilter logs
  - process UDP netfilter logs
- 1 Rules:
  - Router dst GeoIP Set
  - Router src GeoIP Set
Lookup Table\Cache:
- geolite2-city (/etc/graylog/server/GeoLite2-City.mmdb)

Published

Last Push

Marketplace Rating

Discussion

Your Rating

Comments