graylog-generic-syslog

@zottmann, you could apply the content pack and copy the extractor details and apply it to the filebeat input.

Hi! I´m new to graylog and I´m trying to use this content pack in order to get dashboards for linux servers. This content pack assumes that the logs are being shipped by syslog, but I´m using sidecar and filebeats instead, so only the "SSH Failure Count", " SSH Login Failures" and "SSH Login" widgets are working. Is there a version of this content pack tailored to filebeats available, or some other alternative? If not, how can I modify the widgets so they can show the correct values?

Looking for a way to use Geolocation in Graylog2 (using an IP in a field like fieldname and getting lat/lon in fieldname_geolocation), I found out there is a marketplace. Yes, I'm a newbie :D. Then I found out there is a thing called Content Packs. This one is great! I'v been making search queries and then dashboards for quite some time now, using this Content Pack saves me time.

One addition: it doesn't list failed SSH logins when one is trying to log in to an keybased only SSH server without a key. So, I would suggest add
OR (message:\"Connection closed by\" AND message:preauth)
to the SEARCH_RESULT_CHART and QUICKVALUES options to include also those failing login attempts.