Penguinairlines yes I also use elasticstack. They are very similar in a lot of ways. In fact, graylog is using elasticseach in this video. I can connect kibana and see these logs as well. I find graylog easier to setup from scratch ( unless if you use elastic ovas) and the filtering is also easier in graylog.
@@ITSecurityLabs how do get all these different "Fields" in Graylog, Search? I push my pfSense logs (Firewall only at the moment) to Graylog, however the only Fields I've are, facility, level, message, source and timestamp. Guess I missed something to setup in Graylog to get these Fields you have as well? BTW. many thanks for all your Videos and all the time you spend to make them, nice work (:
Tom S. I am using pipelines with rules for snort logs and grok filters for squid. I have a video that I am currently editing that will show you how I got the fields. Please check back later tonight .
@@ITSecurityLabs I understand. I have set up a ELK stack recently for work and have certainly run into some trouble with certain pipeline to pipeline communication, multi-line filebeat aggregation, field conversion, and other issues that have required a lot of fine-tuning (aka my time) to set up. I'm curious if these are features that GrayLog can support, and if so how the setup compares. I'm not sure if you will explore each of these topics, as some of them are more niche than others, but I'm glad to see you working on these systems and I look forward to your future content regarding log aggregation, monitoring, and dashboard utilization. Thanks again!
This no longer works, as Barnyard2 is deprecated and has been removed from SNORT as of the version I am using, 4.1.2_2. Reddit Forum says there are no maintainers for FreeBSD, and this has been removed from SORT provided by the PFSense package manager.
Hi Nice work, Can you advise me how to send log to graylog without using PFSense. Do you have a video for Kibana and Spunk? Waiting for your reply. Thank you.
Great tutorial, but Barnyard2 isn't supported anymore. How do we survive?
Any way of exporting logs from psfense snort to graylog as barnyard2 isn't in operation in the latest version
How are you liking GrayLog? Have you used ElasticSearch aka ELK stack? If so, how do you feel that they compare/contrast?
Penguinairlines yes I also use elasticstack. They are very similar in a lot of ways. In fact, graylog is using elasticseach in this video. I can connect kibana and see these logs as well. I find graylog easier to setup from scratch ( unless if you use elastic ovas) and the filtering is also easier in graylog.
@@ITSecurityLabs how do get all these different "Fields" in Graylog, Search? I push my pfSense logs (Firewall only at the moment) to Graylog, however the only Fields I've are, facility, level, message, source and timestamp. Guess I missed something to setup in Graylog to get these Fields you have as well?
BTW. many thanks for all your Videos and all the time you spend to make them, nice work (:
Tom S. I am using pipelines with rules for snort logs and grok filters for squid. I have a video that I am currently editing that will show you how I got the fields. Please check back later tonight .
@@ITSecurityLabs Perfect thanks, much appreciated.
@@ITSecurityLabs I understand. I have set up a ELK stack recently for work and have certainly run into some trouble with certain pipeline to pipeline communication, multi-line filebeat aggregation, field conversion, and other issues that have required a lot of fine-tuning (aka my time) to set up. I'm curious if these are features that GrayLog can support, and if so how the setup compares. I'm not sure if you will explore each of these topics, as some of them are more niche than others, but I'm glad to see you working on these systems and I look forward to your future content regarding log aggregation, monitoring, and dashboard utilization. Thanks again!
This no longer works, as Barnyard2 is deprecated and has been removed from SNORT as of the version I am using, 4.1.2_2. Reddit Forum says there are no maintainers for FreeBSD, and this has been removed from SORT provided by the PFSense package manager.
thanks brow, you save my life!
Hi,
I have followed the step. I am not able to see the folder for my pfsense created. How can I test that it has been connected successful?
Where is rsys is installed?
Hi Nice work,
Can you advise me how to send log to graylog without using PFSense. Do you have a video for Kibana and Spunk? Waiting for your reply. Thank you.
Allan NG you should be able to just point to your SIEM up address and everything should work.
@@howardmukanda958 Thank for your reply. As I am very new to this. Do you have any guide that I can follow?
Hi sir can you assist me and setup pfsense to send logs on graylog step by steps, and send logs to azure sentinel
Why do you use both rsyslog and Graylog? Why not just use one or the other?
Jeff Tee I already had syslog in my lab. It’s not required for this but since a lot of people and I had it, I used it. You can skip it.
Hi,
I am not getting the log in /var/log/remotelogs. Please help.....
same
I have a problem creating the file 70-snort.conf I get this error "Could not find template 0 'RSYSLOG_SyslogProtoco123Format' - action disabled"
it is RSYSLOG_SyslogProtocol23Format....
Great