Support for Nagios products and services
https://support.nagios.com/forum/
Code: Select all
syslog {
type => Sonicwall
port => 5514
}Code: Select all
if [type] == "Sonicwall" {
kv {
exclude_keys => [ "c", "id", "m", "n", "pri", "proto" ]
}
grok {
match => [ "src", "%{IP:srcip}:%{DATA:srcinfo}" ]
}
grok {
match => [ "dst", "%{IP:dstip}:%{DATA:dstinfo}" ]
}
grok {
remove_field => [ "srcinfo", "dstinfo" ]
}
geoip {
add_tag => [ "geoip" ]
source => "srcip"
}
}