opkride.blogg.se - Nxfilter log eric harrison

At least have a good starting point to display the information that they want instead of trying to create all the different dashboards for them.

I think if someone is using graylog with NxFilter, they can probably create their own dashboard from the supplied extractors.Especially if operator name can be used in a grok pattern match to limit what shows on the users dashboard. I haven't looked into the role based portion of graylog much but it may be possible to do something like what you describe with it.The ability to get everything in one location is helpful for us though plus easier to customize how we view the information. Even the built in logging of NxFilter works fine.No need to limit what systems can be used by switching to a different protocol. I agree that syslog is pretty much the standard.

I haven't looked for a way to get a formatted list but I like that idea.

I think you're right about the "Top Client IPs".

We can work on naming however you like.

Maybe a case insensitive regex for nxfilter would be better to filter on.

It can still log the activities, but the policies are all gone.

Grok was pretty simple to parse out the string from NxFilter but split is probably just as easy and would be more user friendly to edit or add to later if the syslog message is changed. Anyone experiences the polices, users settings are losing regularly After sometime not sure why nxfilter lost all of the polices, users.

I also upgraded my Graylog server to v2.2.0 so I should be caught up with everyone else. There are probably a few others as well that would need changed but maybe it would be helpful to get someone started. I'll upload my content pack but it has some things like the source hostname that would be specific to our environment that would have to be changed.