cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

pfSense syslog parser

Hi,

I have been tinkering a bit and have basic parser for pfSense syslog events to enrich your SmartCenter with yet another gateway.

It's rather basic at the moment but so far it parses 100% of the events I had over 2 days. (And that is a box in front of a honeypot.)

Install with:

addParsingFile -p pfSense.C -d pfSense_dict.ini

Feel free to test it yourself.

3 Replies
Vladimir
Jade

Re: pfSense syslog parser

Thank you for sharing a parser!

While I do not have an immediate need for it, I do, on occasion use pFSense to emulate complex networks and it may come handy.

Always wandered why there is no shared repository with custom parsers for 3rd party products available. It seems that SmartEvent is one of the earlier SIEMs, but that it was crippled due to the lack of parsers.

0 Kudos

Re: pfSense syslog parser

Well. I have written 2 now.

Both using a tool so they might be optimized slightly more if I go for hand-to-hand combat.

But there a a bunch out-of-the-box parsers present if you look into the Syslog tree on your SmartCenter.

I am still working on getting email details (Barracuda Email Security Gateway) into the logs. There isn't as much documentation on the subject as I would like to speed up the process.

Re: pfSense syslog parser

Just created somethin on GitHub for this: GitHub - hvdkooij/syslog2checkpoint