You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not sure is this an issue or not. I'm using OpnSense instead of pfSense and of course it was working with OpnSense as well. Since OPNsense 20.7.4-amd64 version, there is changes in log format. OpnSense team added log identifier and logs extraction doesn't work now.
This is how it was:
Nov 4 07:06:32 filterlog: 97,,,0,em0,match,pass,out,4,0x0,,63,30672,0,DF,17,udp,75,10=192.168.250.126,192.168.248.110,39612,161,55
And now it is: Nov 5 09:06:55 filterlog**[62051]**: 97,,,0,em0,match,pass,out,4,0x0,,63,30672,0,DF,17,udp,75,10=192.168.250.126,192.168.248.110,39612,161,55
Forced to add regex: EXTRACT-ipv4_tcp = filterlog**[(.])**:\s(?[^,]),(?<sub_rule>[^,]),(?[^,]),(?<tracker_id>[^,]),(?<dest_int>[^,]),(?[^,]),(?<vendor_action>[^,]),(?<vendor_direction>[^,]),(?<ip_version>4),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?<transport_id>[^,]),(?<vendor_transport>tcp),(?[^,]),(?<src_ip>[^,]),(?<dest_ip>[^,]),(?<src_port>[^,]),(?<dest_port>[^,]),(?<payload_bytes>[^,]),(?<vendor_tcp_flags>[^,]),(?<sequence_number>[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^$])$
Thanks for your work! And please delete if post is not applicable.
The text was updated successfully, but these errors were encountered:
Not sure is this an issue or not. I'm using OpnSense instead of pfSense and of course it was working with OpnSense as well. Since OPNsense 20.7.4-amd64 version, there is changes in log format. OpnSense team added log identifier and logs extraction doesn't work now.
This is how it was:
Nov 4 07:06:32 filterlog: 97,,,0,em0,match,pass,out,4,0x0,,63,30672,0,DF,17,udp,75,10=192.168.250.126,192.168.248.110,39612,161,55
And now it is: Nov 5 09:06:55 filterlog**[62051]**: 97,,,0,em0,match,pass,out,4,0x0,,63,30672,0,DF,17,udp,75,10=192.168.250.126,192.168.248.110,39612,161,55
Forced to add regex: EXTRACT-ipv4_tcp = filterlog**[(.])**:\s(?[^,]),(?<sub_rule>[^,]),(?[^,]),(?<tracker_id>[^,]),(?<dest_int>[^,]),(?[^,]),(?<vendor_action>[^,]),(?<vendor_direction>[^,]),(?<ip_version>4),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^,]),(?<transport_id>[^,]),(?<vendor_transport>tcp),(?[^,]),(?<src_ip>[^,]),(?<dest_ip>[^,]),(?<src_port>[^,]),(?<dest_port>[^,]),(?<payload_bytes>[^,]),(?<vendor_tcp_flags>[^,]),(?<sequence_number>[^,]),(?[^,]),(?[^,]),(?[^,]),(?[^$])$
Thanks for your work! And please delete if post is not applicable.
The text was updated successfully, but these errors were encountered: