Member-only story
Logging Pfsense to Graylog using input extraction rules
After setting up Graylog on Container Station (Docker for QNAP) I wanted to get better visibility of the ingress/egress traffic from my firewall, Pfsense. I had to make some modification to both Graylog and Pfsense to send data to Graylog. Additionally to get meaningful information from each firewall log record, messages need to be processed and values need to be extracted into fields. In this article I setup the integration with input extractors and show how the fields from the input extraction can be used to gain additional insight to traffic.
Configure Pfsense
The procedure to send syslog data to Graylog is pretty straight forward so I won’t repeat any of the instructions here. My configuration page is below
Configure Graylog
Configuring Graylog requires that you create a Syslog UDP input and bind it to port 514. I’m using a Docker with QNAP’s qnet driver which behaves like macvlan , this helps ensure that I don’t…
