working with Graylog/Snort extractor #1
Comments
|
Hi Rajesh Sorry this took so long. I don't use github but graylog team "made me" publish my extractor and now I'm having to support it! (didn't expect that ;-) As I don't come over to github very often, I didn't notice there was a question. But now I get it :-) To import an extractor, you go System->Inputs and choose the Input that contains your syslog/snort data. Then choose "Manage extractors" and in that page, there's an "Import" option under "Actions". Then import the file and you're done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have downloaded the snort extractor from https://marketplace.graylog.org/, successfully imported appliance-syslog-udp. as per my understand, All my snort extractors are pointing to system/input-> appliance-syslog-udp -> manage extractors - > Source field : messages.
so i have to use that search -> Fields ->message filter to filter the logs further.
am i correct?.
If yes, i want to use separate search -> Fields ->snort_message or snort_ip .. etc,
what is the process to create separate search -> Fields using snort extractor.
The text was updated successfully, but these errors were encountered: