diff --git a/pf-09.2019.grok b/pf-09.2019.grok index 50e2189b7e1e52e106fe9a83cfda10bb650823aa..5a42f49517578cde7a0ccb73bd22395b7c512a33 100644 --- a/pf-09.2019.grok +++ b/pf-09.2019.grok @@ -5,9 +5,12 @@ # Edited 14 Feb 2015 by Elijah Paul elijah.paul@gmail.com # Edited 10 Mar 2015 by Bernd Zeimetz <bernd@bzed.de> # Edited 28 Oct 2017 by Brian Turek <brian.turek@gmail.com> -# Edited 5 Jan 2017 by Andrew Wilson <andrew@3ilson.com> +# Edited 2017-2019 by Andrew Wilson <andrew@3ilson.com> # Edited 30 Apr 2019 by Mike Eriksson <mike@swedishmike.org> +PFSENSE %{MONTH}.%{MONTHDAY}.*%{TIME}.%{WORD:application}:.%{GREEDYDATA:msg} +OPNSENSE %{MONTH}.%{MONTHDAY}.*%{TIME}.%{HOSTNAME}.%{WORD:application}:.%{GREEDYDATA:msg} + PF_LOG_ENTRY %{PF_LOG_DATA}%{PF_IP_SPECIFIC_DATA}%{PF_IP_DATA}%{PF_PROTOCOL_DATA}? PF_LOG_DATA %{INT:event.code},%{INT:sub_rule}?,,%{INT:tracker},%{DATA:interface},%{WORD:event.outcome},%{WORD:event.action},%{WORD:network.direction}, PF_IP_DATA %{INT:length},%{IP:source.ip},%{IP:destination.ip},