Hi,
Atm we use splunk to monitor our pfsense boxes.
It would be very nice if we could do that with vcenter log insight.
But the problem is this:
pfsense send out the following:
| Sep 9 15:26:46 | pf: 192.168.99.8.64592 > 80.239.205.210.80: Flags [S], cksum 0x263b (correct), seq 3949330011, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 |
| Sep 9 15:26:46 | pf: 00:00:03.010545 rule 1/0(match): block in on em1: (tos 0x0, ttl 128, id 2486, offset 0, flags [DF], proto TCP (6), length 52) |
vcenter log insight shows:
priority facility source hostname appname
But splunk shows a much nicer
9/9/13
3:26:44.000 PM Sep 9 15:26:44 193.186.36.81 Sep 9 15:26:46 pf: 00:00:03.010545 rule 1/0(match): block in on em1: (tos 0x0, ttl 128, id 2486, offset 0, flags [DF], proto TCP (6), length 52)Sep 9 15:26:44 193.186.36.81 Sep 9 15:26:46 pf: 192.168.99.8.64592 > 80.239.205.210.80: Flags [S], cksum 0x263b (correct), seq 3949330011, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0host=193.186.36.81 Options|
sourcetype=pfsense-firewall Options|
source=udp:514 Options|
dest_ip=80.239.205.210 Options|
dest_port=80 Options
Now the problem is that if i search for example on 80.239.205.210 it will only show:
priority facility source hostname appname
is there a way to change that..???
Thanks!
Regards
Hans