| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- {
- "extractors": [
- {
- "title": "pfSense filterlog: IPv4 TCP",
- "extractor_type": "regex",
- "converters": [
- {
- "type": "csv",
- "config": {
- "trim_leading_whitespace": false,
- "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength,TCPFlags,Sequence,ACK,Window,URG,Options",
- "strict_quotes": false
- }
- }
- ],
- "order": 0,
- "cursor_strategy": "copy",
- "source_field": "message",
- "target_field": "FilterData",
- "extractor_config": {
- "regex_value": "^.*filterlog:(.*)$"
- },
- "condition_type": "regex",
- "condition_value": "^.*filterlog:(.*),(in|out),4,.*,tcp,.*$"
- },
- {
- "title": "pfSense filterlog: IPv4 UDP",
- "extractor_type": "regex",
- "converters": [
- {
- "type": "csv",
- "config": {
- "trim_leading_whitespace": false,
- "column_header": "RuleNumber,SubRuleNumber,Anchor,Tracker,Interface,Reason,Action,Direction,IPVersion,TOS,ECN,TTL,ID,Offset,Flags,ProtocolID,Protocol,Length,SourceIP,DestIP,SourcePort,DestPort,DataLength",
- "strict_quotes": false
- }
- }
- ],
- "order": 0,
- "cursor_strategy": "copy",
- "source_field": "message",
- "target_field": "FilterData",
- "extractor_config": {
- "regex_value": "^.*filterlog:(.*)$"
- },
- "condition_type": "regex",
- "condition_value": "^.*filterlog:(.*),(in|out),4,.*,udp,.*$"
- }
- ],
- "version": "4.0.2"
- }
|
