https://devopstales.github.io/linux/graylog4-pfsense/

[utterances-bot]

Analyzing PFsense logs in Graylog4 - devopstales

https://devopstales.github.io/linux/graylog4-pfsense/

[jchisholm59]

You lost me at

"In Cerebro we stand on top of the pfsense index and unfold the options and select delete index."

Does that not remove all the work we just did ?!?

[devopstales]

Hi @jchisholm59

We modified the template for the index. So we need to delete the index so it can be create with the new template at elasticsearch restart.

[NasKar2]

Thanks for this document. I've been trying for 1 wk to get this working based on old you tube videos with older versions of the software. I'm now on Graylog 4.2 and Elasticsearch 7.10.2. Firewall was preventing any input initially but that is now fixed. I believe I'm getting close but don't understand why all the graphs are not populating. Any thoughts on what to check? https://imgur.com/a/MzA4wI4

[devopstales]

Hi @NasKar2. It is a tipicle problem with the timezone. There is a part at the Import contantpack where I configure to convert the date time in my case to Europe\Budapest.

[NasKar2]

Thanks for the reply. The only thing I found is in pipeline/timestamp_pfsense_for_grafana. I changed it to America/New_York from your Europe/Budapest. Is there another time zone to change?

[NasKar2]

Looks like I got most of the graphs working but editing the graph to use real_timestamp. Not sure what the correct settings are for "Top ip Block by All"