Need help with importing a custom logfile format

[Cybercop-Training]

Hello community

I got several logfiles that were exported from a firewall and proxy server.
I was searching for a solution which can help me in visualizing/analyzing logfiles and discovered the sof-elk projekt.
There are several predefined directories for logfiles. Is it possible to ad custom ones that doesn't match a categorie like azure,aws,kubernetes...?

If yes what can I do to get them imported in sof-elk?
Below you'll find two log samples:

Logfile 1 looks like this:

2023:02:20-02:22:02 secure-gw01 ulogd[15430]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" initf="eth0" srcmac="4c:5e:0c:bd:63:04" dstmac="00:1a:8c:58:7f:c2" srcip="192.168.1.6" dstip="192.168.1.33" proto="1" length="168" tos="0x00" prec="0xc0" ttl="63" type="3" code="1"

Lofgile 2 looks like this:

2023:02:20-00:00:02 proxy-gw02 httpproxy[5708]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.1.162" dstip="23.54.112.17" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffStudent" size="13875" request="0x6046d00" url="https://bag.itunes.apple.com/" referer="" error="" authtime="0" dnstime="5" aptptime="81" cattime="213" avscantime="0" fullreqtime="89624" device="0" auth="0" ua="" exceptions="av,sandbox,fileextension" category="105" reputation="trusted" categoryname="Business" country="Switzerland"

Thanks in advance for every help

[philhagen]

Hi! Thanks for your interest in expanding the project's capabilities!

The best resource for insight on creating parsers is from @bedangSen, which he's published here: https://for572.com/sof-elk-customparser.

What kind of platform(s) is/are generating the logs and how are you pulling them from the source (e.g. scp/etc)? That may help guide the answer to how to get them imported.