GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ThoZed → Graylog Cp Watchguard

ThoZed / Graylog Cp Watchguard

Licence: mit
Graylog Content Pack for Watchguard Fireware Logging

Labels

dashboardlogsgraylog

Projects that are alternatives of or similar to Graylog Cp Watchguard

Docker monitoring logging alerting
Docker host and container monitoring, logging and alerting out of the box using cAdvisor, Prometheus, Grafana for monitoring, Elasticsearch, Kibana and Logstash for logging and elastalert and Alertmanager for alerting.
Stars: ✭ 479 (+1982.61%)
Mutual labels:  logs, dashboard
Tweetstorm
tweetstorm
Stars: ✭ 18 (-21.74%)
Mutual labels:  dashboard
Dashboardview
Android自定义仪表盘View,仿新旧两版芝麻信用分、炫酷汽车速度仪表盘
Stars: ✭ 752 (+3169.57%)
Mutual labels:  dashboard
Logbook
An extensible Java library for HTTP request and response logging
Stars: ✭ 822 (+3473.91%)
Mutual labels:  logs
Bandwhich
Terminal bandwidth utilization tool
Stars: ✭ 6,737 (+29191.3%)
Mutual labels:  dashboard
Thinkvim
Vim configuration in the 21st century
Stars: ✭ 832 (+3517.39%)
Mutual labels:  dashboard
Openfaas Cloud
The Multi-user OpenFaaS Platform
Stars: ✭ 744 (+3134.78%)
Mutual labels:  dashboard
Pm2 Logrotate
Automatically rotate all applications logs managed by PM2
Stars: ✭ 905 (+3834.78%)
Mutual labels:  logs
Mpsec
One Stop MPTCP Service : MPSec
Stars: ✭ 18 (-21.74%)
Mutual labels:  dashboard
Prometheus
Kubernetes Setup for Prometheus and Grafana
Stars: ✭ 824 (+3482.61%)
Mutual labels:  dashboard
Datastream.io
An open-source framework for real-time anomaly detection using Python, ElasticSearch and Kibana
Stars: ✭ 814 (+3439.13%)
Mutual labels:  dashboard
Pa11y Dashboard
Pa11y Dashboard is a web interface which helps you monitor the accessibility of your websites
Stars: ✭ 787 (+3321.74%)
Mutual labels:  dashboard
Vuldash
Vulnerability Dashboard
Stars: ✭ 16 (-30.43%)
Mutual labels:  dashboard
Permission Manager
Permission Manager is a project that brings sanity to Kubernetes RBAC and Users management, Web UI FTW
Stars: ✭ 753 (+3173.91%)
Mutual labels:  dashboard
Kubenav
kubenav is the navigator for your Kubernetes clusters right in your pocket.
Stars: ✭ 901 (+3817.39%)
Mutual labels:  dashboard
Opstrace
Secure observability, deployed in your own network. An open source alternative to SaaS solutions like Datadog, SignalFx, ...
Stars: ✭ 743 (+3130.43%)
Mutual labels:  logs
Loghouse
Ready to use log management solution for Kubernetes storing data in ClickHouse and providing web UI.
Stars: ✭ 805 (+3400%)
Mutual labels:  logs
Prometheusalert
Prometheus Alert是开源的运维告警中心消息转发系统,支持主流的监控系统Prometheus,Zabbix,日志系统Graylog和数据可视化系统Grafana发出的预警消息,支持钉钉,微信,华为云短信,腾讯云短信,腾讯云电话,阿里云短信,阿里云电话等
Stars: ✭ 822 (+3473.91%)
Mutual labels:  graylog
Insights
Open Source Self-Hosted Business Intelligence Platform
Stars: ✭ 917 (+3886.96%)
Mutual labels:  dashboard
Jet Bridge
Jet Bridge – Admin Panel Framework for your application
Stars: ✭ 904 (+3830.43%)
Mutual labels:  dashboard
View All Similar Projects ➔

graylog-cp-watchguard_2

Graylog Content Pack for Watchguard

This content pack sturctures and enriches log messages which are generated and shipped by Watchguard Fireware. The logs are parsed to enable all the wonderful features of Graylog. :-)

Fireware log format

The log messages include a message ID which can be extracted by the following expression.

^.*msg_id=\"(\S\S\S\S-\S\S\S\S)\"

The resulting msg_id is used by the extractors to lookup msg_name,msg_area,msg_level and msg_desc fields.

With the help of this information it is easier to read the incoming log messages. Every message provides additional information which can be used for search queries.

The extractor access a lookup table which uses a data adapter to read the csv file.

This file is a list similar to the Fireware log catalog

The msg_id is used as a key to identify the format of the log message. Based on that the extractor rule of the graylog input is setup for each msg_id separately.

Prerequisites

  1. graylog up and running :)

  2. copy csv files to /etc/graylog

  3. configure Fireware to send logs

    System Manager -> Setup -> Logging -> - [x] send syslog mess...

    -IP-Address:

    -Port: 55514(content pack default port)

Import Content Pack

You can import the complete content in one File. Just upload content-pack-graylog-cp-watchguard.json in System/Content Pack Section of Graylog and install. With the parameters for input port and lookup table file path you can customize the content pack to suit your needs.

if you run into trouble while importing or updating it may be helpful to remove every component an start afresh.

Streams

With the help of streams it is possible to narrow your search results to the following areas:

  • Proxy
  • Management
  • Firewall
  • Networking
  • Cluster
  • Security Services
  • VPN
  • Mobile Security
  • INFO
  • WARNING
  • ERROR
  • DEBUG

The streams are also useful to allow user access only for certain messages.

Dashboard

With the integrator panel you are able to see which messages have a missing extractor. The timeline shows incoming and unextracted messages.

With the incident panel you have a quick overview of firewall traffic and counts of different messages types. Its also a good point to start digging the logs, in case of an incident. The fact that graylog also provides an alert engine as well as an plugin for thread intelligence you can turn your Watchguard into an universal adaptable SIEM enabled device.

Contribute

Please help adding extractors to the input to be able to facilitate structured searches of every kind of msg_id.

How to:

cheers:-)

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].