From 552ac225b1c586e4a8eb570eaed1cb7926922b22 Mon Sep 17 00:00:00 2001
From: Bastian Maeuser <mephisto@mephis.to>
Date: Sun, 24 Nov 2019 16:26:54 +0100
Subject: [PATCH] Add more recent Screenshots, clarify MP Sequence

---
 README.md | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 672706d..e637499 100644
--- a/README.md
+++ b/README.md
@@ -98,7 +98,8 @@ your Graylog Instance on http://localhost:9000. Let's see if we can login with u
 
 Next we have to create the Index in Elasticsearch for the pfSense logs in System / Indices
 
-![Indices](https://www.sysadminsdecuba.com/wp-content/uploads/2018/04/Indice-Pfsense-606x1024.png)
+![Index](https://raw.githubusercontent.com/lephisto/pfsense-analytics/master/screenshots/SS_Indexcreation.png)
+
 
 Index shard 4 and Index replicas 0, the rotation of the Index time index and the retention can be deleted, closure of an index according to the maximum number of indices or doing nothing. In my case, I set it to rotate monthly and eliminate the indexes after 12 months. In short there are many ways to establish the rotation. This index is created immediately.
 
@@ -108,7 +109,20 @@ Index shard 4 and Index replicas 0, the rotation of the Index time index and the
 
 In Graylog go to System->Configurations and:
 
-1. Change the order by Message processors, to have "GeoIP Resolver" on the bottom
+1. Change the order by Message processors, to have the following sequence:
+
+```
+1. AWS Instance Name Lookup
+2. Message Filter Chain
+3. Pipeline Processor
+4. GeoIP Resolver
+```
+
+This should look like:
+
+![Index](https://raw.githubusercontent.com/lephisto/pfsense-analytics/master/screenshots/SS_processorsequence.png)
+
+
 2. In the Plugins section update enable the Geo-Location Processor