From e73ddeb7412155e1295d726944b1add1d2cba054 Mon Sep 17 00:00:00 2001 From: opc40772 <30729683+opc40772@users.noreply.github.com> Date: Wed, 4 Apr 2018 20:05:15 -0400 Subject: [PATCH] Delete pfsense_content_pack.json --- pfsense_content_pack.json | 262 -------------------------------------- 1 file changed, 262 deletions(-) delete mode 100644 pfsense_content_pack.json diff --git a/pfsense_content_pack.json b/pfsense_content_pack.json deleted file mode 100644 index 8bfabb8..0000000 --- a/pfsense_content_pack.json +++ /dev/null @@ -1,262 +0,0 @@ -{ "name":"PFsense Content Pack", - "description":"Input, Extractors, Streams, Lookup Table, Data Adapter and Cache Adapter", - "category":"Firewall", - "inputs":[ - { - "id":"5a982448687cf8128c10ce6e", - "title":"Pfsense-Logs", - "configuration":{ - "expand_structured_data":false, - "recv_buffer_size":262144, - "port":5442, - "override_source":null, - "force_rdns":false, - "allow_override_date":true, - "bind_address":"0.0.0.0", - "store_full_message":false - }, - "static_fields":{ - - }, - "type":"org.graylog2.inputs.syslog.udp.SyslogUDPInput", - "global":false, - "extractors":[ - { - "title":"PFsenseExtractor", - "type":"GROK", - "cursor_strategy":"COPY", - "target_field":"", - "source_field":"message", - "configuration":{ - "grok_pattern":"%{PFSENSE_LOG_ENTRY}" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - }, - { - "title":"Port to Service Name", - "type":"LOOKUP_TABLE", - "cursor_strategy":"COPY", - "target_field":"PortServiceName", - "source_field":"dest_port", - "configuration":{ - "lookup_table_name":"Service Port Translator" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - }, - { - "title":"Source Port Name", - "type":"LOOKUP_TABLE", - "cursor_strategy":"COPY", - "target_field":"src_port_name", - "source_field":"src_port", - "configuration":{ - "lookup_table_name":"Service Port Translator" - }, - "converters":[ - - ], - "condition_type":"NONE", - "condition_value":"", - "order":0 - } - ] - } - ], - "streams":[ - { - "id":"5a9827f4687cf8128c10d272", - "title":"pfsense logs", - "description":"Pfsense Logs Stream", - "disabled":false, - "matching_type":"AND", - "stream_rules":[ - { - "type":"CONTAINS", - "field":"source", - "value":"filterlog", - "inverted":false, - "description":"" - } - ], - "outputs":[ - - ], - "default_stream":false - } - ], - "outputs":[ - - ], - "dashboards":[ - - ], - "grok_patterns":[ - { - "name":"PFSENSE_ICMP_TSTAMP", - "pattern":"%{INT:icmp_tstamp_id},%{INT:icmp_tstamp_sequence}" - }, - { - "name":"PFSENSE_IPv4_SPECIFIC_DATA_ECN", - "pattern":"(?(4)),%{BASE16NUM:tos},%{INT:ecn},%{INT:ttl},%{INT:id},%{INT:offset},%{WORD:flags},%{INT:proto_id},%{WORD:proto}," - }, - { - "name":"PFSENSE_CARP_DATA", - "pattern":"%{WORD:carp_type},%{INT:carp_ttl},%{INT:carp_vhid},%{INT:carp_version},%{INT:carp_advbase},%{INT:carp_advskew}" - }, - { - "name":"PFSENSE_APP_ERROR", - "pattern":"webConfigurator (%{DATA:pfsense_ACTION}) for \\'(%{DATA:pfsense_USER})\\' from (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_ICMP_UNREACHABLE", - "pattern":"%{GREEDYDATA:icmp_unreachable}" - }, - { - "name":"PFSENSE_UDP_DATA", - "pattern":"%{INT:src_port},%{INT:dest_port},%{INT:data_length}" - }, - { - "name":"PFSENSE_ICMP_ECHO_REQ_REPLY", - "pattern":"%{INT:icmp_echo_id},%{INT:icmp_echo_sequence}" - }, - { - "name":"PFSENSE_IGMP_DATA", - "pattern":"datalength=%{INT:data_length}" - }, - { - "name":"PFSENSE_TCP_DATA", - "pattern":"%{INT:src_port},%{INT:dest_port},%{INT:data_length},%{WORD:tcp_flags},%{INT:sequence_number},%{INT:ack_number},%{INT:tcp_window},%{DATA:urg_data},%{GREEDYDATA:tcp_options}" - }, - { - "name":"PFSENSE_IP_DATA", - "pattern":"%{INT:length},%{IP:src_ip},%{IP:dest_ip}," - }, - { - "name":"PFSENSE_ICMP_NEED_FLAG", - "pattern":"%{IP:icmp_need_flag_ip},%{INT:icmp_need_flag_mtu}" - }, - { - "name":"PFSENSE_APP_DATA", - "pattern":"(%{PFSENSE_APP_LOGOUT}|%{PFSENSE_APP_LOGIN}|%{PFSENSE_APP_ERROR}|%{PFSENSE_APP_GEN})" - }, - { - "name":"PFSENSE_APP_LOGOUT", - "pattern":"User (%{DATA:pfsense_ACTION}) for user \\'(%{DATA:pfsense_USER})\\' from: (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_ICMP_DATA", - "pattern":"%{PFSENSE_ICMP_TYPE}%{PFSENSE_ICMP_RESPONSE}" - }, - { - "name":"PFSENSE_IPv4_SPECIFIC_DATA", - "pattern":"(?(4)),%{BASE16NUM:tos},%{WORD:ecn}?,%{INT:ttl},%{INT:id},%{INT:offset},%{WORD:flags},%{INT:proto_id},%{WORD:proto}," - }, - { - "name":"PFSENSE_IPv6_SPECIFIC_DATA", - "pattern":"(?(6)),%{BASE16NUM:ipv6_Flag1},%{WORD:ipv6_Flag2},%{WORD:flow_label},%{WORD:options},%{INT:protocol_id},%{INT:length},%{IPV6:src_ip},%{IPV6:dest_ip},%{WORD:ipv6_HPH},%{WORD:ipv6_padn},%{WORD:ipv6_Alert},%{BASE16NUM:ipv6_Flag3}," - }, - { - "name":"PFSENSE_ICMP_UNREACHPROTO", - "pattern":"%{IP:icmp_unreach_dest_ip},%{WORD:icmp_unreachproto_protocol}" - }, - { - "name":"PFSENSE_APP_LOGIN", - "pattern":"(%{DATA:pfsense_ACTION}) for user \\'(%{DATA:pfsense_USER})\\' from: (%{GREEDYDATA:pfsense_REMOTE_IP})" - }, - { - "name":"PFSENSE_LOG_DATA", - "pattern":"%{INT:rule},%{INT:sub_rule}?,,%{INT:tracker},%{WORD:iface},%{WORD:reason},%{WORD:action},%{WORD:direction}," - }, - { - "name":"PFSENSE_PROTOCOL_DATA", - "pattern":"%{PFSENSE_TCP_DATA}|%{PFSENSE_UDP_DATA}|%{PFSENSE_ICMP_DATA}|%{PFSENSE_CARP_DATA}|%{PFSENSE_IGMP_DATA}" - }, - { - "name":"PFSENSE_LOG_ENTRY", - "pattern":"%{PFSENSE_LOG_DATA}%{PFSENSE_IP_SPECIFIC_DATA}%{PFSENSE_IP_DATA}%{PFSENSE_PROTOCOL_DATA}?" - }, - { - "name":"PFSENSE_APP", - "pattern":"(%{DATA:pfsense_APP}):" - }, - { - "name":"PFSENSE_IP_SPECIFIC_DATA", - "pattern":"%{PFSENSE_IPv4_SPECIFIC_DATA}|%{PFSENSE_IPv6_SPECIFIC_DATA}" - }, - { - "name":"PFSENSE_APP_GEN", - "pattern":"(%{GREEDYDATA:pfsense_ACTION})" - }, - { - "name":"PFSENSE_ICMP_RESPONSE", - "pattern":"%{PFSENSE_ICMP_ECHO_REQ_REPLY}|%{PFSENSE_ICMP_UNREACHPORT}| %{PFSENSE_ICMP_UNREACHPROTO}|%{PFSENSE_ICMP_UNREACHABLE}|%{PFSENSE_ICMP_NEED_FLAG}|%{PFSENSE_ICMP_TSTAMP}|%{PFSENSE_ICMP_TSTAMP_REPLY}" - }, - { - "name":"PFSENSE_ICMP_UNREACHPORT", - "pattern":"%{IP:icmp_unreachport_dest_ip},%{WORD:icmp_unreachport_protocol},%{INT:icmp_unreachport_port}" - }, - { - "name":"PFSENSE_ICMP_TYPE", - "pattern":"(?(request|reply|unreachproto|unreachport|unreach|timeexceed|paramprob|redirect|maskreply|needfrag|tstamp|tstampreply))," - }, - { - "name":"PFSENSE_ICMP_TSTAMP_REPLY", - "pattern":"%{INT:icmp_tstamp_reply_id},%{INT:icmp_tstamp_reply_sequence},%{INT:icmp_tstamp_reply_otime},%{INT:icmp_tstamp_reply_rtime},%{INT:icmp_tstamp_reply_ttime}" - } - ], - "lookup_tables":[ - { - "title":"Service Port Translator", - "description":"Service Port Translator to name service", - "name":"Service Port Translator", - "cache_name":"cache-service-port", - "data_adapter_name":"cvs-port-translate", - "default_single_value":"", - "default_single_value_type":"NULL", - "default_multi_value":"", - "default_multi_value_type":"NULL" - } - ], - "lookup_caches":[ - { - "title":"Cache Service Port", - "description":"Cache Service Port", - "name":"cache-service-port", - "config":{ - "type":"guava_cache", - "max_size":1000, - "expire_after_access":60, - "expire_after_access_unit":"SECONDS", - "expire_after_write":0, - "expire_after_write_unit":null - } - } - ], - "lookup_data_adapters":[ - { - "title":"CVS Port Translate", - "description":"Table CVS for translate port service to service name", - "name":"cvs-port-translate", - "config":{ - "type":"csvfile", - "path":"/etc/graylog/server/service-names-port-numbers.csv", - "separator":",", - "quotechar":"\"", - "key_column":"Port", - "value_column":"Service", - "check_interval":3, - "case_insensitive_lookup":false - } - } - ] -} \ No newline at end of file