update for graylog3

2025-12-06 12:19:21 +01:00 · 2019-07-04 15:24:06 +02:00
parent 5e670476d7
commit f5f980e966
5 changed files with 1732 additions and 0 deletions
--- a/pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json
+++ b/pfsense_content_pack/graylog2/pfsense_content_pack_table_lookup.json
@@ -0,0 +1,50 @@
+{  "name":"PFsense Port Lookup",
+   "description":"Lookup Table, Data Adapter and Cache Adapter",
+   "category":"Firewall",
+
+   "lookup_data_adapters":[
+      {
+         "title":"CVS Port Translate",
+         "description":"Table CVS for translate port service to service name",
+         "name":"cvs-port-translate",
+         "config":{
+            "type":"csvfile",
+            "path":"/etc/graylog/server/service-names-port-numbers.csv",
+            "separator":",",
+            "quotechar":"\"",
+            "key_column":"Port",
+            "value_column":"Service",
+            "check_interval":3,
+            "case_insensitive_lookup":false
+         }
+      }
+   ],
+      "lookup_caches":[
+      {
+         "title":"Cache Service Port",
+         "description":"Cache Service Port",
+         "name":"cache-service-port",
+         "config":{
+            "type":"guava_cache",
+            "max_size":1000,
+            "expire_after_access":60,
+            "expire_after_access_unit":"SECONDS",
+            "expire_after_write":0,
+            "expire_after_write_unit":null
+         }
+      }
+   ],
+      "lookup_tables":[
+      {
+         "title":"Service Port Translator",
+         "description":"Service Port Translator to name service",
+         "name":"Service Port Translator",
+         "cache_name":"cache-service-port",
+         "data_adapter_name":"cvs-port-translate",
+         "default_single_value":"",
+         "default_single_value_type":"NULL",
+         "default_multi_value":"",
+         "default_multi_value_type":"NULL"
+      }
+   ]
+}