Closed knilda closed 5 years ago
ThoZed
commented
5 years ago Hi knidla, i could reproduce you issue, it should be solved with #25 .Please remove every component and start fresh with importing content pack files. If there are any further issues feel free to reopen this issue. Enjoy using this content pack. Also feel free to contribute, there are still some extractors to build:-)
knilda
commented
5 years ago Hi ThoZed, thank you very much for editing the content pack. Unfortunately, this Isssue is still the same for me, I cannot apply the content of the first pack. The second, third and fourth, I can apply. I removed all packs and even removed Dashboards and Streams, but no difference. Well, I could do a restart of the graylog-server and try again. Best wishes, Knilda
ThoZed
commented
5 years ago Hi knilda, actually i couldn't reproduce the problem. But i ran in similar problems if some parts of a content pack aren't removed before applying the content pack again. fist remove all content packs under System/Content Packs/Firewall
Please check all components and remove them manually if they are still there...
grok_patterns: DHCPMESSAGE
lookup_data_adapters: Fireware msg ID to Area Lookup Fireware msg ID to Name Lookup Fireware msg ID to Description Lookup Fireware msg ID to Level Lookup countrycode 3dig to latlong
lookup_caches: Fireware msg_ID Cache Country Code Table
lookup_tables Lookup Table Fireware msg ID to Description Lookup Table Fireware msg ID to Level Lookup Table Fireware msg ID to Area Lookup Table Fireware msg ID to Name Countrycode3_to_latlong
inputs watchguard-syslog-udp
streams Watchguard WARNING Watchguard Mobile Security Watchguard Proxy Watchguard Networking Watchguard Security Services Watchguard DEBUG Watchguard Cluster Watchguard Management Watchguard VPN Watchguard all messages Watchguard ERROR" Watchguard Firewall" Watchguard INFO
dashboards Watchguard - presentation Watchguard - incident Watchguard - integrator
have fun, looking forward to hear if you could solve the issue
knilda
commented
5 years ago Hi ThoZed,
it worked! I had to delete lookup_tables first, then I could delete lookup_caches and lookup_data_adapters. I am happy for the content pack because I need it to test my R shiny App https://github.com/knilda/shrlog with watchguard firewall data. Your extractors are perfect to make it run. I am very happy about that! (demo is here: https://knilda.shinyapps.io/shrlog_example
Let me see if I can contribute with more extractors, when I get more into that.
Best wishes and thank you very much for your help,
knilda
ThoZed
commented
5 years ago Hello Knilda,
I'am glad to hear, that you could finally use the content pack. I just checked your App. It's a good approach to provide filtered data, really nice! . I look forward to see the progress on you Repo. Maybe i could provide a howto, in which way a new extractor is added to this content pack. There are a plenty of them to build. If you have a specific Message ID which isn't processed yet, feel free to open a new issue. Have a nice day ThoZed
knilda
commented
5 years ago Hello ThoZed, thank you for your review! Nice to hear you like my App. A howto would be nice, as I am new to building extractors. Best wishes, Martina
Hi! Unfortunately, I could not apply the first bundle. I copied the csv to /etc/graylog but the error message says "Applying bundle failed". Only the third bundle is working for me. Thanks for any help