Solved: pfsense:syslog (openvpn) usernames not being extra...

bradp1234 · ‎01-08-2015

The openVPN log extract for TA-pfsense version 1.1 was not working for my pfsense 2.1.5 which runs openvpn 2.3.3. The src ip and usernames are not being extracted properly.

bradp1234 · ‎01-08-2015

I was able to resolve this issue by modifying the transforms in the TA-pfsense app. The problem with the usernames was with the field transform pfsense_syslog_user_subject_04. It was not able to handle the '.' in the username format we use. The problem with the src ip was a missing space. Below are my regex changes.

openvpn: user \'(.*?)\' authenticated
openvpn.* (\d+\.\d+\.\d+\.\d+):(\d+)

View solution in original post

bradp1234 · ‎01-08-2015

I was able to resolve this issue by modifying the transforms in the TA-pfsense app. The problem with the usernames was with the field transform pfsense_syslog_user_subject_04. It was not able to handle the '.' in the username format we use. The problem with the src ip was a missing space. Below are my regex changes.

openvpn: user \'(.*?)\' authenticated
openvpn.* (\d+\.\d+\.\d+\.\d+):(\d+)

my2ndhead · ‎01-08-2015

Will fix it in a future release...

pfsense:syslog (openvpn) usernames not being extracted properly

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...