Last Updated: 2016-04-13 22:04:20 UTC
by Johannes Ullrich (Version: 1)
Earlier this week, PFSense 2.3 was released. The new release changed the name of a function I use in our pfsense log submission client, and the client will fail to parse the logs. I just released a new version of the script, that you can download here:
https://isc.sans.edu/clients/dshieldpfsense.txt (GPG Signature: https://isc.sans.edu/clients/dshieldpfsense.txt.asc ).
If you rather just apply the change to your existing file, find the line (should be line 65):
$flent = parse_filter_line(trim($line));
and replace "filter" with "firewall_log":
$flent = parse_firewall_log_line(trim($line));
This should fix the issue. The new client checks what version you are running, so it will work with 2.2 and 2.3. (but only tested with 2.3 right now).
Please let me know if you have any problems! And thanks to those who reported the issue.