pfSense Integration not parsing correctly.

[joshdinsdale]

Acknowledgements

• I have searched (https://github.com/utmstack/UTMStack/issues) for past instances of this issue
• I have verified that my UTMStack version is up-to-date

Describe the bug

Running latest version 11.2.3 and added the pfsense integration. Configured pfsense to send in logs, which arrive, however they are not being parsed correctly.

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

The logs should parse correctly.

Current Behavior

An error is generated, here is a snippet of the log viewer in the UTMStack webui:

`raw: <134>Feb 18 09:05:18 filterlog[32191]: 6,,,1000000105,bge0,match,block,in,6,0x00,0x84511,1,UDP,17,9,fe80::529a:b678:378d:1a2a,ff02::1,63533,8912,9

errors: failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(\\s)?(match|\\w+),(block|pass),(in|out),(4|6),(.+)(tcp|TCP|Tcp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}, failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(\\s)?(match|\\w+),(block|pass),(in|out),(4|6),(.+)(udp|UDP|Udp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}, failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(\\s)?(match|\\w+),(block|pass),(in|out),(4|6),(.+)(icmp|ICMP|Icmp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}, failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(\\s)?(match|\\w+),(block|pass),(in|out),(6|17),(.+)(tcp|TCP|Tcp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}, failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(match|\\w+),(block|pass),(in|out),6,(.+)(udp|UDP|Udp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}, failed to compile expression: consult issues list for more information. Args: {"expression":"log.csvMsg.matches("(.+),(match|\\w+),(block|pass),(in|out),(6|17),(.+)(icmp|ICMP|Icmp)")","issues":[{"Location":{},"Message":"undeclared reference to 'log' (in container '')","ExprID":1}],"process":"EventProcessor"}`

I have tried changing the log format in pfsense from BSD to Syslog which makes no difference.

Reproduction Steps

Enable the pfSense integration and send logs in.

Possible Solution

Update the filter..?

Additional Information/Context

No response

UTMStack Version

11.2.3

Operating System and version

Ubuntu 24.04

Hypervisor and Version | Server Vendor and Model

n/a

Browser and version

Chrome 145

[joshdinsdale]

It is worth considering that pfSense can be configured to use two log formats, BSD RFC 3164 by default, but also Syslog RFC 5242 with RFC 3339. The user may be logging to another system as well as UTMStack, so UTMStack should be able to deal with passing both formats.