From fc9067a1e0386ccba026044091e0c08f5b0203ce Mon Sep 17 00:00:00 2001
From: Kameron Kenny <1267885+kkenny@users.noreply.github.com>
Date: Wed, 19 Jun 2024 08:47:05 -0400
Subject: [PATCH] add filter for port forwarding

---
 config/syslog-ng.conf.d/unifi.conf | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/config/syslog-ng.conf.d/unifi.conf b/config/syslog-ng.conf.d/unifi.conf
index 51fb23a..1155b0d 100644
--- a/config/syslog-ng.conf.d/unifi.conf
+++ b/config/syslog-ng.conf.d/unifi.conf
@@ -3,6 +3,7 @@ filter f_unifi_bash_history { match("bash" value("PROGRAM")); };
 filter f_unifi_fw_lan { match("LAN_" value("PID")); };
 filter f_unifi_fw_wan { match("WAN_" value("PID")); };
 filter f_unifi_fw_dnat { match("DNAT_" value("PID")); };
+filter f_unifi_fw_port_forward_dnat { match("PREROUTING-DNAT" value("PID")); };
 filter f_unifi_fw_guest { match("GUEST_" value("PID")); };
 filter f_unifi_dnsmasq { match("dnsmasq" value("PID")); };
 filter f_unifi_systemd { match("systemd" value("PID")); };
@@ -222,6 +223,16 @@ log {
   flags(final);
 };
 
+log {
+  source(s_network_udp);
+  filter(f_unifi_fw_port_forward_dnat);
+  parser(p_kv);
+  parser(p_fw_src_ip_geoip2_city);
+  parser(p_fw_dst_ip_geoip2_city);
+  destination(d_unifi_firewall);
+  flags(final);
+};
+
 log {
   source(s_network_udp);
   filter(f_unifi_fw_guest);