Hi

There are quite a few stages, so here is the simplified flow.

Vigor syslog -- graylog input -- graylog stream -- graylog pipeline (add reverse dns, whois, port identification etc )
Check to see if this works using graylogs tools.
Then using grafana connect to the elastic search database (or opensearch, though I have not tested this yet) to create tables, charts and maps

I run graylog v5 within a debian bullseye VM, its a bit greedy, 4cores and 5gb memory, ~ 32 Gb disk, supports graylog and elastic search.
Grafana is on a separate vm, not so greedy, 2 cores , 2Gb
There are three streams, DOS, Passed & Blocked derived from the Vigor syslog, parsed using the Grok parsers. I have only shown the DOS stream, the other two are similar

Not sure the attachments work, if not pm me on this board with an email address and I will send the screen shots

Pipeline rule Reverse Dns Firewall dst_ip.png
extractor vigor_parse_dos for input vigor firewall.png
extractor vigor for input vigor firewall.png
GrayLog Indices - DOS.png
GrayLog input.png
Graylog Pipeline - DOS.png
PipeLines.png
Graylog Rules.png
Graylog Streams.png

Thanks for the overview. Are you log scraping into Graylog or using SNMP (or something else)? How does that bit work?

No, direct syslog, read by graylog, parsed and then as I said earlier.
Graylog is not the easiest of products to understand, but basically

syslog -> streams -> pipelines -> database -> presentation (Grafina, Kibana or others).

Did you get the screenshots?

Thanks for the update. Doesn't appear I can PM you with my email from those screenshots :?

Bit confused as the screen shots are from the Vigor & Graylog.
Please confirm you can read the screenshot's contents, which will assist your quest, if not I can email them if you supply an address.
Not sure if the Vigor Community forum support private messaging, couldn't find an option.