All Apps and Add-ons

Pulse Secure logs not matching any samples


I was wondering if anyone else has seen this.

I had the Pulse Sec admin send some logs to my syslog-ng server. I'm showing an example of the log below:

Mar 16 08:45:49 1 2020-03-16T13:45:49Z PulseSecure: - - - 2020-03-16 13:45:49 - OmmitedName - [] System()[] - ..Ommmted...

My logs are coming in with "PulseSecure: - - - 2020-03-16 13:45:49" which doesn't match any of the sample logs inside the TA. However, it appears to be expected since the TA is looking for "TIME_PREFIX = PulseSecure:\s-\s-\s-\s". Something still is not correct as evident by this extract not working properly:

EXTRACT-priority = ^\d+\s\<(?<priority>\d+)
EXTRACT-header = ^(?P<header>\d+)    

Obviously I could recreate these extractions but still trying to figure out what is happening incorrectly.

0 Karma
Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.