I was wondering if anyone else has seen this.
I had the Pulse Sec admin send some logs to my syslog-ng server. I'm showing an example of the log below:
Mar 16 08:45:49 10.51.56.4 1 2020-03-16T13:45:49Z 192.168.2.1 PulseSecure: - - - 2020-03-16 13:45:49 - OmmitedName - [127.0.0.1] System()[] - ..Ommmted...
My logs are coming in with "PulseSecure: - - - 2020-03-16 13:45:49" which doesn't match any of the sample logs inside the TA. However, it appears to be expected since the TA is looking for "TIME_PREFIX = PulseSecure:\s-\s-\s-\s". Something still is not correct as evident by this extract not working properly:
EXTRACT-priority = ^\d+\s\<(?<priority>\d+)
EXTRACT-header = ^(?P<header>\d+)
Obviously I could recreate these extractions but still trying to figure out what is happening incorrectly.