The "Device Port" and "Port" fields are incorrectly extracted in messages of the CSCOacs_Failed_Attempts kind in the Technology Add-on for Cisco Secure Access Control Server (ACS).
I have been able to solve it by adding the following to props.conf:
EXTRACT-acs_device_port = ,\s+Device\s+Port=(?<Device_Port>[^,]+)
EXTRACT-acs_port = ,\s+Port=(?<Port>[^,]+)
Has anyone had the same problem? Any other ideas?
@dshpritzCould you see if this fix could be included in a future versión of the App, please? Thanks!
Added and uploaded to Splunkbase. Not sure how soon it will be visible.
Added and uploaded to Splunkbase. Not sure how soon it will be visible.
It's already visible. Many thanks!