Hi,
I'm trying to extract some fields from my Access Point Aruba in order to be CIM compliant. For authentication log I have two kinds of event:
Login failed:
cli[5405]: <341004> <WARN> AP:ML_AP01 <................................> Client 60:f2:62:8c:a8:a7 authenticate fail because RADIUS server authentication failure
Login success:
stm[5434]: <501093> <NOTI> AP:ML_AP01 <..................................> Auth success: 60:f2:62:8c:a8:a7: AP ...................................ML_AP01
My goal is to extract the mac address after "Client" in the first log and the mac after "Auth success" in the second one in a common field called "src", can someone please help me?
Thanks in advance!
| rex "(Client |Auth success: )(?<src>..:..:..:..:..:..)"