Hello,
I am try to find out the unknon user or failed login status from below raw log format.
I want to search in real time failed login user id, origin IP, operator, account etc, from below raw log format.
Please some one let me know.
belew is the sample log.
Line 7: INFO:jackwildgaming.nyx.service:Login api_call_finished: http://xxxxxx.p69xxxxx.net/yxz/account/accountweb.dll?ShowInfo=all&Universe=Default&request=Login&Ac... <?xml version='1.0' encoding='UTF-8'?><RSP request='Login' rc='1002' msg='Failed to log in to account ab1014831@aol.com (Default)' action='user' />
new 11 (1 hit)
Line 1: INFO:jackwildgaming.nyx.service:Login api_call_finished: http://xxxxxx.p69xxxxx.net/yxz/account/accountweb.dll?ShowInfo=all&Universe=Default&request=Login&Ac... <?xml version='1.0' encoding='UTF-8'?><RSP request='Login' rc='1002' msg='Failed to log in to account dajsha28@gmail.com (Default)' action='user' />
You could extract it from the raw events
| rex "Failed to log in to account (?<userid>[^\s]+)"
Thanks for your reply but i could not find any result can you please check the once again the log format.
INFO:jackwildgaming.zyx.service:Login api_call_finished: http://xxxxxx.p69xxxxx.net/yxz/account/accountweb.dll?ShowInfo=all&Universe=Default&request=Login&Ac...
&Operator=YYYYYYY&OriginalIP=71.60.127.232&Channel=M <?xml version='1.0' encoding='UTF-8'?><RSP request='Login' rc='1002' msg='Failed to log in to account dajsha28@gmail.com (Default)' action='user' />