Hi,
I have similar authentication logs as below:
LOG 1:
03362 auth: ST1-CMDR: User 'my-global\admin' logged in from IP1 to WEB_UI session
LOG2:
%%10WEB/4/WEBOPT_LOGIN_SUC(l): admin logged in from IP2
The regex below works only for event LOG2:
(?<user>\w+)\slogged\sin\sfrom\s(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Probably it doesn't match special characters, any idea to solve that?
Thank you in advance!
The single quote in LOG 1 prevented a match. This regex works with both samples.
(?<user>\w+)'?\slogged\sin\sfrom\s(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
The single quote in LOG 1 prevented a match. This regex works with both samples.
(?<user>\w+)'?\slogged\sin\sfrom\s(?<src_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})