I have similar authentication logs as below:
03362 auth: ST1-CMDR: User 'my-global\admin' logged in from IP1 to WEB_UI session
%%10WEB/4/WEBOPT_LOGIN_SUC(l): admin logged in from IP2
The regex below works only for event LOG2:
Probably it doesn't match special characters, any idea to solve that?
Thank you in advance!