Hi,
The only way I can get log data out of my home router is via email, so I'm using Splunk for iMAP to achieve this.
I'm only interested in the body of the emails which contains log data, and want them to be separated out as separated records in Splunk.
At the moment, I'm getting emails which look like what I've included below. How might I process these a little further to get just the log data in the body (and hopefully each line of the log data is a separate record).
Thanks
James
One email as it appears in Splunk for IMAP
Date = "12-Sep-2015 07:01:04 +0000"
DATE = "12 Sep 15 17:01:04"
FROM = "<logs@jjpeet.com>"
To = "<logs@jjpeet.com>"
Subject = "NETGEAR VEGN2610 Log [86:9C:A1]"
mailbox = "[Gmail]/All Mail"
size = 27951
____________________ Message Body ____________________
[Site allowed: su.ff.avast.com] from source 192.168.0.96, Saturday, Sep 12,2015 17:00:53
Firewall: packet drop. 172.192.255.255 -->172.192.184.226, Protocol ICMP, Message type 3.
Saturday, Sep 12,2015 17:00:46
[Site allowed: static.ess.apple.com:80] from source 192.168.0.126, Saturday, Sep 12,2015 17:00:34
Firewall: packet drop. 172.192.255.255 -->172.192.184.226, Protocol ICMP, Message type 3.
Saturday, Sep 12,2015 17:00:33
[Site allowed: t.tcactivity.net] from source 192.168.0.150, Saturday, Sep 12,2015 17:00:33
[Site allowed: deliver.oztam.com.au] from source 192.168.0.173, Saturday, Sep 12,2015 17:00:31
[Site allowed: static.ess.apple.com:80] from source 192.168.0.126, Saturday, Sep 12,2015 17:00:30
Firewall: packet drop. 172.192.255.255 -->172.192.184.226, Protocol ICMP, Message type 3.
Saturday, Sep 12,2015 17:00:24
Firewall: packet drop. 172.192.255.255 -->172.192.184.226, Protocol ICMP, Message type 3.
Saturday, Sep 12,2015 17:00:11
[TR-069] Send Inform, Saturday, Sep 12,2015 17:00:07
... View more