Hi,
I'm running Graylog 2.0.0 with an extractor to pull out SSH login names
from failed logins:
(Failed password for (invalid user )?%{DATA:user} from %{IPV4:UNWANTED}
port %{BASE10NUM:UNWANTED} ssh2)?
This seemed to work on the two types of message it should be picking up. I
attached it to an input and for a while things seemed to work - I could see
a few messages with the new "user" tag. Then it stopped working, without
any messages in the log file. Turning up the log level to TRACE resulted
in lots of messages, but still nothing that looked like an error.
The next extractor in the list is the IP address extractor which appears to
be working fine.
Does anyone have any suggestions on how I should go about debugging this?
Iain
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/7e103dd6-8671-4dfd-af2c-82058810da43%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
