Thank you Jochen!
I replaced the regular expression “%.+-\d+-.+: (.*)$” in the message
extractor with this one, which I found in the GrayLog official
documentation
“(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])”
and now everything works fine.
Here is the output:
<189>2458: 0.0.0.0: May 12 10:26:43.036 CET: %SEC_LOGIN-5-LOGIN_SUCCESS:
Login Success [user: xxxxx] [Source: x.x.x.x] [localport: 22] at 10:26:43
CET Thu May 12 2016
Thank you so much for your great help.
On Friday, May 6, 2016 at 11:47:14 AM UTC+2, Seba wrote:
>
> *Dear all,*
>
>
>
>
> *How can I set a streaming rule, in order to not send a notification, when
> access to the switch is not coming from known IP’s? My Cisco Catalyst 3750X
> doesn’t add the source IP in the notification for logins, but it does when
> somebody modifies the settings.*
>
>
>
> *I have been trying to find a solution for the last few days without
> success. *
>
>
>
> *Thank you so much for your support*
>
> *Seba*
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/32f39157-ec2e-40f5-8002-420b03839373%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
