[graylog2] Re: Graylog2 Regex extractor help

Mon, 04 Jul 2016 07:33:17 -0700 

Your regex is ok.

Worked for me.

You can otherwise try:

(?mi)Nom du compte :  ([a-zA-Z0-9.-]{1,50})

And for the second one you just need to capture Compte cible :D:

(?mi)Compte cible : .*Nom du compte :  ([a-zA-Z0-9.-]{1,50})

@peluche



Le lundi 4 juillet 2016 11:52:03 UTC+2, Zoizo a écrit :
>
> Hello,
>
> I am looking for a solution to my problem since several hours in vain, so 
> I'm posting here in hope you could help me.
>
> I have some logs who follow this scheme (it's in french) :
>
>
>
> domain.name.com MSWinEventLog 1 Security 665240 Thu Jun 30 14:35:38 2016 
> 4724 Microsoft-Windows-Security-Auditing N/A N/A Success Audit 
> domain.name.com Gestion des comptes d’utilisateur Une tentative de 
> réinitialisation de mot de passe d’un compte a été effectuée. Sujet : ID de 
> sécurité : S-1-5-21-1519999410-1935793592-2975913076-1170 Nom du compte : 
> firstname.lastname Domaine du compte : DOMAIN123 ID d’ouverture de 
> session : 0x21CACB1 Compte cible : ID de sécurité : 
> S-1-5-21-1519999410-1935793592-2975913076-1650 Nom du compte : 
> firstname.lastname Domaine du compte : DOMAIN123 256107419
>
> I want to make a regex extractor that will return the value of 
> "firstname.lastname" after "Nom du compte :  ". Since there are two "Nom du 
> compte :  ", I will use a regex for each of them (and create two fields).
>
> I tried to extract the first one with this regex but it's not working 
> (regular expression did not match) :
>
> Nom du compte :  ([a-zA-Z0-9.-]{1,50})
>
> This regex works in a regex tester so I'm kinda lost here... Could anyone 
> provide an answer to this please ?
>
> Also, my second question is : if I want to extract the second 
> "firstname.lastname", how would I change my regex to do so ?
>
> Would really appreciate some help.
>
> Thanks!
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/3e546d01-60f5-4031-8ad4-34e483042444%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to