I have been attempting to parse Cisco logs and am having some success but
there is a pattern that I seem to be stuck on and could use some assistance.
Here is the pattern:
<166>Aug 14 2016 08:51:20 MAIN-ASA : %ASA-6-302015: Built outbound UDP
connection 1124289141 for TCN:4.2.2.2/53 (4.2.2.2/53) to
inside200:10.200.1.37/62708 (10.200.1.37/62708)
I can match up to:
<166>Aug 14 2016 08:51:20 MAIN-ASA : %ASA-6-302015: Built outbound UDP
connection 1124289141 for TCN:4.2.2.2/53
With this pattern:
%{WORD:ASA_Action} %{WORD:ASA_Protocol} %{WORD:UNWANTED} %{WORD:UNWANTED}
%{WORD:UNWANTED}
%{HOSTNAME:ASA_Source_Interface}:%{HOSTNAME:ASA_Source_IP}/%{POSINT:ASA_Source_Port}
I can't seem to get beyond (4.2.2.2/53). I have
tried \\(%{HOSTNAME:UNWANTED}/%{POSINT:UNWANTED}\\) but it doesn't match.
I would appreciate any asssistance.
Thanks!
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/c2b6bd47-c813-4973-8ce3-d6dd724eada2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
