In the message field, I get this: SSLVPN: id=sslvpn sn=SERIAL# time="2016-08-31 14:00:19" vp_time="2016-08-31 18:00:19 UTC" fw=XX.XX.XX.XX pri=5 m=2 c=2 src=YY.YY.YY.YY dst=vpn.mydomain.com user="my.user" usr="my.user" msg="User logged out" active=15 duration=15 agent="SonicWALL Mobile Connect for Android 4.0.5 (samsung SAMSUNG-SM-G920A; Android 6.0.1; SDK 23; build 405)"
On Wednesday, August 31, 2016 at 1:28:39 PM UTC-4, TheKrazyKaveman wrote: > > Syslog UDP > > On Wednesday, August 31, 2016 at 3:34:40 AM UTC-4, Jochen Schalanda wrote: >> >> Hi, >> >> if the client is sending those messages directly to Graylog, you could >> probably use the "hidden" field gl2_remote_ip for this. >> >> What kind of Graylog input are you using for receiving those messages? >> >> Cheers, >> Jochen >> >> On Tuesday, 30 August 2016 20:52:33 UTC+2, TheKrazyKaveman wrote: >>> >>> I'm having some trouble getting the world map widget to work on my >>> Graylog server. It keeps telling me that I have an invalid geo data term >>> for field "source": sslvpn:. I know that this is SUPPOSED to be an IP >>> address, but for some reason it renders the IP addresses as src:. Any >>> suggestions on how to resolve this? >>> >> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/64674a28-5428-41c6-a7e8-3e0dc210e70a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
