Syslog Parse

Started by Lanpingner, November 11, 2021, 03:04:42 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Lanpingner

November 11, 2021, 03:04:42 PM
Hi everyone,
First of all I am new in Syslog parse  :)
I would like to parse the following Syslog msg:
firewall,info New DDOS attacker block-ddos: in:pppoe-GO out:br_servers, proto TCP (SYN), 62.171.142.116:47878->10.11.0.4:80, NAT 62.171.142.116:47878->(195.158.101.163:80->10.11.0.4:80), len 60

These is my Regual Expression
.*New DDOS attacker block-ddos: in:(.*) out:(.*), proto TCP (SYN), (.*):.*->(.*):.*

However this is not working could you help me with this. Can u help me with this one, I am new to Syslog parse.

Thanks for any help

Filipp Sudanov

#1
December 06, 2021, 01:11:17 PM
You can use https://regex101.com/ to test your regular expressions. Currently your regex is not matching your example.
Print
Go Up Pages1
User actions