Hi everyone,
First of all I am new in Syslog parse
I would like to parse the following Syslog msg:
firewall,info New DDOS attacker block-ddos: in:pppoe-GO out:br_servers, proto TCP (SYN), 62.171.142.116:47878->10.11.0.4:80, NAT 62.171.142.116:47878->(195.158.101.163:80->10.11.0.4:80), len 60
These is my Regual Expression
.*New DDOS attacker block-ddos: in:(.*) out:(.*), proto TCP (SYN), (.*):.*->(.*):.*
However this is not working could you help me with this. Can u help me with this one, I am new to Syslog parse.
Thanks for any help
First of all I am new in Syslog parse
I would like to parse the following Syslog msg:
firewall,info New DDOS attacker block-ddos: in:pppoe-GO out:br_servers, proto TCP (SYN), 62.171.142.116:47878->10.11.0.4:80, NAT 62.171.142.116:47878->(195.158.101.163:80->10.11.0.4:80), len 60
These is my Regual Expression
.*New DDOS attacker block-ddos: in:(.*) out:(.*), proto TCP (SYN), (.*):.*->(.*):.*
However this is not working could you help me with this. Can u help me with this one, I am new to Syslog parse.
Thanks for any help