Hello folks,
I’d like to know if someone knows how to parse the message of the syslog on the alert templates.
For example:
Message: Login Success [user: mike] [Source: 10.1.3.20] [localport: 22] at 10:55:59 PST Fri Jan 6 2006
how would I parse this message to get the user, source IP, and local port isolated to create a template a little bit more friendly?
Thank you in advance.