0

Am searching this for 3 days nothing worked, can somebody help to get this regex for rsyslog string expected is

***Aug 19 08:42:07 ip-10-5-1-18 sshd[12300]: Invalid user ubunt from 111.92.25.118
tried with this***


%msg:R,ERE,1,DFLT:^Invalid.user([a-zA-Z]) .([0-9][0-9][0-9].[0-9][0-9][0-9].[0-9][0-9][0-9].[0-9][0-9][0-9]))--end%"

but didn't worked showing NO Match

Jithin Kumar S
  • 101
  • 3 numbers required in IP and "92" provided (only 2 numbers) ? Missing "from" ? Starting Carret ? – Dom Aug 21 '20 at 07:21
  • still **No Match**. Am totally feed up with this! ```^Invalid.*user ([a-zA-Z]*).* ([0-9][0-9]*[0-9]*.[0-9][0-9]*[0-9]*.[0-9][0-9]*[0-9]*.[0-9][0-9]*[0-9]*) ``` – Jithin Kumar S Aug 23 '20 at 15:28
  • if `%msg` is the whole message (including date, programname, etc) then the `^` is the causing the problem. – Marco Aug 29 '20 at 05:11

0 Answers0