Thank you Jochen!
I replaced the regular expression “%.+-\d+-.+: (.*)$” in the message
extractor with this one, which I found in the GrayLog official
documentation
“(?<![0-9])(?:(?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2})[.](?:25[0-5]|2[0-4][0-9]|[0-1]?[0-9]{1,2}))(?![0-9])”
and now everything works fine.
Here is the output:
<189>2458: 0.0.0.0: May 12 10:26:43.036 CET: %SEC_LOGIN-5-LOGIN_SUCCESS:
Login Success [user: xxxxx] [Source: x.x.x.x] [localport: 22] at 10:26:43
CET Thu May 12 2016
Thank you so much for your great help.
On Friday, May 6, 2016 at 11:47:14 AM UTC+2, Seba wrote:
>
> *Dear all,*
>
>
>
>
> *How can I set a streaming rule, in order to not send a notification, when
> access to the switch is not coming from known IP’s? My Cisco Catalyst 3750X
> doesn’t add the source IP in the notification for logins, but it does when
> somebody modifies the settings.*
>
>
>
> *I have been trying to find a solution for the last few days without
> success. *
>
>
>
> *Thank you so much for your support*
>
> *Seba*
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/32f39157-ec2e-40f5-8002-420b03839373%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
