I am looking at logging on a windows agent Teamviewer logs. The issue is the irregular output like soo.
673915615 Support Team 20-05-2016 19:37:51 20-05-2016 20:04:29 user RemoteControl {811FB7EC-E1EB-470A-B5EE-01E7290B7FDF} 151856824 01-06-2016 19:30:36 01-06-2016 20:00:44 user RemoteControl {38164985-5201-4BFE-BF6E-32F2E770954E} 151856824 02-06-2016 18:29:32 02-06-2016 18:47:33 user RemoteControl {22D28696-95C0-4AF8-9EBE-440580B85D65} 172856590 PCMust 16-08-2016 15:15:21 16-08-2016 15:22:54 user RemoteControl {934B2BDF-DB82-4113-9C60-9250A6E47A7A} 891956027 Afterworld 18-08-2016 18:13:27 18-08-2016 18:26:37 user RemoteControl {E4555287-A198-4D54-8851-67C2DF8EA5DD} How would one go about regexing this type of output? The stuff in blue would be the required data to pass to rulesets -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.