kebailey

logmon regex help for cisco syslog

Discussion created by kebailey on Jan 1, 2010
Latest reply on Jan 5, 2010 by kebailey
Hi,

Im trying to learn to use the logmon regex filter and variable features. I want to split a syslog message up and rebuild it. Example:

Dec 31 14:17:52 192.168.47.246 1238: Dec 31 15:01:11: %SYS-5-CONFIG_I: Configured from console by kebailey on vty0 (192.168.47.106)

I would like it to seperate everything devided by spaces up until the facility "%SYS-5-CONFIG_I:" then grap the rest of the line as the last variable.

So far I haven't been able to do much with regex besides a full scale pattern match. Adding the parentheses to capture the variables in the right manner seems to not work.

Outcomes