Open
Description
openedon Jul 22, 2024
Hello,
The event id 716038 of Cisco ASA has the following format:
%ASA-6-716038: Group User user@domain.com IP <xxx.xxx.xxx.xxx> Authentication: successful, Session Type: WebVPN.
So I suggest to change the parsing of this line:
to:
| parse Message with * 'User <' TargetUsername '> IP <' SrcIpAddr '> Authentication'*
in order to trim the angle brackets from the relevant fields.
Regards,
Christos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment