alisle
commented
11 years ago The beginning of this has been added. All that is missing is the regex parser, however the framework is all in.
Closed alisle closed 11 years ago
alisle
commented
11 years ago The beginning of this has been added. All that is missing is the regex parser, however the framework is all in.
alisle
commented
11 years ago Decay added Regex Support
The Cisco logs are a right pain, but we need to be able to parse these successfully. The most important thing is being able to point to a specific value based on word order. This will allow something like:
Jan 3 07:05:06 10.2.9.20 %ASA-4-400015: IDS:2005 ICMP time exceeded from 70.34.152.9 to 164.68.1.1 on interface outside
So we can pick up on the %ASA-4-00015:
Also need to start adding regex validating of certain fields.