This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
SarmChanatip
Participant
‎2022-04-27 09:41 PM
In response to Scott_Paisley

Hi Scott_Paisley

I already resolved the problem by parsing syslog from PulseSecure VPN as below screenshot and it worked fine on my lab.

idc syslog parser.jpg

10.x.x.189 PulseSecure: - - - 2021-06-15 00:39:31 - ive - [10.x.x.189] user01(Realm-NC)[RoleNC] - VPN Tunneling: Session started for user with IPv4 address 192.168.100.20, hostname xxx-xxx"

 

I also copy and paste each of the attributes here for your test purpose in your lab.

Message Subject*: (PulseSecure) with ticking RegEx checkbox

Event Type: Login

Delimeter*: \s

Username Prefix: \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\s

Username: (\w+)

Address Prefix: \s

Address*: IPv4\saddress\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})

0 Kudos
(1)
Who rated this post