- Products
- Learn
- Local User Groups
- Partners
- More
Hi Scott_Paisley
I already resolved the problem by parsing syslog from PulseSecure VPN as below screenshot and it worked fine on my lab.
10.x.x.189 PulseSecure: - - - 2021-06-15 00:39:31 - ive - [10.x.x.189] user01(Realm-NC)[RoleNC] - VPN Tunneling: Session started for user with IPv4 address 192.168.100.20, hostname xxx-xxx"
I also copy and paste each of the attributes here for your test purpose in your lab.
Message Subject*: (PulseSecure) with ticking RegEx checkbox
Event Type: Login
Delimeter*: \s
Username Prefix: \[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\]\s
Username: (\w+)
Address Prefix: \s
Address*: IPv4\saddress\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
