Skip to content

Commit 640871c

Browse files
manan-crestmanan-crest
committed
Update: remap bytes standard attributes
1 parent eed9136 commit 640871c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

cisco_secure_client/assets/logs/cisco-secure-client.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -266,7 +266,7 @@ pipeline:
266266
'%{regex("[^']*"):usr.name}' local ip %{ip:local_ip}
267267
(connected|reconnected) from %{ip:network.client.ip}
268268
269-
parsing_session_connection %{parse_event_type_header}'%{parse_session_id_ip_and_user}:\s*%{regex("Session disconnected|Session connected"):action}. Session Type:\s*%{notSpace:session_type}(, Duration:\s*%{notSpace:duration}, Bytes xmt:\s*%{number:network.bytes_read}, Bytes rcv:\s*%{number:network.bytes_written}, Reason:\s*%{regex(".*(?= \\')"):reason})?\s*'
269+
parsing_session_connection %{parse_event_type_header}'%{parse_session_id_ip_and_user}:\s*%{regex("Session disconnected|Session connected"):action}. Session Type:\s*%{notSpace:session_type}(, Duration:\s*%{notSpace:duration}, Bytes xmt:\s*%{number:network.bytes_written}, Bytes rcv:\s*%{number:network.bytes_read}, Reason:\s*%{regex(".*(?= \\')"):reason})?\s*'
270270
271271
parsing_tls_tunnel %{parse_event_type_header}'%{parse_session_id_ip_and_user}:\s*(conn_id\[%{number:connection_id}\])? %{regex("Deleted TLS tunnel|Deleted DTLS tunnel|Added DTLS tunnel|Added TLS tunnel"):action}\[%{notSpace:tunnel_id}\] (from|to) %{notSpace}(\.\sReason:\s%{regex(".*(?= \\')"):reason})?\s'
272272

0 commit comments

Comments
 (0)