4 Replies Latest reply on May 9, 2017 9:59 AM by labanm

    Regex to match all user logins with exception.


      In Syslog viewer I'm trying to setup a Syslog message pattern to match when a user logs into a cisco device and exclude 1 user.

      I know that doing *Login Success* matches on any user login but I want to exclude a single user login.


      This pattern works to match all users except for "solarwinds" in a regex tester but doesn't seem to work when applied to my syslog rule.


      .*Login Success \[user: (?!solarwinds).*


      The syslog message is something like this.

      1556: 001556:   Login Success [user: solarwinds] [Source:] [localport: 22] at 09:00:00 EDT Mon Jan 15 2019


      Regex tester I'm using is http://regexr.com