4 Replies Latest reply on May 9, 2017 9:59 AM by labanm

    Regex to match all user logins with exception.

    labanm

      In Syslog viewer I'm trying to setup a Syslog message pattern to match when a user logs into a cisco device and exclude 1 user.

      I know that doing *Login Success* matches on any user login but I want to exclude a single user login.

       

      This pattern works to match all users except for "solarwinds" in a regex tester but doesn't seem to work when applied to my syslog rule.

       

      .*Login Success \[user: (?!solarwinds).*

       

      The syslog message is something like this.

      1556: 001556:   Login Success [user: solarwinds] [Source: 1.1.1.1] [localport: 22] at 09:00:00 EDT Mon Jan 15 2019

       

      Regex tester I'm using is http://regexr.com