2 Replies Latest reply on Jun 7, 2010 5:30 AM by Cosmin

    Regular Expressins in Syslog Viewer

      Hi everybody,

      I'm collecting syslogs using Orion NPM server and I need to keep only syslogs generated by  hit on ACLs (more precisely which have in message the words "list" or "access list" ). The rest of the syslogs I'm not interested in, so I need to discard them.

       

      Does anyone know how could I do this using regular expressions on Syslog filter?

       

      Thanks,

      Cosmin

        • Re: Regular Expressins in Syslog Viewer
          morgolis

          Could you post the syslog message here so we can look at it?

            • Re: Regular Expressins in Syslog Viewer

              Hi morgolis,

               

              I have the following syslogs I would like to retain in DB (all of them strictly related to ACLs):

              "54540: Buc:  access-list logging rate-limited or missed 3 packets"

              "2277: Buc:  list INPUT-WAN denied icmp 172.zz.z.z -> 172.tt.tt.ttt (3/13), 1 packet"

              "268885: Buc:  list OUTPUT-WAN denied tcp 10.xx.x.xxx(1197) -> 10.yy.y.y(7072), 1 packet"

              "64297: Buc:  list 151 denied udp 1.0.255.7(51825) -> 1.x.xx.xx(161), 1 packet"

              "3733: .Buc:  list 151 denied icmp 1.0.255.4 -> 1.x.xx.xxx (8/0), 1 packet"

              "8485: Buc:  list 151 denied tcp 10.zz.z.z(7072) -> 10.xx.xx.xx(1581), 1 packet"

               

              Thanks,

              Cosmin