Dear Graylog Team ,
Is there any way in order to Make Cisco logs more comfortable in Graylog through any plugins
For an example if am getting authentication fail logs how to extrace source , Destination , Port , and userid from the message and send an alert Via Mail
Is there any way to customer the email alert rather than sending it glimpsy can we make it in a summarized manner
Please help me on this
Maybe this can help:
Hey Zionio ,
I was able to receive cisco messages from syslog into graylog i want to extract source ip , destination ip , from the message can i know how
for that you use extractors or the processing pipeline.
as @jan said you can check on GL marketplace https://marketplace.graylog.org/addons?search=cisco
Hope this helps 
Already tried this , no use of it
I have tried but unable to extract source ip and destination from a single message
One of the log example :
100.65.203.6 334: Jan 12 15:43:55.889 IST: %SW_MATM-4-MACFLAP_NOTIF: Host 10f3.1149.2f20 in vlan 862 is flapping between port Gi0/26 and port Gi0/25
Please help me with the extraction of Source IP , Mac address , Vlan And ports
Based on log example, you can create a GROK extractor with:
%{IPV4:source_ip} %{GREEDYDATA} Host %{DATA:mac_accdress} in vlan %{INT:vlan} is flapping between port %{GREEDYDATA:port_a} and port %{GREEDYDATA:port_b}
Remember to check: Named captures only
Hope this helps 
Ziono I have applied the gork pattern but its not displaying in Graylog main page Field value
Can you show me a log example that did not match the GROK pattern created ?
It has been started working , is it possible to send the gork fields in email alert
I mean i have extracted a specific fields from the message is it possible send only these fields in email alert
Thanks & Regards ,
Balaji
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
