I have a scenario where I need to know from with public IP user is connected and public IP is coming from one firewall source (firewall Stream) and another from VPN source (VPN Stream). Below is log sample from both the sources :
[121121.2313131] IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00 SRC=18.104.22.168 DST=22.214.171.124 LEN=12 TOS=0x PREC=00 TTL=00 ID=000 PROTO= SPT=2001 DPT=0001 LEN=00
vpn: 126.96.36.199:2001 [Tom.Cruise] Peer Connection Initiated with [AF_INET]188.8.131.52:2001
In both the event destination and source port is common.
I need to have single message with contain Source IP (184.108.40.206 ) and Username (Tom.Cruise) . How can I achieve such scenario ?
I implemented couple of pipeline rules but they extracting only for single stream of event but not new messages.
Guys require your support or approach for solving sch use case.