given following log file:
ubnt kernel: [WAN_LOCAL-default-D]IN=eth2 OUT= MAC=b4:fb:e4:8e:d4:a1:00:17:10:8d:ed:0d:08:00 SRC=46.182.109.160 DST=..32.32 LEN=60 TOS=0x08 PREC=0x00 TTL=49 ID=50603 DF PROTO=TCP SPT=45786 DPT=22000 WINDOW=42340 RES=0x00 SYN URGP=0…
trying to extract “WAN_LOCAL-default-D” the text could be different…could be “WAN_IN-default-D” or a few other varents…
i’ve been able to extract port info with this…SPT=%{NUMBER:SPORT} DPT=%{NUMBER:DPORT}
and ip’s with this SRC=%{IP:srcip} DST=%{IP:dstip}
and proto with PROTO=%{WORD:protocol}
just cant seem to figure out the best way to extract the rule