How to use grok pattern to capture multi IP in one message?

kyauaa · June 21, 2018, 1:33am

I have some message like:

<164>1.2.3.4 %ASA-4-419002: Duplicate TCP SYN from External:1.2.3.4/57897 to External:1.2.3.4/53 with different initial sequence number

<164>1.2.3.4 %ASA-4-313004: Denied ICMP type=0, from laddr 1.2.3.4 on interface Internal to 1.2.3.4 no matching session

I tried to use %{IP:source}, but it only extract the first IP. But I actually need from and to . Can anyone give me a hand. Thanks.

system · July 5, 2018, 1:33am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Extract IPv4 from ubuntu syslog message Graylog Central (peer support)	4	1925	May 21, 2020
Issues with attempting to pull Fields from Message Graylog Central (peer support)	3	634	May 25, 2018
Multiple Grok Patterns - We were not able to run the grok extraction. Please check your parameters Graylog Central (peer support)	7	1174	December 23, 2022
Netgear Log - Grok Patern Graylog Central (peer support) grok-patternspl	7	771	October 5, 2022
Grok multiple pattern parsing issue Graylog Central (peer support)	5	1798	March 29, 2019