I have a log message which looks like this
“Sep 24 15:45:08 vpn SSLVPN:id:sslvpn sn:004010249FA6 time:2023-09-24 15:45:08 vp_time:2023-09-24 13:45:08 UTC fw:192.168.2.2 pri:5 m:0 c:1200 src:192.168.2.2 dst:192.168.2.2 user:Proxy usr:Proxy msg:25628:Returning 200 OK Status agent:(null) geoCountryID:0 geoCountryName:LAN geoRegionName:unknown geoCityName:unknown”
i already got all fields but with “msg” i have my problems. If I use GREEDYDATA as a Datetype, it give me the String from msg: till the end of the log. I thought about String manipulation but where is also problem to split the string. A message could be like above “25628:Returning 200 OK Status” but could also be like “Start NetExtender connection”. Also the next field isnt always the same. It can be agent, but it can also be like “rule”, “portal”, “active”, etc…
How can i correctly parse the msg field?