Hi. I’m new in graylog.
I’ve created some streams to classify logs from different sources.
I was using this:
Field: source
Type: match regular expression
value: 10.90.7.*
This rule capture all the syslogs from one site, correspond to subnet 10.90.7.0/24. It’s work ok.
With other sites that have similar network, for example 10.90.2.0/24, I made another stream, changing the value to 10.90.2.*
But now i need to capture message from devices with ip address 10.xxx.2.2. Using the same rule changing the value to 10.*.2.2 capture message from other sources, like 10.90.7.7 or 10.90.1.21.
I’ve tested the rule in https://www.freeformatter.com/java-regex-tester.html#ad-output
And it’s seems to work ok.
Any help?
Thanks in advance, regards from Uruguay.