We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm not very familiar with Graylog, but I have imported your extractors but one of them provides this message;
2020-04-22T13:07:16.394-04:00 ERROR [ExtractorFilter] Could not apply extractor "VMware SSH Logins Authentication Failure" (id=0e204ba9-8402-11ea-921b-005056ab1066) to message b7b318a0-84bb-11ea-bca4-005056ab1066 java.lang.RuntimeException: java.lang.IllegalArgumentException: No definition for key 'username' found, aborting 2020-04-22T13:07:16.396-04:00 ERROR [GrokPatternRegistry] Unable to load grok pattern authentication failure; logname= uid=%{BASE10NUM:vmware_uid_number} euid=%{BASE10NUM:vmware_euid_number} tty=ssh ruser= rhost=%{IPV4:ip_address} user=%{username} into cache java.lang.IllegalArgumentException: No definition for key 'username' found, aborting
Is this looking for a username with access to the ESX hosts or is it something else entirely?
This is occurring in Graylog 3.2.4+a407287 on Ubuntu 18.0.4.
The text was updated successfully, but these errors were encountered:
It looks like your graylog doesn't have the username Grok pattern. My installation has that defined as: [a-zA-Z0-9._-]+
Grok pattern information here: https://docs.graylog.org/en/3.2/pages/extractors.html#using-grok-patterns-to-extract-data
Sorry, something went wrong.
In the VMware SSH Logins Authentication Failure , update the extraction to,
authentication failure; logname= uid=%{BASE10NUM:vmware_uid_number} euid=%{BASE10NUM:vmware_euid_number} tty=ssh ruser= rhost=%{IPV4:ip_address} user=%{USERNAME}
No branches or pull requests
I'm not very familiar with Graylog, but I have imported your extractors but one of them provides this message;
Is this looking for a username with access to the ESX hosts or is it something else entirely?
This is occurring in Graylog 3.2.4+a407287 on Ubuntu 18.0.4.
The text was updated successfully, but these errors were encountered: