Grok Pattern for barnyard2 syslog

i have the following syslog alerts.

Oct 1 11:59:51 sensor | [SNORTIDS[ALERT]: [sensor-eth1] ] || 2014-10-01 11:59:54.967+-04 1 [1:1000022:1] LOCAL-RULE
Possible login.aspx Brute Force Account Access || web-application-attack || 6 x.x.x.x y.y.y.y || 20175 80 || #012 |

I've attempted writing grok patterns for it but im completely new to them and require someone with better knowledge than me to split them into fields.

Any help would be appreciated.

Thank you

Have you tried using the grok constructor web site?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.