i have the following syslog alerts.
Oct 1 11:59:51 sensor | [SNORTIDS[ALERT]: [sensor-eth1] ] || 2014-10-01 11:59:54.967+-04 1 [1:1000022:1] LOCAL-RULE
Possible login.aspx Brute Force Account Access || web-application-attack || 6 x.x.x.x y.y.y.y || 20175 80 || #012 |
I've attempted writing grok patterns for it but im completely new to them and require someone with better knowledge than me to split them into fields.
Any help would be appreciated.
Thank you