For some reason I´m doing something wrong with this grok but I cannot find the problem:
<164>Mar 18 2020 08:12:55: %ASA-4-722051: Group <GroupPolicy_Resource_Remote> User <test> IP <XXX.XX.XXX.XXX> IPv4 Address <XXX.XXX.XXX.XXX> IPv6 address <::> assigned to session
%{DATA:Group}\s<%{DATA:Policy}> User\s<%{DATA:[event_data][TargetUserName]}> IP\s<%{IPV4:src_ip}> IPv4 Address <%{IPV4:assigned_ip}%{GREEDYDATA:extra_field}
Also, cannot find the right grok for this message:
<167>Mar 17 2020 19:34:42: %ASA-7-746012: user-identity: Add IP-User mapping XXX.XXX.XXX.XX - LOCAL\test Succeeded - VPN user
Can someone point me to the right direction?
Many thanks.