How do I grok this Cisco VPN log?

For some reason I´m doing something wrong with this grok but I cannot find the problem:

<164>Mar 18 2020 08:12:55: %ASA-4-722051: Group <GroupPolicy_Resource_Remote> User <test> IP <XXX.XX.XXX.XXX> IPv4 Address <XXX.XXX.XXX.XXX> IPv6 address <::> assigned to session

    %{DATA:Group}\s<%{DATA:Policy}> User\s<%{DATA:[event_data][TargetUserName]}> IP\s<%{IPV4:src_ip}> IPv4 Address <%{IPV4:assigned_ip}%{GREEDYDATA:extra_field}

Also, cannot find the right grok for this message:

<167>Mar 17 2020 19:34:42: %ASA-7-746012: user-identity: Add IP-User mapping XXX.XXX.XXX.XX - LOCAL\test Succeeded - VPN user

Can someone point me to the right direction?

Many thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.