Trying to parse a Cisco vpn log and running into an issue with parsing the event id. Below is the raw log and I'd like to parse out the 722051. I'm able to parse everything after that but not that one. I have the grok pattern as ASA-svc-4-%{NUMBER:event_id} and tried other value types but no luck. Any suggestions?
<164>:Jun 04 18:49:02 EDT: %ASA-svc-4-722051: Group <VPN_USER> User <user.name> IP <66.13.256.38> IPv4 Address <192.168.200.3> IPv6 address <::> assigned to session