extract info from vpn log
Alberto
Enthusiast ✭✭
I have this file:
Mar 16 09:44:41 XXXX.250 id=firewall sn=XXXXXXXX time="2021-03-16 08:45:28 UTC" fw=7XXXXXXXX pri=6 c=0 m=1080 msg="SSL VPN zone remote user login allowed" sess="sslvpnc" n=3157 usr="user1" src=1.40.117.244::X1 dst=7XXXXXXXX:0:X1 proto=tcp note="user1 fw_action="NA"
Mar 16 09:44:45 XXXX.250 id=firewall sn=XXXXXXXX time="2021-03-16 08:45:33 UTC" fw=7XXXXXXXX pri=6 c=0 m=1080 msg="SSL VPN zone remote user login allowed" sess="sslvpnc" n=3158 usr="user2" src=151.20.209.225::X1 dst=7XXXXXXXX:0:X1 proto=tcp note="user2" fw_action="NA"
Mar 16 09:44:47 XXXX.250 id=firewall sn=XXXXXXXX time="2021-03-16 08:45:35 UTC" fw=7XXXXXXXX pri=6 c=0 m=1080 msg="SSL VPN zone remote user login allowed" sess="sslvpnc" n=3159 usr="user3" src=176.207.224.17::X1 dst=7XXXXXXXX:0:X1 proto=tcp note="user3" fw_action="NA"
ar 16 09:45:25 XXX.250 id=firewall sn=XXXXXXXX time="2021-03-16 08:46:12 UTC" fw=78.6.22.244 pri=6 c=16 m=263 msg="User logged out - user2" sess="sslvpnc" dur=60 n=4927 usr="user2" src=10.9.0.61::X1 dst=7XXXXXXXX:0:X1 proto=tcp fw_action="NA"
I need extract info like this order by USER
login
logout
I test using csv import o command "sort" in linux but I have no idea and solution .
Please help me !
Answers
What is "dur" in logout line ? Is the duration of connection in second ?
Hi @Alberto
I'am not sure if there is a newer version available, but this might be right for you:
dur = Displays the connection duration in seconds; pertains to the activity time of an authenticated user session (such as logout messages)
--Michael@BWC