I have a file with full of logs from different sources. But i want to monitor only logs from a particular network device(cisco-ise). Please help me do it using props here in the example wherever <ise-hostname> those has to be monitored(means before going to indexer it should extract ise logs Oct 6 03:44:01 <hostname> rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1294" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Oct 6 03:44:02 <hostname> rhsmd: This system is registered to RHN Classic.
Oct 6 03:44:06 <ise-hostname> <hostname>: Dropping Primary discovery request from AP - limit for maximum APs supported 30 reached
Oct 6 03:40:16 <ise-hostname> CISE_Failed_Attempts 1 0 2019-10-06 03:40:16.968 +05:30 NOTICE Failed-Attempt: RADIUS Accounting-Request dropped, ConfigVersionId=62, Device IP Address=<ip-address>, Device Port=<PORT>, DestinationIPAddress=<ip-address>, DestinationPort=<PORT>, Protocol=Radius, User-Name=ppp, Acct-Status-Type=Start, Acct-Session Id=sfaksdaksf, Event-Ti
mestamp=1569504083, AcsSessionID=<hostname>/asdasd, FailureReason=11007 Could not locate Network Device , Step=333, Step=55, Step=22, Step=11, #44
Oct 6 03:44:09 <hostname>: MOBILESTATION_NOT_FOUND: Could not find the mobile sadas in internal database
Oct 6 03:40:26 <ise-hostname> CISE_Failed_Attempts 1 0 2019-10-06 03:40:26.180 +05:30 NOTICE Failed-Attempt: RADIUS Accounting-Request dropped, ConfigVersionId=62, Device IP Address=<ip-address>, Device Port=<port>, DestinationIPAddress=<ip-address>, DestinationPort=<port>, Protocol=Radius, User-Name=wipro, Acct-Status-Type=Start, Acct-Session-Id=sdfsdfs, Event-Timestamp=1569504083, AcsSessionID=dfsdf, FailureReason=33 Could not locate Network Device , Step=343, Step=231, Step=55, Step=11, #44
... View more