i have the following problem and no Idea how to solve it:

I have a Logline from our VPN Server which looks like this:
2021-11-11 16-56-00, connect, PartnerIP=, VPNIP=, User="Computername.Domain.de"

My Problem is, that our SIEM System does not accept Computer Accounts for VPN Connections. It only allows User Accounts. Thats why i need to transform it into:

2021-11-11 16-56-00, connect, PartnerIP=, VPNIP=, User="Username@Domain.de"

The connection between Computer and User is stored in a MS SQL Database or in a CSV/TXT File.

Is it possible to replace the Computer Entry with the corresponding Username and then send it to a Syslog server?
I did not found a possibility to load something like a key-Value List.

AskedNovember 11, 2021 - 5:04pm

Answers (0)