i have the following problem and no Idea how to solve it:
I have a Logline from our VPN Server which looks like this:
2021-11-11 16-56-00, connect, PartnerIP=126.96.36.199, VPNIP=172.16.123.123, User="Computername.Domain.de"
My Problem is, that our SIEM System does not accept Computer Accounts for VPN Connections. It only allows User Accounts. Thats why i need to transform it into:
2021-11-11 16-56-00, connect, PartnerIP=188.8.131.52, VPNIP=172.16.123.123, User="Username@Domain.de"
The connection between Computer and User is stored in a MS SQL Database or in a CSV/TXT File.
Is it possible to replace the Computer Entry with the corresponding Username and then send it to a Syslog server?
I did not found a possibility to load something like a key-Value List.