With the case revamp on fortiSIEM 7.2.0, there was a need to have users
in the "FortiSIEM Analysts", which seemed to work fine. Until the group
was magically empty after a while. It seems that our scheduled discovery
for LDAP are moving users back fr...
Can your resolve collectors connect to-
os-pkgs-cdn.fortisiem.fortinet.com- os-pkgs-r8.fortisiem.fortinet.comon
port 443?Otherwise that could be the issue
Right, so I've fiddled a bit with the parser using your example raw log
The fix I made to make it parse the above log was on row 184 (regex for
NETSCALER-SSLVPN-LOGOUT) The regex looking for
Total_compressedbytes_send & Total_compressedbytes_recv dif...
Do you have an example log? And it seems like the built-in parser is
supposed to pluck out user, duration and a lot of other stuffbelow is
the snippet for sslvpn logout - Client_ip
- Nat_ip
(?:|"<:patStrEndQuote>"|<:gPatStr>) -
Vserver : - Start_tim...
