About mzharfan

I want to integrate WLC to Palo-Alto I've done converting the snmp to syslog using rsyslog But I don't get how to parse it in palo alto   here 3 syslog messages I got from wireshark when a user tries to login Jun 10 14:08:37 localhost snmptrapd[10216]: 2017-06-10 14:08:37 <UNKNOWN> [UDP: [172.20.253.50]:32768->[172.20.10.43]:162]:#012DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2630000) 7:18:20.00#011SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.599.0.4#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.1.0 = Hex-STRING: 60 D8 19 CD 36 11 #011SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP33-Barat"#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.0 = Hex-STRING: 00 2C C8 67 33 90 #011SNMPv2-SMI::enterprises.9.9.513.1.2.1.1.1.0 = Gauge32: 0#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.10.0 = IpAddress: 172.20.40.3#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.27.0 = STRING: "amet"#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.28.0 = STRING: "IPC_WIFI_NEW"   Jun 10 14:08:37 localhost snmptrapd[10216]: 2017-06-10 14:08:37 <UNKNOWN> [UDP: [172.20.253.50]:32768->[172.20.10.43]:162]:#012DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2630000) 7:18:20.00#011SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.599.0.8#011SNMPv2-SMI::enterprises.9.9.513.1.2.1.1.1.0 = Gauge32: 0#011SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0.44.200.103.51.144 = STRING: "AP33-Barat"#011SNMPv2-SMI::enterprises.9.9.599.1.3.2.1.2.0 = INTEGER: 1#011SNMPv2-SMI::enterprises.9.9.599.1.3.2.1.3.0 = Hex-STRING: AC 14 28 03 #011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.27.96.216.25.205.54.17 = STRING: "amet"#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.28.96.216.25.205.54.17 = STRING: "IPC_WIFI_NEW"#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.38.96.216.25.205.54.17 = ""#011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.8.96.216.25.205.54.17 = Hex-STRING: 00 2C C8 67 33 90   Jun 10 14:08:37 localhost snmptrapd[10216]: 2017-06-10 14:08:37 <UNKNOWN> [UDP: [172.20.253.50]:32768->[172.20.10.43]:162]:#012DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (2630000) 7:18:20.00#011SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.9.9.515.0.3#011SNMPv2-SMI::enterprises.9.9.515.1.1.0 = STRING: "amet"#011SNMPv2-SMI::enterprises.9.9.515.2.5.1.1.6.0 = Hex-STRING: 00 2C C8 67 33 90 #011SNMPv2-SMI::enterprises.9.9.515.2.5.1.1.3.0 = Hex-STRING: 60 D8 19 CD 36 11 #011SNMPv2-SMI::enterprises.9.9.599.1.3.1.1.10.0 = IpAddress: 172.20.40.3#011SNMPv2-SMI::enterprises.9.9.513.1.1.1.1.5.0 = STRING: "AP33-Barat"   The user info is username = amet IP user = 172.20.40.3   Could you please let me know which is, - event string - username prefix - username delimiter - address prefix - address delimiter   Thanks in advance ... View more