>>> | | |
$VAR2 = 4980519 04/12/2004 21:07:37.440 SEV=4 AUTH/22 RPT=1151
User [agra02] Group [cisco3015] connected, Session Type: IPSec
####
1081800476 3 Mon Apr 12 15:07:56 2004 test-vpn.mydomain.com u Trap: generic 6 specific 0 args (3): [1] mgmt.mib-2.system.sysUpTime.0 (Ticks): 10825222
1081800476 3 Mon Apr 12 15:07:56 2004 test-vpn.mydomain.com u [2] private.enterprises.3076.2.1.4.4.15.22 (OctetString): 4980519 04/12/2004 21:07:37.440 SEV=4 AUTH/22 RPT=1151
1081800476 3 Mon Apr 12 15:07:56 2004 test-vpn.mydomain.com u User [agra02] Group [cisco3015] connected, Session Type: IPSec
1081800476 3 Mon Apr 12 15:07:56 2004 test-vpn.mydomain.com u [3] private.enterprises.3076.2.1.2.4.1.1 (OctetString): AUTH/22
####
if ($ARGUMENTS==6)
{
($KEY, $DATE, $TIMESTAMP, $SEV, $LOG_NUM, $RPT, $H1, $H2, $USER, $H3, $GROUP, $H4, $H5, $H6, $TYPE) = split(/ /, $VAR2);
$USER =~ s/\[//;
$USER =~ s/\]//;
$GROUP =~ s/\[//;
$GROUP =~ s/\]//;
# Old code handling ends here. This is the new piece you suggested.
my ($user, $group, $connected, $type) = $VAR2 =~ /^User \[(\w+)\] Group \[(\w+)\] (\w+), Session Type: +(\w+)$/;
print TRAPDATA "\n>>> $user | $group | $connected | $type\n";
print TRAPDATA "\$VAR2 = $VAR2\n";
}