In Syslog viewer I'm trying to setup a Syslog message pattern to match when a user logs into a cisco device and exclude 1 user.
I know that doing *Login Success* matches on any user login but I want to exclude a single user login.
This pattern works to match all users except for "solarwinds" in a regex tester but doesn't seem to work when applied to my syslog rule.
.*Login Success \[user: (?!solarwinds).*
The syslog message is something like this.
1556: 001556: Login Success [user: solarwinds] [Source: 1.1.1.1] [localport: 22] at 09:00:00 EDT Mon Jan 15 2019
Regex tester I'm using is http://regexr.com