Skip to content

Instantly share code, notes, and snippets.

@adriansr

adriansr/ciscoasa-pipeline.js

Created April 21, 2020 08:50
Show Gist options
  • Save adriansr/37911fc3cb5d57ee4c205a424ba192a0 to your computer and use it in GitHub Desktop.
Save adriansr/37911fc3cb5d57ee4c205a424ba192a0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ciscoasa-pipeline.js
This file has been truncated, but you can view the full file.
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
// Register params from configuration.
function register(params) {
device = new DeviceProcessor();
}
function process(evt) {
return device.process(evt);
}
function DeviceProcessor() {
var builder = new processor.Chain();
builder.Add(save_flags);
builder.Add(chain1);
builder.Add(restore_flags);
var chain = builder.Build();
return {
process: chain.Run,
}
}
var map_srcDirName = {
keyvaluepairs: {
"0": dup2456,
"1": dup2455,
},
};
var map_dstDirName = {
keyvaluepairs: {
"0": dup2455,
"1": dup2456,
},
};
var map_dir2SumType = {
keyvaluepairs: {
"0": constant("2"),
"1": constant("3"),
},
"default": constant("0"),
};
var map_dir2Address = {
keyvaluepairs: {
"0": field("saddr"),
"1": field("daddr"),
},
"default": field("saddr"),
};
var map_dir2Port = {
keyvaluepairs: {
"0": field("sport"),
"1": field("dport"),
},
"default": field("sport"),
};
var dup0 = set_field({
dest: "nwparser.messageid",
value: constant("CISCOASA_GENERIC"),
});
var dup1 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801010100"),
});
var dup2 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402102"),
});
var dup3 = match({
dissect: {
tokenizer: "Group policy deleted: name:%{p0}",
field: "nwparser.payload",
},
});
var dup4 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup5 = match({
dissect: {
tokenizer: " Type:%{fld1}",
field: "nwparser.p1",
},
});
var dup6 = set_field({
dest: "nwparser.eventcategory",
value: constant("1502040000"),
});
var dup7 = set_field({
dest: "nwparser.msg_id1",
value: constant("502112"),
});
var dup8 = match({
dissect: {
tokenizer: "PPTP Tunnel created, tunnel_id is %{fld1}, remote_peer_ip is %{saddr}, ppp_virtual_interface_id is %{fld2}, client_dynamic_ip is %{daddr}, username is %{p0}",
field: "nwparser.payload",
},
});
var dup9 = match({
dissect: {
tokenizer: ", MPPE_key_strength is %{fld3}",
field: "nwparser.p1",
},
});
var dup10 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020100"),
});
var dup11 = set_field({
dest: "nwparser.msg_id1",
value: constant("603104"),
});
var dup12 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{p0}",
field: "nwparser.payload",
},
});
var dup13 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Tunnel Rejected: %{action}",
field: "nwparser.p1",
},
});
var dup14 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605000000"),
});
var dup15 = set_field({
dest: "nwparser.msg_id1",
value: constant("713060"),
});
var dup16 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801000000"),
});
var dup17 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713121"),
});
var dup18 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701020000"),
});
var dup19 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715058"),
});
var dup20 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1606000000"),
});
var dup21 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199009:01"),
});
var dup22 = match({
dissect: {
tokenizer: "Reloaded at %{event_time_string} by %{p0}",
field: "nwparser.payload",
},
});
var dup23 = match({
dissect: {
tokenizer: " from %{process}. Reload reason: %{p2}",
field: "nwparser.p1",
},
});
var dup24 = linear_select([
match({
dissect: {
tokenizer: " [%{result}] %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup25 = set_field({
dest: "nwparser.eventcategory",
value: constant("1606000000"),
});
var dup26 = set_field({
dest: "nwparser.msg_id1",
value: constant("199009"),
});
var dup27 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030305"),
});
var dup28 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415006"),
});
var dup29 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605000000"),
});
var dup30 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714001"),
});
var dup31 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup32 = match({
dissect: {
tokenizer: ", %{action}: msg id = %{fld1}",
field: "nwparser.p0",
},
});
var dup33 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801000000"),
});
var dup34 = set_field({
dest: "nwparser.msg_id1",
value: constant("714005"),
});
var dup35 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715068"),
});
var dup36 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113039"),
});
var dup37 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273"),
});
var dup38 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273:01"),
});
var dup39 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273:02"),
});
var dup40 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714004"),
});
var dup41 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605020000"),
});
var dup42 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714004:01"),
});
var dup43 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805010000"),
});
var dup44 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110001"),
});
var dup45 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603000000"),
});
var dup46 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751025"),
});
var dup47 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603110000"),
});
var dup48 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105038"),
});
var dup49 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805020000"),
});
var dup50 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318008"),
});
var dup51 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("711001"),
});
var dup52 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713240"),
});
var dup53 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup54 = match({
dissect: {
tokenizer: ", %{action} history (%{fld1})",
field: "nwparser.p0",
},
});
var dup55 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010100"),
});
var dup56 = set_field({
dest: "nwparser.msg_id1",
value: constant("715065"),
});
var dup57 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718021"),
});
var dup58 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701000000"),
});
var dup59 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721003"),
});
var dup60 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103003"),
});
var dup61 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803000000"),
});
var dup62 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("429002"),
});
var dup63 = match({
dissect: {
tokenizer: "Group \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup64 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup65 = match({
dissect: {
tokenizer: " IP \u003c\u003c %{p2}",
field: "nwparser.p1",
},
});
var dup66 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup67 = match({
dissect: {
tokenizer: " \u003e SVC closing connection: %{info}.",
field: "nwparser.p3",
},
});
var dup68 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030100"),
});
var dup69 = set_field({
dest: "nwparser.msg_id1",
value: constant("722037"),
});
var dup70 = match({
dissect: {
tokenizer: "AAA user %{p0}",
field: "nwparser.payload",
},
});
var dup71 = linear_select([
match({
dissect: {
tokenizer: " authentication %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " authorization %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup72 = match({
dissect: {
tokenizer: " Rejected : reason = %{result} : server = %{p2}",
field: "nwparser.p1",
},
});
var dup73 = linear_select([
match({
dissect: {
tokenizer: " %{hostip} : %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{hostip}, %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup74 = match({
dissect: {
tokenizer: " %{p4}",
field: "nwparser.p3",
},
});
var dup75 = linear_select([
match({
dissect: {
tokenizer: " User %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " user %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup76 = match({
dissect: {
tokenizer: " = %{p6}",
field: "nwparser.p5",
},
});
var dup77 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup78 = match({
dissect: {
tokenizer: " : %{p8}",
field: "nwparser.p7",
},
});
var dup79 = linear_select([
match({
dissect: {
tokenizer: "user IP%{p9}",
field: "nwparser.p8",
},
}),
match({
dissect: {
tokenizer: "User IP%{p9}",
field: "nwparser.p8",
},
}),
]);
var dup80 = match({
dissect: {
tokenizer: " = %{saddr}",
field: "nwparser.p9",
},
});
var dup81 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301000000"),
});
var dup82 = set_field({
dest: "nwparser.msg_id1",
value: constant("113005:01"),
});
var dup83 = set_field({
dest: "nwparser.msg_id1",
value: constant("113005"),
});
var dup84 = match({
dissect: {
tokenizer: "AAA transaction status %{disposition} : user = %{p0}",
field: "nwparser.payload",
},
});
var dup85 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401060000"),
});
var dup86 = set_field({
dest: "nwparser.msg_id1",
value: constant("113008"),
});
var dup87 = linear_select([
match({
dissect: {
tokenizer: " FWSM console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " PIX console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Console %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup88 = match({
dissect: {
tokenizer: " enable password incorrect for %{fld1} tries (from %{hostip})",
field: "nwparser.p0",
},
});
var dup89 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050200"),
});
var dup90 = set_field({
dest: "nwparser.msg_id1",
value: constant("308001"),
});
var dup91 = match({
dissect: {
tokenizer: "Fail to establish SSH session because%{p0}",
field: "nwparser.payload",
},
});
var dup92 = linear_select([
match({
dissect: {
tokenizer: " PIX RSA host key retrieval failed.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{space}RSA host key retrieval failed.%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup93 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603000000"),
});
var dup94 = set_field({
dest: "nwparser.msg_id1",
value: constant("315004"),
});
var dup95 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338308"),
});
var dup96 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713905:04"),
});
var dup97 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}",
field: "nwparser.p1",
},
});
var dup98 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905"),
});
var dup99 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup100 = match({
dissect: {
tokenizer: ", %{p1}",
field: "nwparser.p0",
},
});
var dup101 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} port %{sport} to %{daddr} port %{dport} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p2}",
field: "nwparser.p1",
},
}),
]);
var dup102 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905:01"),
});
var dup103 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713905:02"),
});
var dup104 = match({
dissect: {
tokenizer: "Username = %{p0}",
field: "nwparser.payload",
},
});
var dup105 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905:03"),
});
var dup106 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613030100"),
});
var dup107 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717004"),
});
var dup108 = match({
dissect: {
tokenizer: "Auth start for user %{p0}",
field: "nwparser.payload",
},
});
var dup109 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup110 = set_field({
dest: "nwparser.eventcategory",
value: constant("1304000000"),
});
var dup111 = set_field({
dest: "nwparser.msg_id1",
value: constant("109001"),
});
var dup112 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199003"),
});
var dup113 = match({
dissect: {
tokenizer: "New user added to local dbase: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup114 = match({
dissect: {
tokenizer: " Priv: %{fld1} Encpass: %{fld2}",
field: "nwparser.p1",
},
});
var dup115 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020200"),
});
var dup116 = set_field({
dest: "nwparser.msg_id1",
value: constant("502101"),
});
var dup117 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717047"),
});
var dup118 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109022"),
});
var dup119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305009"),
});
var dup120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("332004"),
});
var dup121 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501000000"),
});
var dup122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611303"),
});
var dup123 = linear_select([
match({
dissect: {
tokenizer: "Mate%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "%{info} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup124 = linear_select([
match({
dissect: {
tokenizer: "Matehas a %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{space}has a %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup125 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603010000"),
});
var dup126 = set_field({
dest: "nwparser.msg_id1",
value: constant("105047"),
});
var dup127 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup128 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} Java applet started. %{info}.",
field: "nwparser.p1",
},
});
var dup129 = set_field({
dest: "nwparser.msg_id1",
value: constant("716043"),
});
var dup130 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720040"),
});
var dup131 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1604000000"),
});
var dup132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721002"),
});
var dup133 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104003"),
});
var dup134 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746006"),
});
var dup135 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501020000"),
});
var dup136 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("731001"),
});
var dup137 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1002000000"),
});
var dup138 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("404102"),
});
var dup139 = linear_select([
match({
dissect: {
tokenizer: " PDM %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " ASDM %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup140 = match({
dissect: {
tokenizer: " session number %{sessionid} from %{hostip} started",
field: "nwparser.p0",
},
});
var dup141 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050100"),
});
var dup142 = set_field({
dest: "nwparser.msg_id1",
value: constant("606001"),
});
var dup143 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613003"),
});
var dup144 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup145 = match({
dissect: {
tokenizer: ", IKE Initiator: %{p1}",
field: "nwparser.p0",
},
});
var dup146 = linear_select([
match({
dissect: {
tokenizer: " Rekeying %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " New %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup147 = match({
dissect: {
tokenizer: " Phase %{p3}",
field: "nwparser.p2",
},
});
var dup148 = linear_select([
match({
dissect: {
tokenizer: " 1 %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " 2 %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup149 = match({
dissect: {
tokenizer: ", Intf %{fld1}, IKE Peer %{fld2} %{info}",
field: "nwparser.p4",
},
});
var dup150 = set_field({
dest: "nwparser.msg_id1",
value: constant("713041"),
});
var dup151 = match({
dissect: {
tokenizer: "IKE Initiator: %{p0}",
field: "nwparser.payload",
},
});
var dup152 = linear_select([
match({
dissect: {
tokenizer: " Rekeying %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " New %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup153 = match({
dissect: {
tokenizer: " Phase 2, Intf %{fld1}, IKE Peer %{fld2} %{info}",
field: "nwparser.p1",
},
});
var dup154 = set_field({
dest: "nwparser.msg_id1",
value: constant("713041:01"),
});
var dup155 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718046"),
});
var dup156 = match({
dissect: {
tokenizer: "%{process}:%{p0}",
field: "nwparser.payload",
},
});
var dup157 = linear_select([
match({
dissect: {
tokenizer: " Session=%{sessionid}, Added %{hostip} to standby %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Added %{hostip} to standby %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup158 = set_field({
dest: "nwparser.msg_id1",
value: constant("737029"),
});
var dup159 = linear_select([
match({
dissect: {
tokenizer: " authentication %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " authorization %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " accounting %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup160 = match({
dissect: {
tokenizer: " Successful : server = %{hostip} : user = %{p2}",
field: "nwparser.p1",
},
});
var dup161 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup162 = set_field({
dest: "nwparser.msg_id1",
value: constant("113004"),
});
var dup163 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324001"),
});
var dup164 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403501"),
});
var dup165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713177"),
});
var dup166 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401050100"),
});
var dup167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309002"),
});
var dup168 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020100"),
});
var dup169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400015"),
});
var dup170 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1002020000"),
});
var dup171 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400031"),
});
var dup172 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733103"),
});
var dup173 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup174 = match({
dissect: {
tokenizer: "@%{saddr} Accessed %{p1}",
field: "nwparser.p0",
},
});
var dup175 = linear_select([
match({
dissect: {
tokenizer: " JAVA URL %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " URL %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup176 = match({
dissect: {
tokenizer: " %{daddr}: %{url}",
field: "nwparser.p2",
},
});
var dup177 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204010000"),
});
var dup178 = set_field({
dest: "nwparser.msg_id1",
value: constant("304001"),
});
var dup179 = match({
dissect: {
tokenizer: "%{saddr} Accessed %{p0}",
field: "nwparser.payload",
},
});
var dup180 = linear_select([
match({
dissect: {
tokenizer: " JAVA URL %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " URL %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup181 = match({
dissect: {
tokenizer: " %{daddr}: %{url}",
field: "nwparser.p1",
},
});
var dup182 = set_field({
dest: "nwparser.msg_id1",
value: constant("304001:01"),
});
var dup183 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1303000000"),
});
var dup184 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109021"),
});
var dup185 = match({
dissect: {
tokenizer: "Login permitted from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service} for user %{p0}",
field: "nwparser.payload",
},
});
var dup186 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup187 = set_field({
dest: "nwparser.msg_id1",
value: constant("605005"),
});
var dup188 = match({
dissect: {
tokenizer: "%{result} for user %{p0}",
field: "nwparser.payload",
},
});
var dup189 = set_field({
dest: "nwparser.msg_id1",
value: constant("605005:01"),
});
var dup190 = match({
dissect: {
tokenizer: "Removing v1 %{p0}",
field: "nwparser.payload",
},
});
var dup191 = linear_select([
match({
dissect: {
tokenizer: " primary %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " secondary %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup192 = match({
dissect: {
tokenizer: " PDP Context with TID %{fld1} from GGSN %{fld2} and SGSN %{fld3}, Reason: %{event_description}",
field: "nwparser.p1",
},
});
var dup193 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701000000"),
});
var dup194 = set_field({
dest: "nwparser.msg_id1",
value: constant("617002"),
});
var dup195 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617002:01"),
});
var dup196 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715050"),
});
var dup197 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737019"),
});
var dup198 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737019:01"),
});
var dup199 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1207010200"),
});
var dup200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108003"),
});
var dup201 = match({
dissect: {
tokenizer: "Terminating %{network_service} connection; malicious pattern detected in the %{space} mail address from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}. %{p0}",
field: "nwparser.payload",
},
});
var dup202 = linear_select([
match({
dissect: {
tokenizer: " Mail Address %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Data %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup203 = match({
dissect: {
tokenizer: " :%{result}",
field: "nwparser.p1",
},
});
var dup204 = set_field({
dest: "nwparser.eventcategory",
value: constant("1207010200"),
});
var dup205 = set_field({
dest: "nwparser.msg_id1",
value: constant("108003:01"),
});
var dup206 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108006"),
});
var dup207 = match({
dissect: {
tokenizer: "%{service}: An %{direction} SA (SPI= %{fld1}) between %{saddr} and %{daddr} %{p0}",
field: "nwparser.payload",
},
});
var dup208 = linear_select([
match({
dissect: {
tokenizer: " (user=%{username}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup209 = match({
dissect: {
tokenizer: " %{action}",
field: "nwparser.p1",
},
});
var dup210 = set_field({
dest: "nwparser.msg_id1",
value: constant("602304"),
});
var dup211 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105020"),
});
var dup212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602102"),
});
var dup213 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{p2}",
field: "nwparser.p1",
},
});
var dup214 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} duration from %{fld1} to %{fld2} seconds%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup215 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613040200"),
});
var dup216 = set_field({
dest: "nwparser.msg_id1",
value: constant("713075"),
});
var dup217 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} ,%{p0}",
field: "nwparser.payload",
},
});
var dup218 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} to %{fld2} seconds %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup219 = set_field({
dest: "nwparser.msg_id1",
value: constant("713075:01"),
});
var dup220 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1304000000"),
});
var dup221 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717025"),
});
var dup222 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801020000"),
});
var dup223 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722034"),
});
var dup224 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1})\u003e %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr}\u003e %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup225 = match({
dissect: {
tokenizer: " Received large packet %{bytes} (%{info}).",
field: "nwparser.p3",
},
});
var dup226 = set_field({
dest: "nwparser.msg_id1",
value: constant("722035"),
});
var dup227 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030200"),
});
var dup228 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("406002"),
});
var dup229 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620002:01"),
});
var dup230 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620002"),
});
var dup231 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752015"),
});
var dup232 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701070000"),
});
var dup233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611319"),
});
var dup234 = match({
dissect: {
tokenizer: "New group policy added: name:%{p0}",
field: "nwparser.payload",
},
});
var dup235 = set_field({
dest: "nwparser.eventcategory",
value: constant("1502030000"),
});
var dup236 = set_field({
dest: "nwparser.msg_id1",
value: constant("502111"),
});
var dup237 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611322"),
});
var dup238 = match({
dissect: {
tokenizer: "%{process}: %{p0}",
field: "nwparser.payload",
},
});
var dup239 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Freeing%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Freeing%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup240 = match({
dissect: {
tokenizer: " DHCP address %{hostip}",
field: "nwparser.p1",
},
});
var dup241 = set_field({
dest: "nwparser.msg_id1",
value: constant("737015"),
});
var dup242 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400001"),
});
var dup243 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603020000"),
});
var dup244 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210022"),
});
var dup245 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415001"),
});
var dup246 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("506001"),
});
var dup247 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720021"),
});
var dup248 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201001"),
});
var dup249 = match({
dissect: {
tokenizer: "Dynamic %{p0}",
field: "nwparser.payload",
},
});
var dup250 = linear_select([
match({
dissect: {
tokenizer: " Filter %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " filter %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup251 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup252 = set_field({
dest: "nwparser.msg_id1",
value: constant("338008"),
});
var dup253 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030300"),
});
var dup254 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405002"),
});
var dup255 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444102"),
});
var dup256 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501040000"),
});
var dup257 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109024"),
});
var dup258 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803010000"),
});
var dup259 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106016"),
});
var dup260 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106016:01"),
});
var dup261 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1607000000"),
});
var dup262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338310"),
});
var dup263 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720046"),
});
var dup264 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737003:01"),
});
var dup265 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737003"),
});
var dup266 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737026"),
});
var dup267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737026:01"),
});
var dup268 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1702030000"),
});
var dup269 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105040"),
});
var dup270 = match({
dissect: {
tokenizer: "Authentication failed for admin user %{p0}",
field: "nwparser.payload",
},
});
var dup271 = match({
dissect: {
tokenizer: " from %{saddr}. Interactive challenge processing is not supported for %{p2}",
field: "nwparser.p1",
},
});
var dup272 = linear_select([
match({
dissect: {
tokenizer: " administrative %{protocol} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{protocol} %{info} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup273 = match({
dissect: {
tokenizer: " connections%{}",
field: "nwparser.p3",
},
});
var dup274 = set_field({
dest: "nwparser.msg_id1",
value: constant("109033:01"),
});
var dup275 = match({
dissect: {
tokenizer: " from %{saddr}.",
field: "nwparser.p1",
},
});
var dup276 = set_field({
dest: "nwparser.msg_id1",
value: constant("109033"),
});
var dup277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720063"),
});
var dup278 = match({
dissect: {
tokenizer: "access-list %{listnum} denied %{p0}",
field: "nwparser.payload",
},
});
var dup279 = linear_select([
match({
dissect: {
tokenizer: "%{protocol} for user '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{protocol} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup280 = match({
dissect: {
tokenizer: "%{sinterface}/%{p2}",
field: "nwparser.p1",
},
});
var dup281 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}(%{sport}) -\u003e %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} %{sport} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup282 = match({
dissect: {
tokenizer: "%{dinterface}/%{p4}",
field: "nwparser.p3",
},
});
var dup283 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}(%{dport}) hit-cnt %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: "%{daddr} %{dport} hit-cnt %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup284 = match({
dissect: {
tokenizer: "%{dclass_counter1} %{info}",
field: "nwparser.p5",
},
});
var dup285 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803000000"),
});
var dup286 = set_field({
dest: "nwparser.msg_id1",
value: constant("106102:02"),
});
var dup287 = match({
dissect: {
tokenizer: "access-list %{listnum} permitted %{p0}",
field: "nwparser.payload",
},
});
var dup288 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020000"),
});
var dup289 = set_field({
dest: "nwparser.msg_id1",
value: constant("106102:01"),
});
var dup290 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106102"),
});
var dup291 = match({
dissect: {
tokenizer: "AAA group policy for user %{p0}",
field: "nwparser.payload",
},
});
var dup292 = match({
dissect: {
tokenizer: " is being set to %{p2}",
field: "nwparser.p1",
},
});
var dup293 = linear_select([
match({
dissect: {
tokenizer: " %{policyname}. %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{policyname} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup294 = set_field({
dest: "nwparser.msg_id1",
value: constant("113003"),
});
var dup295 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709006"),
});
var dup296 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725011"),
});
var dup297 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105034"),
});
var dup298 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105034:01"),
});
var dup299 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305004"),
});
var dup300 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311004"),
});
var dup301 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400020"),
});
var dup302 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718005"),
});
var dup303 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750007"),
});
var dup304 = match({
dissect: {
tokenizer: "Rebuilt %{protocol} connection %{connectionid} for %{p0}",
field: "nwparser.payload",
},
});
var dup305 = linear_select([
match({
dissect: {
tokenizer: " faddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " foreign_address %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup306 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p2}",
field: "nwparser.p1",
},
});
var dup307 = linear_select([
match({
dissect: {
tokenizer: " gaddr %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " global_address %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup308 = match({
dissect: {
tokenizer: " %{hostip}/%{network_port} %{p4}",
field: "nwparser.p3",
},
});
var dup309 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " local_address %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup310 = match({
dissect: {
tokenizer: " %{daddr}/%{dport}",
field: "nwparser.p5",
},
});
var dup311 = set_field({
dest: "nwparser.msg_id1",
value: constant("302009:01"),
});
var dup312 = match({
dissect: {
tokenizer: "Rebuild connection for %{p0}",
field: "nwparser.payload",
},
});
var dup313 = set_field({
dest: "nwparser.msg_id1",
value: constant("302009"),
});
var dup314 = linear_select([
match({
dissect: {
tokenizer: " Received %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Receive %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup315 = match({
dissect: {
tokenizer: " invalid packet: %{result} from %{saddr}, %{interface}",
field: "nwparser.p0",
},
});
var dup316 = set_field({
dest: "nwparser.eventcategory",
value: constant("1703000000"),
});
var dup317 = set_field({
dest: "nwparser.msg_id1",
value: constant("409003"),
});
var dup318 = linear_select([
match({
dissect: {
tokenizer: " Adding %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Removing %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup319 = match({
dissect: {
tokenizer: " tracked route %{info}, distance %{dclass_counter1}, table %{filename}, on interface %{interface}",
field: "nwparser.p0",
},
});
var dup320 = set_field({
dest: "nwparser.msg_id1",
value: constant("622001"),
});
var dup321 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup322 = match({
dissect: {
tokenizer: " %{event_description}",
field: "nwparser.p0",
},
});
var dup323 = set_field({
dest: "nwparser.msg_id1",
value: constant("715049:01"),
});
var dup324 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup325 = set_field({
dest: "nwparser.msg_id1",
value: constant("715049"),
});
var dup326 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} serial number: %{serial_number}, subject name: %{cert_subject}, issuer name: %{dn}%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup327 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613030100"),
});
var dup328 = set_field({
dest: "nwparser.msg_id1",
value: constant("717009"),
});
var dup329 = linear_select([
match({
dissect: {
tokenizer: "IKEv1%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "IKEv2%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup330 = match({
dissect: {
tokenizer: " was successful at setting up a tunnel. Map Tag = %{fld1}. Map Sequence Number = %{fld2}.",
field: "nwparser.p0",
},
});
var dup331 = set_field({
dest: "nwparser.msg_id1",
value: constant("752016"),
});
var dup332 = linear_select([
match({
dissect: {
tokenizer: " Auth from %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Auth %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup333 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{daddr}/%{dport} failed (server %{hostip} failed) on interface %{sinterface}",
field: "nwparser.p0",
},
});
var dup334 = set_field({
dest: "nwparser.eventcategory",
value: constant("1303000000"),
});
var dup335 = set_field({
dest: "nwparser.msg_id1",
value: constant("109002"),
});
var dup336 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204000000"),
});
var dup337 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304006"),
});
var dup338 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1610000000"),
});
var dup339 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505006"),
});
var dup340 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("615002"),
});
var dup341 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613040200"),
});
var dup342 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713073"),
});
var dup343 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603010000"),
});
var dup344 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101004"),
});
var dup345 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313003"),
});
var dup346 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313003:01"),
});
var dup347 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324002"),
});
var dup348 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715075"),
});
var dup349 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401050200"),
});
var dup350 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307004"),
});
var dup351 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338305"),
});
var dup352 = match({
dissect: {
tokenizer: ", %{action}",
field: "nwparser.p0",
},
});
var dup353 = set_field({
dest: "nwparser.msg_id1",
value: constant("715063"),
});
var dup354 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718056"),
});
var dup355 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109023"),
});
var dup356 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109023:01"),
});
var dup357 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801020100"),
});
var dup358 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602301"),
});
var dup359 = match({
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{group_object} \u003e GroupPolicy \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup360 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld2}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup361 = match({
dissect: {
tokenizer: " \u003e No address available for SVC connection%{}",
field: "nwparser.p3",
},
});
var dup362 = set_field({
dest: "nwparser.msg_id1",
value: constant("722020"),
});
var dup363 = match({
dissect: {
tokenizer: "identity doesn't match negotiated identity %{p0}",
field: "nwparser.payload",
},
});
var dup364 = linear_select([
match({
dissect: {
tokenizer: " ip %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (ip) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup365 = match({
dissect: {
tokenizer: " dest_addr=%{daddr}, src_addr=%{saddr}, prot= %{protocol}, (ident) %{info}",
field: "nwparser.p1",
},
});
var dup366 = set_field({
dest: "nwparser.msg_id1",
value: constant("402103"),
});
var dup367 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201006"),
});
var dup368 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210003"),
});
var dup369 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603040000"),
});
var dup370 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213002"),
});
var dup371 = match({
dissect: {
tokenizer: "Built %{p0}",
field: "nwparser.payload",
},
});
var dup372 = linear_select([
match({
dissect: {
tokenizer: "backup%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "director%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup373 = match({
dissect: {
tokenizer: " stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{fld1}) to %{dinterface}:%{daddr}/%{dport} (%{fld2})",
field: "nwparser.p1",
},
});
var dup374 = set_field({
dest: "nwparser.msg_id1",
value: constant("302026"),
});
var dup375 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321001"),
});
var dup376 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321001:01"),
});
var dup377 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324007"),
});
var dup378 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1703000000"),
});
var dup379 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409011"),
});
var dup380 = match({
dissect: {
tokenizer: "Too many connections on %{p0}",
field: "nwparser.payload",
},
});
var dup381 = linear_select([
match({
dissect: {
tokenizer: " static %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " xlate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup382 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1} %{fld2}",
field: "nwparser.p1",
},
});
var dup383 = set_field({
dest: "nwparser.msg_id1",
value: constant("201002"),
});
var dup384 = match({
dissect: {
tokenizer: "Too many %{p0}",
field: "nwparser.payload",
},
});
var dup385 = linear_select([
match({
dissect: {
tokenizer: " TCP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " tcp %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup386 = match({
dissect: {
tokenizer: " connections on %{p2}",
field: "nwparser.p1",
},
});
var dup387 = linear_select([
match({
dissect: {
tokenizer: " static %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " xlate %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup388 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1} %{fld2}",
field: "nwparser.p3",
},
});
var dup389 = set_field({
dest: "nwparser.msg_id1",
value: constant("201002:01"),
});
var dup390 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713128"),
});
var dup391 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713128:01"),
});
var dup392 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713257"),
});
var dup393 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
});
var dup394 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} (seq number %{fld1}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup395 = set_field({
dest: "nwparser.msg_id1",
value: constant("715036:01"),
});
var dup396 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
});
var dup397 = set_field({
dest: "nwparser.msg_id1",
value: constant("715036"),
});
var dup398 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701010000"),
});
var dup399 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420004"),
});
var dup400 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}:%{info}",
field: "nwparser.p1",
},
});
var dup401 = set_field({
dest: "nwparser.msg_id1",
value: constant("713034"),
});
var dup402 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713034:01"),
});
var dup403 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("776252"),
});
var dup404 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("609001"),
});
var dup405 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400021"),
});
var dup406 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720062"),
});
var dup407 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752006"),
});
var dup408 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103007"),
});
var dup409 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504001:01"),
});
var dup410 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504001"),
});
var dup411 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{hostip}\u003e User ACL \u003c\u003c%{info}\u003e from AAA ignored, AV-PAIR ACL used instead",
field: "nwparser.p1",
},
});
var dup412 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204020000"),
});
var dup413 = set_field({
dest: "nwparser.msg_id1",
value: constant("113034"),
});
var dup414 = match({
dissect: {
tokenizer: "SSH login session failed from %{saddr} on (%{fld1} attempts) on interface %{interface} by user %{p0}",
field: "nwparser.payload",
},
});
var dup415 = set_field({
dest: "nwparser.msg_id1",
value: constant("315003"),
});
var dup416 = match({
dissect: {
tokenizer: "SSH login session failed from %{saddr}(%{fld1} attempts) on interface %{interface} by user %{p0}",
field: "nwparser.payload",
},
});
var dup417 = linear_select([
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup418 = set_field({
dest: "nwparser.msg_id1",
value: constant("315003:01"),
});
var dup419 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("616001:01"),
});
var dup420 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("616001"),
});
var dup421 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup422 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} for peer %{peer}. Reason: %{result} %{info}",
field: "nwparser.p0",
},
});
var dup423 = set_field({
dest: "nwparser.msg_id1",
value: constant("713050"),
});
var dup424 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("316001"),
});
var dup425 = match({
dissect: {
tokenizer: "Cannot %{p0}",
field: "nwparser.payload",
},
});
var dup426 = linear_select([
match({
dissect: {
tokenizer: " create %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "creat %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup427 = match({
dissect: {
tokenizer: " more isakmp peers, exceeding the limit of %{fld1} peers",
field: "nwparser.p1",
},
});
var dup428 = set_field({
dest: "nwparser.msg_id1",
value: constant("316001:01"),
});
var dup429 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113022"),
});
var dup430 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801030000"),
});
var dup431 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302002"),
});
var dup432 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302002:01"),
});
var dup433 = linear_select([
match({
dissect: {
tokenizer: "backup%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "director%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "forwarder%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup434 = set_field({
dest: "nwparser.msg_id1",
value: constant("302024"),
});
var dup435 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713127"),
});
var dup436 = match({
dissect: {
tokenizer: ",%{info}",
field: "nwparser.p0",
},
});
var dup437 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701030000"),
});
var dup438 = set_field({
dest: "nwparser.msg_id1",
value: constant("713213"),
});
var dup439 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718072"),
});
var dup440 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107002"),
});
var dup441 = linear_select([
match({
dissect: {
tokenizer: " Authentication: successful, group = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup442 = match({
dissect: {
tokenizer: " \u003c\u003c%{group}\u003e %{p1}",
field: "nwparser.p0",
},
});
var dup443 = linear_select([
match({
dissect: {
tokenizer: " User %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " user = %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup444 = match({
dissect: {
tokenizer: " %{p3}",
field: "nwparser.p2",
},
});
var dup445 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup446 = match({
dissect: {
tokenizer: " %{p5}",
field: "nwparser.p4",
},
});
var dup447 = linear_select([
match({
dissect: {
tokenizer: " IP = %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " IP %{p6}",
field: "nwparser.p5",
},
}),
]);
var dup448 = match({
dissect: {
tokenizer: " \u003c\u003c%{saddr}\u003e%{p7}",
field: "nwparser.p6",
},
});
var dup449 = linear_select([
match({
dissect: {
tokenizer: " , Session Type %{p8}",
field: "nwparser.p7",
},
}),
match({
dissect: {
tokenizer: " %{space}Authentication: successful, Session Type %{p8}",
field: "nwparser.p7",
},
}),
]);
var dup450 = match({
dissect: {
tokenizer: ": %{network_service}",
field: "nwparser.p8",
},
});
var dup451 = set_field({
dest: "nwparser.msg_id1",
value: constant("716038"),
});
var dup452 = match({
dissect: {
tokenizer: " %{p2}",
field: "nwparser.p1",
},
});
var dup453 = linear_select([
match({
dissect: {
tokenizer: " permitted %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " monitored %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup454 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup455 = set_field({
dest: "nwparser.msg_id1",
value: constant("338003"),
});
var dup456 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402117"),
});
var dup457 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714003"),
});
var dup458 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715041"),
});
var dup459 = match({
dissect: {
tokenizer: "(%{context}) Mate license (%{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup460 = linear_select([
match({
dissect: {
tokenizer: " Contexts %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " contexts %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Enabled %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup461 = match({
dissect: {
tokenizer: ") is not compatible with my license (%{fld2} %{p2}",
field: "nwparser.p1",
},
});
var dup462 = linear_select([
match({
dissect: {
tokenizer: " Contexts %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " contexts %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " Disabled %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup463 = match({
dissect: {
tokenizer: ").%{}",
field: "nwparser.p3",
},
});
var dup464 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702030000"),
});
var dup465 = set_field({
dest: "nwparser.msg_id1",
value: constant("105045"),
});
var dup466 = match({
dissect: {
tokenizer: "User %{p0}",
field: "nwparser.payload",
},
});
var dup467 = match({
dissect: {
tokenizer: " executed %{p2}",
field: "nwparser.p1",
},
});
var dup468 = linear_select([
match({
dissect: {
tokenizer: " the command %{action} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " the '%{action}' command %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup469 = set_field({
dest: "nwparser.msg_id1",
value: constant("111008"),
});
var dup470 = match({
dissect: {
tokenizer: "Parsing downloaded ACL: WARNING: %{p0}",
field: "nwparser.payload",
},
});
var dup471 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{listnum}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{listnum}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{listnum} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup472 = match({
dissect: {
tokenizer: " %{result}",
field: "nwparser.p1",
},
});
var dup473 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501050100"),
});
var dup474 = set_field({
dest: "nwparser.msg_id1",
value: constant("109029"),
});
var dup475 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501050100"),
});
var dup476 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109029:01"),
});
var dup477 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604104"),
});
var dup478 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup479 = match({
dissect: {
tokenizer: " %{action}:%{info}",
field: "nwparser.p0",
},
});
var dup480 = set_field({
dest: "nwparser.msg_id1",
value: constant("715064"),
});
var dup481 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717026"),
});
var dup482 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718022"),
});
var dup483 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801030100"),
});
var dup484 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722047"),
});
var dup485 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750006"),
});
var dup486 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204020000"),
});
var dup487 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713203"),
});
var dup488 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409002"),
});
var dup489 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801010000"),
});
var dup490 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409005"),
});
var dup491 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409009"),
});
var dup492 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713122"),
});
var dup493 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717024"),
});
var dup494 = match({
dissect: {
tokenizer: "IP %{p0}",
field: "nwparser.payload",
},
});
var dup495 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup496 = match({
dissect: {
tokenizer: " %{event_description}.",
field: "nwparser.p1",
},
});
var dup497 = set_field({
dest: "nwparser.msg_id1",
value: constant("722001"),
});
var dup498 = match({
dissect: {
tokenizer: " \u003e %{p4}",
field: "nwparser.p3",
},
});
var dup499 = linear_select([
match({
dissect: {
tokenizer: " TCP SVC %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " UDP SVC %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " SVC %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup500 = match({
dissect: {
tokenizer: " connection established %{p6}",
field: "nwparser.p5",
},
});
var dup501 = linear_select([
match({
dissect: {
tokenizer: " without %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " with %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup502 = match({
dissect: {
tokenizer: " %{obj_type} compression",
field: "nwparser.p7",
},
});
var dup503 = set_field({
dest: "nwparser.msg_id1",
value: constant("722022"),
});
var dup504 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("401001"),
});
var dup505 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710006"),
});
var dup506 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303004"),
});
var dup507 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not a recognized %{p0}",
field: "nwparser.payload",
},
});
var dup508 = linear_select([
match({
dissect: {
tokenizer: " type. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " type %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup509 = set_field({
dest: "nwparser.msg_id1",
value: constant("413003"),
});
var dup510 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup511 = match({
dissect: {
tokenizer: " %{action}, spi %{dst_spi}",
field: "nwparser.p0",
},
});
var dup512 = set_field({
dest: "nwparser.msg_id1",
value: constant("715077"),
});
var dup513 = match({
dissect: {
tokenizer: "Pitcher: %{result} %{p0}",
field: "nwparser.payload",
},
});
var dup514 = linear_select([
match({
dissect: {
tokenizer: " , spi %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " spi %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup515 = match({
dissect: {
tokenizer: " %{dst_spi}",
field: "nwparser.p1",
},
});
var dup516 = set_field({
dest: "nwparser.msg_id1",
value: constant("715077:01"),
});
var dup517 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318003"),
});
var dup518 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 %{p0}",
field: "nwparser.payload",
},
});
var dup519 = linear_select([
match({
dissect: {
tokenizer: " deleted %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " delete %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup520 = match({
dissect: {
tokenizer: " received (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup521 = set_field({
dest: "nwparser.msg_id1",
value: constant("702201:01"),
});
var dup522 = match({
dissect: {
tokenizer: " received (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup523 = set_field({
dest: "nwparser.msg_id1",
value: constant("702201"),
});
var dup524 = set_field({
dest: "nwparser.msg_id1",
value: constant("713218"),
});
var dup525 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318001"),
});
var dup526 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{p2}",
field: "nwparser.p1",
},
});
var dup527 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} for client address: %{fld1} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup528 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701010000"),
});
var dup529 = set_field({
dest: "nwparser.msg_id1",
value: constant("713204"),
});
var dup530 = match({
dissect: {
tokenizer: " WebVPN Unable to create session%{}",
field: "nwparser.p1",
},
});
var dup531 = set_field({
dest: "nwparser.msg_id1",
value: constant("716007"),
});
var dup532 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401060000"),
});
var dup533 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746012"),
});
var dup534 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746012:01"),
});
var dup535 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup536 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{result}",
field: "nwparser.p0",
},
});
var dup537 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805000000"),
});
var dup538 = set_field({
dest: "nwparser.msg_id1",
value: constant("713171"),
});
var dup539 = match({
dissect: {
tokenizer: "CRYPTO: The ASA is skipping the writing of latest Crypto Archive File as the maximum # of files (%{fld2}) allowed have been written to %{p0}",
field: "nwparser.payload",
},
});
var dup540 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{filename}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{filename}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{filename} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup541 = match({
dissect: {
tokenizer: ". Please archive \u0026 remove files from %{fld3} if you want more Crypto Archive Files saved",
field: "nwparser.p1",
},
});
var dup542 = set_field({
dest: "nwparser.msg_id1",
value: constant("402127"),
});
var dup543 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611317"),
});
var dup544 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("701002"),
});
var dup545 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105044"),
});
var dup546 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737013"),
});
var dup547 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109010"),
});
var dup548 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("214001"),
});
var dup549 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup550 = set_field({
dest: "nwparser.msg_id1",
value: constant("338001"),
});
var dup551 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105003"),
});
var dup552 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} session terminated: %{result}",
field: "nwparser.p1",
},
});
var dup553 = set_field({
dest: "nwparser.msg_id1",
value: constant("716002"),
});
var dup554 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737012"),
});
var dup555 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737012:01"),
});
var dup556 = match({
dissect: {
tokenizer: "Address %{hostip} (%{web_domain}) %{p0}",
field: "nwparser.payload",
},
});
var dup557 = linear_select([
match({
dissect: {
tokenizer: " timed out. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " timed out, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup558 = match({
dissect: {
tokenizer: " Removing rule%{}",
field: "nwparser.p1",
},
});
var dup559 = set_field({
dest: "nwparser.msg_id1",
value: constant("338303"),
});
var dup560 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444109"),
});
var dup561 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324005"),
});
var dup562 = match({
dissect: {
tokenizer: "Orderly reload started at %{fld1} by %{p0}",
field: "nwparser.payload",
},
});
var dup563 = linear_select([
match({
dissect: {
tokenizer: " %{username} from %{protocol} (remote %{saddr})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup564 = match({
dissect: {
tokenizer: ". Reload reason: %{result}",
field: "nwparser.p1",
},
});
var dup565 = set_field({
dest: "nwparser.msg_id1",
value: constant("199006"),
});
var dup566 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803020000"),
});
var dup567 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313001"),
});
var dup568 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500002"),
});
var dup569 = match({
dissect: {
tokenizer: "%{service} daemon: Login %{p0}",
field: "nwparser.payload",
},
});
var dup570 = linear_select([
match({
dissect: {
tokenizer: " failed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " failure %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup571 = match({
dissect: {
tokenizer: " from %{saddr} for user %{p2}",
field: "nwparser.p1",
},
});
var dup572 = linear_select([
match({
dissect: {
tokenizer: " \"%{username}\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup573 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401030000"),
});
var dup574 = set_field({
dest: "nwparser.msg_id1",
value: constant("605003"),
});
var dup575 = match({
dissect: {
tokenizer: "%{action} : reason = %{result} : server = %{hostip} : user = %{p0}",
field: "nwparser.payload",
},
});
var dup576 = set_field({
dest: "nwparser.msg_id1",
value: constant("113016"),
});
var dup577 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752003"),
});
var dup578 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Session is being torn down. Reason: %{result}",
field: "nwparser.p1",
},
});
var dup579 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030000"),
});
var dup580 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259"),
});
var dup581 = match({
dissect: {
tokenizer: ", Session is being torn down. Reason: %{result}",
field: "nwparser.p0",
},
});
var dup582 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259:01"),
});
var dup583 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259:02"),
});
var dup584 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400009"),
});
var dup585 = match({
dissect: {
tokenizer: "User priv level changed: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup586 = match({
dissect: {
tokenizer: " From: %{fld1} To: %{fld2}",
field: "nwparser.p1",
},
});
var dup587 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020300"),
});
var dup588 = set_field({
dest: "nwparser.msg_id1",
value: constant("502103"),
});
var dup589 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602302"),
});
var dup590 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305003"),
});
var dup591 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305003:01"),
});
var dup592 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505003"),
});
var dup593 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313004"),
});
var dup594 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313004:01"),
});
var dup595 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213001"),
});
var dup596 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400008"),
});
var dup597 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020200"),
});
var dup598 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400030"),
});
var dup599 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113020"),
});
var dup600 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199909"),
});
var dup601 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210008"),
});
var dup602 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application reloading \"%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips, application reloading \"%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup603 = match({
dissect: {
tokenizer: "%{application}\", %{info}",
field: "nwparser.p0",
},
});
var dup604 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702010000"),
});
var dup605 = set_field({
dest: "nwparser.msg_id1",
value: constant("505013"),
});
var dup606 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718015"),
});
var dup607 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715071"),
});
var dup608 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717041"),
});
var dup609 = match({
dissect: {
tokenizer: "AAA retrieved user specific group policy %{p0}",
field: "nwparser.payload",
},
});
var dup610 = linear_select([
match({
dissect: {
tokenizer: " (%{policyname}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{policyname} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup611 = match({
dissect: {
tokenizer: " for user = %{p2}",
field: "nwparser.p1",
},
});
var dup612 = set_field({
dest: "nwparser.msg_id1",
value: constant("113011"),
});
var dup613 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("326001"),
});
var dup614 = linear_select([
match({
dissect: {
tokenizer: " Shun added: %{result} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Shuns added %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup615 = set_field({
dest: "nwparser.msg_id1",
value: constant("401002"),
});
var dup616 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718051"),
});
var dup617 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1} experienced a data channel communication failure, data channel is DOWN%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips experienced a data channel communication failure, data channel is DOWN%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup618 = set_field({
dest: "nwparser.msg_id1",
value: constant("323006"),
});
var dup619 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737006"),
});
var dup620 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737006:01"),
});
var dup621 = match({
dissect: {
tokenizer: "Begin configuration: %{p0}",
field: "nwparser.payload",
},
});
var dup622 = linear_select([
match({
dissect: {
tokenizer: " Console %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " console %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup623 = match({
dissect: {
tokenizer: " reading from %{device}",
field: "nwparser.p1",
},
});
var dup624 = set_field({
dest: "nwparser.msg_id1",
value: constant("111007"),
});
var dup625 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1608000000"),
});
var dup626 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421006"),
});
var dup627 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720028"),
});
var dup628 = match({
dissect: {
tokenizer: "Unable to install ACL '%{listnum}', downloaded for user %{p0}",
field: "nwparser.payload",
},
});
var dup629 = match({
dissect: {
tokenizer: "; Error in ACE: '%{result}'",
field: "nwparser.p1",
},
});
var dup630 = set_field({
dest: "nwparser.msg_id1",
value: constant("109032"),
});
var dup631 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318007"),
});
var dup632 = match({
dissect: {
tokenizer: " %{p2}",
field: "nwparser.p1",
},
});
var dup633 = linear_select([
match({
dissect: {
tokenizer: " action %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " monitored %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup634 = match({
dissect: {
tokenizer: " whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{hostip} resolved from %{listnum} list: %{info}",
field: "nwparser.p3",
},
});
var dup635 = set_field({
dest: "nwparser.msg_id1",
value: constant("338104"),
});
var dup636 = match({
dissect: {
tokenizer: "Login denied from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service} for user %{p0}",
field: "nwparser.payload",
},
});
var dup637 = set_field({
dest: "nwparser.msg_id1",
value: constant("605004"),
});
var dup638 = match({
dissect: {
tokenizer: "%{action} for user %{p0}",
field: "nwparser.payload",
},
});
var dup639 = set_field({
dest: "nwparser.msg_id1",
value: constant("605004:01"),
});
var dup640 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302304"),
});
var dup641 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199907"),
});
var dup642 = linear_select([
match({
dissect: {
tokenizer: " LEAVING %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Leaving %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup643 = match({
dissect: {
tokenizer: " ALLOW mode, URL Server%{}",
field: "nwparser.p0",
},
});
var dup644 = set_field({
dest: "nwparser.msg_id1",
value: constant("304008"),
});
var dup645 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400035"),
});
var dup646 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713222"),
});
var dup647 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120008"),
});
var dup648 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{dst_spi}, sequence number= %{fld2}) from %{saddr} %{p0}",
field: "nwparser.payload",
},
});
var dup649 = match({
dissect: {
tokenizer: " to %{daddr} that failed anti-replay checking.",
field: "nwparser.p1",
},
});
var dup650 = set_field({
dest: "nwparser.msg_id1",
value: constant("402119"),
});
var dup651 = match({
dissect: {
tokenizer: "ISAKMP session %{p0}",
field: "nwparser.payload",
},
});
var dup652 = linear_select([
match({
dissect: {
tokenizer: " connected %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " connect %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup653 = match({
dissect: {
tokenizer: " (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup654 = set_field({
dest: "nwparser.msg_id1",
value: constant("602202:01"),
});
var dup655 = match({
dissect: {
tokenizer: " (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup656 = set_field({
dest: "nwparser.msg_id1",
value: constant("602202"),
});
var dup657 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} session started",
field: "nwparser.p1",
},
});
var dup658 = set_field({
dest: "nwparser.msg_id1",
value: constant("716001"),
});
var dup659 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("337009"),
});
var dup660 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321002"),
});
var dup661 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323001"),
});
var dup662 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1611000000"),
});
var dup663 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505001"),
});
var dup664 = match({
dissect: {
tokenizer: "Group = %{group}, %{p0}",
field: "nwparser.payload",
},
});
var dup665 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup666 = match({
dissect: {
tokenizer: ", %{action}",
field: "nwparser.p1",
},
});
var dup667 = set_field({
dest: "nwparser.msg_id1",
value: constant("715022"),
});
var dup668 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746016"),
});
var dup669 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105011"),
});
var dup670 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505004"),
});
var dup671 = set_field({
dest: "nwparser.msg_id1",
value: constant("713035"),
});
var dup672 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713035:01"),
});
var dup673 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e SVC Session Termination:%{info}",
field: "nwparser.p1",
},
});
var dup674 = set_field({
dest: "nwparser.msg_id1",
value: constant("722030"),
});
var dup675 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304007"),
});
var dup676 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("203001"),
});
var dup677 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400018"),
});
var dup678 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722005"),
});
var dup679 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737014"),
});
var dup680 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601000000"),
});
var dup681 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103005"),
});
var dup682 = set_field({
dest: "nwparser.msg_id1",
value: constant("715048"),
});
var dup683 = set_field({
dest: "nwparser.msg_id1",
value: constant("722029"),
});
var dup684 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("769001"),
});
var dup685 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701060000"),
});
var dup686 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611318"),
});
var dup687 = match({
dissect: {
tokenizer: "Unable to %{p0}",
field: "nwparser.payload",
},
});
var dup688 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocate %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup689 = match({
dissect: {
tokenizer: " %{service} Call Signalling Connection for %{p2}",
field: "nwparser.p1",
},
});
var dup690 = linear_select([
match({
dissect: {
tokenizer: " foreign_address %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " faddr %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup691 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup692 = match({
dissect: {
tokenizer: " to %{p6}",
field: "nwparser.p5",
},
});
var dup693 = linear_select([
match({
dissect: {
tokenizer: " local_address %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " laddr %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup694 = match({
dissect: {
tokenizer: " %{p8}",
field: "nwparser.p7",
},
});
var dup695 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p9}",
field: "nwparser.p8",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p9}",
field: "nwparser.p8",
},
}),
]);
var dup696 = set_field({
dest: "nwparser.msg_id1",
value: constant("405101"),
});
var dup697 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702207"),
});
var dup698 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702207:01"),
});
var dup699 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713123:01"),
});
var dup700 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713123"),
});
var dup701 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400019"),
});
var dup702 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710001"),
});
var dup703 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213004"),
});
var dup704 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}:%{info}",
field: "nwparser.p1",
},
});
var dup705 = set_field({
dest: "nwparser.msg_id1",
value: constant("713025"),
});
var dup706 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713025:01"),
});
var dup707 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713170"),
});
var dup708 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718045"),
});
var dup709 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721001"),
});
var dup710 = match({
dissect: {
tokenizer: "DCERPC %{p0}",
field: "nwparser.payload",
},
});
var dup711 = linear_select([
match({
dissect: {
tokenizer: " unknown %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " request %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup712 = match({
dissect: {
tokenizer: " non-standard major version %{version} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, %{result}",
field: "nwparser.p1",
},
});
var dup713 = set_field({
dest: "nwparser.msg_id1",
value: constant("508001"),
});
var dup714 = match({
dissect: {
tokenizer: "L2TP Tunnel %{p0}",
field: "nwparser.payload",
},
});
var dup715 = linear_select([
match({
dissect: {
tokenizer: " deleted, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " deleted %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup716 = match({
dissect: {
tokenizer: " tunnel_id = %{fld1} remote_peer_ip =%{saddr}",
field: "nwparser.p1",
},
});
var dup717 = set_field({
dest: "nwparser.msg_id1",
value: constant("603107"),
});
var dup718 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611310"),
});
var dup719 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702301"),
});
var dup720 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106100"),
});
var dup721 = match({
dissect: {
tokenizer: "access-list %{listnum} %{p0}",
field: "nwparser.payload",
},
});
var dup722 = linear_select([
match({
dissect: {
tokenizer: " est-allowed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " permitted %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup723 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport})(%{domain}\\%{username}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup724 = linear_select([
match({
dissect: {
tokenizer: "(%{dport})(%{fld7})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup725 = match({
dissect: {
tokenizer: " hit-cnt %{dclass_counter1} %{fld6}",
field: "nwparser.p3",
},
});
var dup726 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:01"),
});
var dup727 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport})(%{fld5}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup728 = linear_select([
match({
dissect: {
tokenizer: "(%{dport})(%{domain}\\%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})(%{fld7})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup729 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:02"),
});
var dup730 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup731 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:03"),
});
var dup732 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("412001"),
});
var dup733 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505014"),
});
var dup734 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307002"),
});
var dup735 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:07"),
});
var dup736 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup737 = linear_select([
match({
dissect: {
tokenizer: "%{stransport})(%{domain}\\%{fld3})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{stransport}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup738 = match({
dissect: {
tokenizer: "to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) %{p2}",
field: "nwparser.p1",
},
});
var dup739 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup740 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013"),
});
var dup741 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) to %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) %{p0}",
field: "nwparser.payload",
},
});
var dup742 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup743 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:01"),
});
var dup744 = linear_select([
match({
dissect: {
tokenizer: "%{stransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{stransport}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup745 = match({
dissect: {
tokenizer: " to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.p1",
},
});
var dup746 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:02"),
});
var dup747 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{p0}",
field: "nwparser.payload",
},
});
var dup748 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}:%{fld1} :%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface} :%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup749 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) to %{p2}",
field: "nwparser.p1",
},
});
var dup750 = linear_select([
match({
dissect: {
tokenizer: "%{sinterface}:%{fld2}:%{saddr}/%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup751 = match({
dissect: {
tokenizer: "%{sport} (%{stransaddr}/%{stransport})",
field: "nwparser.p3",
},
});
var dup752 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:03"),
});
var dup753 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:04"),
});
var dup754 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:05"),
});
var dup755 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface} :%{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup756 = linear_select([
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup757 = match({
dissect: {
tokenizer: " to %{p2}",
field: "nwparser.p1",
},
});
var dup758 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:06"),
});
var dup759 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:09"),
});
var dup760 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:08"),
});
var dup761 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701030000"),
});
var dup762 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444005"),
});
var dup763 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713107"),
});
var dup764 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720025"),
});
var dup765 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Unable%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Unable%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup766 = match({
dissect: {
tokenizer: " to remove %{saddr} from standby: %{result}",
field: "nwparser.p1",
},
});
var dup767 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604000000"),
});
var dup768 = set_field({
dest: "nwparser.msg_id1",
value: constant("737032"),
});
var dup769 = linear_select([
match({
dissect: {
tokenizer: " PIX reload %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Reload %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup770 = match({
dissect: {
tokenizer: " command executed from %{p1}",
field: "nwparser.p0",
},
});
var dup771 = linear_select([
match({
dissect: {
tokenizer: " %{process} (remote %{hostip}). %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{hostip}. %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup772 = set_field({
dest: "nwparser.msg_id1",
value: constant("199001:01"),
});
var dup773 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199001"),
});
var dup774 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400000"),
});
var dup775 = match({
dissect: {
tokenizer: " session number %{sessionid} from %{hostip} ended",
field: "nwparser.p0",
},
});
var dup776 = set_field({
dest: "nwparser.msg_id1",
value: constant("606002"),
});
var dup777 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713074"),
});
var dup778 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr} , %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup779 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} to %{fld2} kbs %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup780 = set_field({
dest: "nwparser.msg_id1",
value: constant("713076"),
});
var dup781 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722006"),
});
var dup782 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108002"),
});
var dup783 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405104"),
});
var dup784 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420003"),
});
var dup785 = match({
dissect: {
tokenizer: "ISAKMP Phase 2 %{p0}",
field: "nwparser.payload",
},
});
var dup786 = linear_select([
match({
dissect: {
tokenizer: " retransmission %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " retransmit %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup787 = set_field({
dest: "nwparser.msg_id1",
value: constant("702205:01"),
});
var dup788 = set_field({
dest: "nwparser.msg_id1",
value: constant("702205"),
});
var dup789 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup790 = match({
dissect: {
tokenizer: " %{event_description}",
field: "nwparser.p0",
},
});
var dup791 = set_field({
dest: "nwparser.msg_id1",
value: constant("715076"),
});
var dup792 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("726001"),
});
var dup793 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733102"),
});
var dup794 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020300"),
});
var dup795 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400048"),
});
var dup796 = match({
dissect: {
tokenizer: "%{action} : reason = %{result} : local database : user = %{p0}",
field: "nwparser.payload",
},
});
var dup797 = linear_select([
match({
dissect: {
tokenizer: "%{username} : user IP = %{saddr}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup798 = set_field({
dest: "nwparser.msg_id1",
value: constant("113015"),
});
var dup799 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("216005"),
});
var dup800 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403107"),
});
var dup801 = match({
dissect: {
tokenizer: "Dropped UDP DNS %{p0}",
field: "nwparser.payload",
},
});
var dup802 = linear_select([
match({
dissect: {
tokenizer: " reply %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " request %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup803 = match({
dissect: {
tokenizer: " from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{p2}",
field: "nwparser.p1",
},
});
var dup804 = linear_select([
match({
dissect: {
tokenizer: " packet %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " label %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " domain-name %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " compression pointer %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup805 = match({
dissect: {
tokenizer: " length %{bytes} bytes exceeds %{p4}",
field: "nwparser.p3",
},
});
var dup806 = linear_select([
match({
dissect: {
tokenizer: "remaining packet length %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " configured %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " protocol %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " packet length %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup807 = match({
dissect: {
tokenizer: " limit of %{fld2} bytes",
field: "nwparser.p5",
},
});
var dup808 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010000"),
});
var dup809 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001"),
});
var dup810 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport}; %{p2}",
field: "nwparser.p1",
},
});
var dup811 = linear_select([
match({
dissect: {
tokenizer: " packet %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " label %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup812 = linear_select([
match({
dissect: {
tokenizer: " configured %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " protocol %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup813 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001:02"),
});
var dup814 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("410001:03"),
});
var dup815 = match({
dissect: {
tokenizer: "UDP DNS packet dropped due to %{p0}",
field: "nwparser.payload",
},
});
var dup816 = linear_select([
match({
dissect: {
tokenizer: " compression %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " domainname %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " label %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " packet %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup817 = match({
dissect: {
tokenizer: " length check of %{bytes} bytes: actual length:%{fld11} bytes",
field: "nwparser.p1",
},
});
var dup818 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001:01"),
});
var dup819 = match({
dissect: {
tokenizer: "Line protocol on Interface %{interface} %{p0}",
field: "nwparser.payload",
},
});
var dup820 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup821 = set_field({
dest: "nwparser.msg_id1",
value: constant("411001"),
});
var dup822 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604101"),
});
var dup823 = match({
dissect: {
tokenizer: "ISAKMP Phase 2 exchange %{p0}",
field: "nwparser.payload",
},
});
var dup824 = linear_select([
match({
dissect: {
tokenizer: " started %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " start %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup825 = set_field({
dest: "nwparser.msg_id1",
value: constant("702209:01"),
});
var dup826 = set_field({
dest: "nwparser.msg_id1",
value: constant("702209"),
});
var dup827 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106015"),
});
var dup828 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106015:01"),
});
var dup829 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}",
field: "nwparser.p1",
},
});
var dup830 = set_field({
dest: "nwparser.msg_id1",
value: constant("713131"),
});
var dup831 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713131:01"),
});
var dup832 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105004"),
});
var dup833 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("301001"),
});
var dup834 = match({
dissect: {
tokenizer: "User deleted from local dbase: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup835 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020100"),
});
var dup836 = set_field({
dest: "nwparser.msg_id1",
value: constant("502102"),
});
var dup837 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613002"),
});
var dup838 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617004"),
});
var dup839 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720002"),
});
var dup840 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101005"),
});
var dup841 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722025"),
});
var dup842 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400029"),
});
var dup843 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710007"),
});
var dup844 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715033"),
});
var dup845 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717037"),
});
var dup846 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("507001"),
});
var dup847 = match({
dissect: {
tokenizer: ", running '%{fld1}' from IP %{saddr}, executed '%{action}'",
field: "nwparser.p1",
},
});
var dup848 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401040000"),
});
var dup849 = set_field({
dest: "nwparser.msg_id1",
value: constant("111010"),
});
var dup850 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212002"),
});
var dup851 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400047"),
});
var dup852 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} access GRANTED: %{url}",
field: "nwparser.p1",
},
});
var dup853 = set_field({
dest: "nwparser.msg_id1",
value: constant("716003"),
});
var dup854 = linear_select([
match({
dissect: {
tokenizer: " Console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup855 = match({
dissect: {
tokenizer: " end configuration: %{disposition}",
field: "nwparser.p0",
},
});
var dup856 = set_field({
dest: "nwparser.msg_id1",
value: constant("111004"),
});
var dup857 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199004"),
});
var dup858 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1604010000"),
});
var dup859 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311002"),
});
var dup860 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717006"),
});
var dup861 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603030000"),
});
var dup862 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105035"),
});
var dup863 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500003"),
});
var dup864 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210006"),
});
var dup865 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402123"),
});
var dup866 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{hostip}\u003e Secure Desktop Results: %{info}",
field: "nwparser.p1",
},
});
var dup867 = set_field({
dest: "nwparser.eventcategory",
value: constant("1704010000"),
});
var dup868 = set_field({
dest: "nwparser.msg_id1",
value: constant("724004"),
});
var dup869 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737005"),
});
var dup870 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005"),
});
var dup871 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:01"),
});
var dup872 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:02"),
});
var dup873 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:03"),
});
var dup874 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415014"),
});
var dup875 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302022"),
});
var dup876 = match({
dissect: {
tokenizer: " stub %{protocol} connection for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.p1",
},
});
var dup877 = set_field({
dest: "nwparser.msg_id1",
value: constant("302022:01"),
});
var dup878 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("315005"),
});
var dup879 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713149"),
});
var dup880 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, DHCP%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " DHCP%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup881 = match({
dissect: {
tokenizer: " request attempt %{dclass_counter1} succeeded",
field: "nwparser.p1",
},
});
var dup882 = set_field({
dest: "nwparser.msg_id1",
value: constant("737017"),
});
var dup883 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201012"),
});
var dup884 = match({
dissect: {
tokenizer: " executed cmd:%{action}",
field: "nwparser.p1",
},
});
var dup885 = set_field({
dest: "nwparser.msg_id1",
value: constant("111009"),
});
var dup886 = match({
dissect: {
tokenizer: "Unable to open AAA session. Session limit %{p0}",
field: "nwparser.payload",
},
});
var dup887 = linear_select([
match({
dissect: {
tokenizer: " %{fld1} reached. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " reached. %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup888 = set_field({
dest: "nwparser.msg_id1",
value: constant("113001:01"),
});
var dup889 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113001"),
});
var dup890 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("416001"),
});
var dup891 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1301000000"),
});
var dup892 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611311"),
});
var dup893 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111002"),
});
var dup894 = match({
dissect: {
tokenizer: "Line protocol on %{p0}",
field: "nwparser.payload",
},
});
var dup895 = linear_select([
match({
dissect: {
tokenizer: " Interface %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " interface %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup896 = match({
dissect: {
tokenizer: " %{interface} %{p2}",
field: "nwparser.p1",
},
});
var dup897 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup898 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603030000"),
});
var dup899 = set_field({
dest: "nwparser.msg_id1",
value: constant("411002"),
});
var dup900 = set_field({
dest: "nwparser.msg_id1",
value: constant("702204:01"),
});
var dup901 = set_field({
dest: "nwparser.msg_id1",
value: constant("702204"),
});
var dup902 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715060"),
});
var dup903 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("216001"),
});
var dup904 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106018"),
});
var dup905 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302023"),
});
var dup906 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302023:01"),
});
var dup907 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("332003"),
});
var dup908 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104001"),
});
var dup909 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104001:01"),
});
var dup910 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup911 = set_field({
dest: "nwparser.msg_id1",
value: constant("338002"),
});
var dup912 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403502"),
});
var dup913 = match({
dissect: {
tokenizer: "SSL server %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport} requesting our device certificate for %{p0}",
field: "nwparser.payload",
},
});
var dup914 = linear_select([
match({
dissect: {
tokenizer: "authentication.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "authentication%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup915 = set_field({
dest: "nwparser.msg_id1",
value: constant("725005:01"),
});
var dup916 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725005"),
});
var dup917 = linear_select([
match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid} Local pool request failed for tunnel-group '%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "%{process} Local pool request failed for tunnel-group '%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup918 = set_field({
dest: "nwparser.msg_id1",
value: constant("737007"),
});
var dup919 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305012:02"),
});
var dup920 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup921 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld51}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup922 = set_field({
dest: "nwparser.msg_id1",
value: constant("305012"),
});
var dup923 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup924 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}(%{fld52}):%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface}:%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup925 = set_field({
dest: "nwparser.msg_id1",
value: constant("305012:01"),
});
var dup926 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1} data channel communication is %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips data channel communication is %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup927 = linear_select([
match({
dissect: {
tokenizer: "UP.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "UP%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup928 = set_field({
dest: "nwparser.msg_id1",
value: constant("505011"),
});
var dup929 = match({
dissect: {
tokenizer: "Authentication failed for user %{p0}",
field: "nwparser.payload",
},
});
var dup930 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.p1",
},
});
var dup931 = set_field({
dest: "nwparser.msg_id1",
value: constant("109006"),
});
var dup932 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302303"),
});
var dup933 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322001"),
});
var dup934 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402106"),
});
var dup935 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101003"),
});
var dup936 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304003"),
});
var dup937 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305011:02"),
});
var dup938 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup939 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup940 = set_field({
dest: "nwparser.msg_id1",
value: constant("305011"),
});
var dup941 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup942 = set_field({
dest: "nwparser.msg_id1",
value: constant("305011:01"),
});
var dup943 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713020"),
});
var dup944 = match({
dissect: {
tokenizer: " \u003e DTLS disabled: %{info}",
field: "nwparser.p3",
},
});
var dup945 = set_field({
dest: "nwparser.msg_id1",
value: constant("722043"),
});
var dup946 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("211003"),
});
var dup947 = match({
dissect: {
tokenizer: "ISAKMP DPD %{p0}",
field: "nwparser.payload",
},
});
var dup948 = linear_select([
match({
dissect: {
tokenizer: " timed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " time %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup949 = match({
dissect: {
tokenizer: " out (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup950 = set_field({
dest: "nwparser.msg_id1",
value: constant("702203:01"),
});
var dup951 = match({
dissect: {
tokenizer: " out (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup952 = set_field({
dest: "nwparser.msg_id1",
value: constant("702203"),
});
var dup953 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737030"),
});
var dup954 = match({
dissect: {
tokenizer: "User logged out: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup955 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401070000"),
});
var dup956 = set_field({
dest: "nwparser.msg_id1",
value: constant("611103"),
});
var dup957 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("724002"),
});
var dup958 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:01"),
});
var dup959 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:03"),
});
var dup960 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:04"),
});
var dup961 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:05"),
});
var dup962 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904"),
});
var dup963 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup964 = set_field({
dest: "nwparser.msg_id1",
value: constant("713904:02"),
});
var dup965 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718069"),
});
var dup966 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1802000000"),
});
var dup967 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746013"),
});
var dup968 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746013:01"),
});
var dup969 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302027"),
});
var dup970 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402114"),
});
var dup971 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444108"),
});
var dup972 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444108:01"),
});
var dup973 = match({
dissect: {
tokenizer: ", %{action}:%{info}",
field: "nwparser.p0",
},
});
var dup974 = set_field({
dest: "nwparser.msg_id1",
value: constant("713024"),
});
var dup975 = set_field({
dest: "nwparser.msg_id1",
value: constant("715042"),
});
var dup976 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720041"),
});
var dup977 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109014"),
});
var dup978 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318005"),
});
var dup979 = set_field({
dest: "nwparser.msg_id1",
value: constant("713201"),
});
var dup980 = set_field({
dest: "nwparser.msg_id1",
value: constant("713201:01"),
});
var dup981 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718073"),
});
var dup982 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737033"),
});
var dup983 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713224"),
});
var dup984 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307001"),
});
var dup985 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307001:01"),
});
var dup986 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Removed%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Removed%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup987 = match({
dissect: {
tokenizer: "%{hostip} from standby",
field: "nwparser.p1",
},
});
var dup988 = set_field({
dest: "nwparser.msg_id1",
value: constant("737031"),
});
var dup989 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750002"),
});
var dup990 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710005"),
});
var dup991 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717036"),
});
var dup992 = match({
dissect: {
tokenizer: "Too many %{protocol} connections on %{p0}",
field: "nwparser.payload",
},
});
var dup993 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1}",
field: "nwparser.p1",
},
});
var dup994 = set_field({
dest: "nwparser.msg_id1",
value: constant("201004:01"),
});
var dup995 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201004"),
});
var dup996 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415003"),
});
var dup997 = match({
dissect: {
tokenizer: " Session could not be established: session limit of maximum_sessions reached%{}",
field: "nwparser.p1",
},
});
var dup998 = set_field({
dest: "nwparser.msg_id1",
value: constant("716023"),
});
var dup999 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104002"),
});
var dup1000 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104002:01"),
});
var dup1001 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400017"),
});
var dup1002 = set_field({
dest: "nwparser.msg_id1",
value: constant("713130"),
});
var dup1003 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001"),
});
var dup1004 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:01"),
});
var dup1005 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:02"),
});
var dup1006 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:03"),
});
var dup1007 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:04"),
});
var dup1008 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444101"),
});
var dup1009 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201005"),
});
var dup1010 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713141"),
});
var dup1011 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717033"),
});
var dup1012 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011"),
});
var dup1013 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:01"),
});
var dup1014 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:02"),
});
var dup1015 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:03"),
});
var dup1016 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613001"),
});
var dup1017 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611301"),
});
var dup1018 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}. %{fld1}",
field: "nwparser.p1",
},
});
var dup1019 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603040000"),
});
var dup1020 = set_field({
dest: "nwparser.msg_id1",
value: constant("713235"),
});
var dup1021 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713235:01"),
});
var dup1022 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717030"),
});
var dup1023 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001:02"),
});
var dup1024 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001:03"),
});
var dup1025 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol} src %{p0}",
field: "nwparser.payload",
},
});
var dup1026 = linear_select([
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{sport} (%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1027 = set_field({
dest: "nwparser.msg_id1",
value: constant("418001:01"),
});
var dup1028 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001"),
});
var dup1029 = match({
dissect: {
tokenizer: "Deny protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1030 = linear_select([
match({
dissect: {
tokenizer: " \\\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \" %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1031 = match({
dissect: {
tokenizer: " %{rule_group} %{p2}",
field: "nwparser.p1",
},
});
var dup1032 = linear_select([
match({
dissect: {
tokenizer: "\\\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " \" %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1033 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023"),
});
var dup1034 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1035 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{domain}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1036 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{p2}",
field: "nwparser.p1",
},
});
var dup1037 = linear_select([
match({
dissect: {
tokenizer: "%{dport}(%{dhost}) by access-group \"%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{dport} by access-group \"%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1038 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:01"),
});
var dup1039 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1040 = linear_select([
match({
dissect: {
tokenizer: "%{dport}(%{domain}\\%{username}) by access-group %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dport}(%{fld2}) by access-group %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dport} by access-group %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1041 = linear_select([
match({
dissect: {
tokenizer: " \"%{rule_group}\" %{fld1} %{p3}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "\"%{rule_group}\"%{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{rule_group} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1042 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:04"),
});
var dup1043 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1044 = linear_select([
match({
dissect: {
tokenizer: " \"%{rule_group}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{rule_group} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1045 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:02"),
});
var dup1046 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202002"),
});
var dup1047 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400014"),
});
var dup1048 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415002"),
});
var dup1049 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201003"),
});
var dup1050 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210007"),
});
var dup1051 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720010"),
});
var dup1052 = match({
dissect: {
tokenizer: "Authorization denied (acl=\"%{listnum}\") for user %{p0}",
field: "nwparser.payload",
},
});
var dup1053 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015"),
});
var dup1054 = match({
dissect: {
tokenizer: "Authorization denied (acl=#%{listnum}#%{group}) for user %{p0}",
field: "nwparser.payload",
},
});
var dup1055 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015:01"),
});
var dup1056 = match({
dissect: {
tokenizer: "Authorization denied (acl=%{listnum}) for user %{p0}",
field: "nwparser.payload",
},
});
var dup1057 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015:02"),
});
var dup1058 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108005:01"),
});
var dup1059 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108005"),
});
var dup1060 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713220"),
});
var dup1061 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603050000"),
});
var dup1062 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105041"),
});
var dup1063 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302007"),
});
var dup1064 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Mismatch: %{event_description}",
field: "nwparser.p1",
},
});
var dup1065 = set_field({
dest: "nwparser.msg_id1",
value: constant("713133"),
});
var dup1066 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e User ACL \u003c\u003c%{listnum}\u003e from %{fld1} ignored, %{info}.",
field: "nwparser.p1",
},
});
var dup1067 = set_field({
dest: "nwparser.eventcategory",
value: constant("1602000000"),
});
var dup1068 = set_field({
dest: "nwparser.msg_id1",
value: constant("716047"),
});
var dup1069 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103006"),
});
var dup1070 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716009"),
});
var dup1071 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1072 = match({
dissect: {
tokenizer: " %{action}: SPI = %{dst_spi}",
field: "nwparser.p1",
},
});
var dup1073 = set_field({
dest: "nwparser.msg_id1",
value: constant("715006"),
});
var dup1074 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715006:01"),
});
var dup1075 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718033"),
});
var dup1076 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403503"),
});
var dup1077 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212001"),
});
var dup1078 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213003"),
});
var dup1079 = match({
dissect: {
tokenizer: "Teardown PPPOE %{p0}",
field: "nwparser.payload",
},
});
var dup1080 = linear_select([
match({
dissect: {
tokenizer: " Tunnel %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " tunnel %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1081 = match({
dissect: {
tokenizer: " at %{interface}, tunnel-id = %{fld1}, remote-peer = %{saddr}",
field: "nwparser.p1",
},
});
var dup1082 = set_field({
dest: "nwparser.msg_id1",
value: constant("603109"),
});
var dup1083 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("612003"),
});
var dup1084 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713169"),
});
var dup1085 = set_field({
dest: "nwparser.msg_id1",
value: constant("722031"),
});
var dup1086 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109039"),
});
var dup1087 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720020"),
});
var dup1088 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720044"),
});
var dup1089 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611305"),
});
var dup1090 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322003"),
});
var dup1091 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400043"),
});
var dup1092 = match({
dissect: {
tokenizer: "PMTU-D packet %{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup1093 = linear_select([
match({
dissect: {
tokenizer: " bytes %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " byte %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1094 = match({
dissect: {
tokenizer: " greater than effective mtu %{fld2} dest_addr=%{daddr}, src_addr=%{saddr}, prot=%{protocol}",
field: "nwparser.p1",
},
});
var dup1095 = set_field({
dest: "nwparser.msg_id1",
value: constant("602101"),
});
var dup1096 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106006"),
});
var dup1097 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106006:01"),
});
var dup1098 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("335004"),
});
var dup1099 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717010"),
});
var dup1100 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113023"),
});
var dup1101 = match({
dissect: {
tokenizer: "Routing failed to locate %{p0}",
field: "nwparser.payload",
},
});
var dup1102 = linear_select([
match({
dissect: {
tokenizer: "next-hop %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " next hop%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1103 = match({
dissect: {
tokenizer: " for %{protocol} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1104 = set_field({
dest: "nwparser.msg_id1",
value: constant("110003:01"),
});
var dup1105 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110003:02"),
});
var dup1106 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110003"),
});
var dup1107 = linear_select([
match({
dissect: {
tokenizer: " initiating %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " initiate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1108 = match({
dissect: {
tokenizer: " rekey (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1109 = set_field({
dest: "nwparser.msg_id1",
value: constant("702212:01"),
});
var dup1110 = match({
dissect: {
tokenizer: " rekey (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1111 = set_field({
dest: "nwparser.msg_id1",
value: constant("702212"),
});
var dup1112 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716051"),
});
var dup1113 = match({
dissect: {
tokenizer: "SMTP made noop: out %{fld1} in %{fld2} %{p0}",
field: "nwparser.payload",
},
});
var dup1114 = linear_select([
match({
dissect: {
tokenizer: " data %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " data: %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1115 = match({
dissect: {
tokenizer: " %{info}",
field: "nwparser.p1",
},
});
var dup1116 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603050000"),
});
var dup1117 = set_field({
dest: "nwparser.msg_id1",
value: constant("108001"),
});
var dup1118 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302003"),
});
var dup1119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317005"),
});
var dup1120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323003"),
});
var dup1121 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601010000"),
});
var dup1122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402125"),
});
var dup1123 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611308"),
});
var dup1124 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718049"),
});
var dup1125 = match({
dissect: {
tokenizer: "Console Login from %{p0}",
field: "nwparser.payload",
},
});
var dup1126 = match({
dissect: {
tokenizer: " at %{saddr}",
field: "nwparser.p1",
},
});
var dup1127 = set_field({
dest: "nwparser.msg_id1",
value: constant("111006"),
});
var dup1128 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106025"),
});
var dup1129 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005"),
});
var dup1130 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005:01"),
});
var dup1131 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005:02"),
});
var dup1132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746018"),
});
var dup1133 = match({
dissect: {
tokenizer: "%{protocol} %{p0}",
field: "nwparser.payload",
},
});
var dup1134 = linear_select([
match({
dissect: {
tokenizer: " Connection %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " connection %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1135 = match({
dissect: {
tokenizer: " denied by %{direction} list %{fld1} src %{saddr}/%{sport} dest %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1136 = set_field({
dest: "nwparser.msg_id1",
value: constant("106002"),
});
var dup1137 = match({
dissect: {
tokenizer: " denied by %{direction} list %{fld1} src %{saddr} %{sport} dest %{daddr} %{dport}",
field: "nwparser.p1",
},
});
var dup1138 = set_field({
dest: "nwparser.msg_id1",
value: constant("106002:01"),
});
var dup1139 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611320"),
});
var dup1140 = match({
dissect: {
tokenizer: "ISAKMP %{p0}",
field: "nwparser.payload",
},
});
var dup1141 = linear_select([
match({
dissect: {
tokenizer: " malformed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " malform %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1142 = match({
dissect: {
tokenizer: " payload received (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1143 = set_field({
dest: "nwparser.msg_id1",
value: constant("702206:01"),
});
var dup1144 = match({
dissect: {
tokenizer: " payload received (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1145 = set_field({
dest: "nwparser.msg_id1",
value: constant("702206"),
});
var dup1146 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713231"),
});
var dup1147 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722050"),
});
var dup1148 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505007"),
});
var dup1149 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105010"),
});
var dup1150 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718039"),
});
var dup1151 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400003"),
});
var dup1152 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("606003"),
});
var dup1153 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("610001"),
});
var dup1154 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750001"),
});
var dup1155 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750001:01"),
});
var dup1156 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106019"),
});
var dup1157 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323002"),
});
var dup1158 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324004"),
});
var dup1159 = match({
dissect: {
tokenizer: " dropped greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1160 = set_field({
dest: "nwparser.msg_id1",
value: constant("338203"),
});
var dup1161 = match({
dissect: {
tokenizer: "Intercepted DNS reply for %{p0}",
field: "nwparser.payload",
},
});
var dup1162 = linear_select([
match({
dissect: {
tokenizer: " domain %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " name %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1163 = match({
dissect: {
tokenizer: " %{web_domain} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, %{result}",
field: "nwparser.p1",
},
});
var dup1164 = set_field({
dest: "nwparser.msg_id1",
value: constant("338301"),
});
var dup1165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304005"),
});
var dup1166 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303005"),
});
var dup1167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504002:01"),
});
var dup1168 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504002"),
});
var dup1169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720004"),
});
var dup1170 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105036"),
});
var dup1171 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105036:01"),
});
var dup1172 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400033"),
});
var dup1173 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409004"),
});
var dup1174 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805000000"),
});
var dup1175 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("503001"),
});
var dup1176 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("308002"),
});
var dup1177 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415008"),
});
var dup1178 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415008:01"),
});
var dup1179 = match({
dissect: {
tokenizer: "%{interface}:%{hostip} is counted as a user %{p0}",
field: "nwparser.payload",
},
});
var dup1180 = linear_select([
match({
dissect: {
tokenizer: " for %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " of %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1181 = match({
dissect: {
tokenizer: " %{product}",
field: "nwparser.p1",
},
});
var dup1182 = set_field({
dest: "nwparser.eventcategory",
value: constant("1608000000"),
});
var dup1183 = set_field({
dest: "nwparser.msg_id1",
value: constant("421005"),
});
var dup1184 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1185 = match({
dissect: {
tokenizer: " Received Invalid SPI notify (SPI %{dst_spi})!",
field: "nwparser.p0",
},
});
var dup1186 = set_field({
dest: "nwparser.msg_id1",
value: constant("713117"),
});
var dup1187 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409006"),
});
var dup1188 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("703001"),
});
var dup1189 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105032"),
});
var dup1190 = match({
dissect: {
tokenizer: "Authen Session Start: user %{p0}",
field: "nwparser.payload",
},
});
var dup1191 = match({
dissect: {
tokenizer: ", sid %{sessionid}",
field: "nwparser.p1",
},
});
var dup1192 = set_field({
dest: "nwparser.msg_id1",
value: constant("109011"),
});
var dup1193 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400012"),
});
var dup1194 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400039"),
});
var dup1195 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611316"),
});
var dup1196 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}.",
field: "nwparser.p1",
},
});
var dup1197 = set_field({
dest: "nwparser.msg_id1",
value: constant("715039"),
});
var dup1198 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715039:01"),
});
var dup1199 = set_field({
dest: "nwparser.msg_id1",
value: constant("715059"),
});
var dup1200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715059:01"),
});
var dup1201 = match({
dissect: {
tokenizer: "Extraction of username from VPN client certificate has %{p0}",
field: "nwparser.payload",
},
});
var dup1202 = linear_select([
match({
dissect: {
tokenizer: " finished %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " been %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1203 = match({
dissect: {
tokenizer: " [Request %{fld1}]",
field: "nwparser.p1",
},
});
var dup1204 = set_field({
dest: "nwparser.msg_id1",
value: constant("113028"),
});
var dup1205 = match({
dissect: {
tokenizer: "AAA unable to complete the request Error : reason = %{result}: user = %{p0}",
field: "nwparser.payload",
},
});
var dup1206 = set_field({
dest: "nwparser.msg_id1",
value: constant("113013"),
});
var dup1207 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} [%{fld1}]",
field: "nwparser.p1",
},
});
var dup1208 = set_field({
dest: "nwparser.msg_id1",
value: constant("713137"),
});
var dup1209 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713137:01"),
});
var dup1210 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735004"),
});
var dup1211 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717043"),
});
var dup1212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603103"),
});
var dup1213 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("211001"),
});
var dup1214 = match({
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{p0}",
field: "nwparser.payload",
},
});
var dup1215 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld1}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld20}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}(%{fld11}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr} gaddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1216 = linear_select([
match({
dissect: {
tokenizer: "%{hostip}/%{fld4} laddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{hostip} laddr %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1217 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{fld12}) type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}(%{fld10})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1218 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020"),
});
var dup1219 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr}/%{dport}(%{domain}\\%{username}) gaddr %{hostip}/%{fld4} laddr %{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1220 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{fld10})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1221 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:04"),
});
var dup1222 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr}/%{dport} gaddr %{hostip}/%{fld4} laddr %{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1223 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{fld20}) type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1224 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:03"),
});
var dup1225 = match({
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{fld4} laddr %{p0}",
field: "nwparser.payload",
},
});
var dup1226 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{fld10})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1227 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:05"),
});
var dup1228 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{p0}",
field: "nwparser.payload",
},
});
var dup1229 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}(%{fld10}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{daddr} gaddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1230 = match({
dissect: {
tokenizer: "%{hostip} laddr %{p2}",
field: "nwparser.p1",
},
});
var dup1231 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}(%{fld11})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1232 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:01"),
});
var dup1233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302020:02"),
});
var dup1234 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("312001"),
});
var dup1235 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505002"),
});
var dup1236 = match({
dissect: {
tokenizer: " sent (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1237 = set_field({
dest: "nwparser.msg_id1",
value: constant("702202:01"),
});
var dup1238 = match({
dissect: {
tokenizer: " sent (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1239 = set_field({
dest: "nwparser.msg_id1",
value: constant("702202"),
});
var dup1240 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104004"),
});
var dup1241 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317003"),
});
var dup1242 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402130"),
});
var dup1243 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709002"),
});
var dup1244 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718058"),
});
var dup1245 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport}(%{sdomain}\\%{fld5}) gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1246 = linear_select([
match({
dissect: {
tokenizer: "%{hostip}/%{fld4} laddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{hostip} laddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1247 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{username} %{p3}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p3}",
field: "nwparser.p1",
},
}),
]);
var dup1248 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021"),
});
var dup1249 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport}(%{fld20}) gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1250 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username}) type %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1251 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021:02"),
});
var dup1252 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport} gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1253 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021:01"),
});
var dup1254 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302015:05"),
});
var dup1255 = match({
dissect: {
tokenizer: " to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport} %{p2}",
field: "nwparser.p1",
},
});
var dup1256 = linear_select([
match({
dissect: {
tokenizer: ") '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: ") (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: ")%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1257 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015"),
});
var dup1258 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015:01"),
});
var dup1259 = match({
dissect: {
tokenizer: "Built %{fld1} %{protocol} connection %{connectionid} for %{dinterface}:%{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup1260 = linear_select([
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{fld3})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1261 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015:03"),
});
var dup1262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302015:04"),
});
var dup1263 = match({
dissect: {
tokenizer: "Built PPTP %{p0}",
field: "nwparser.payload",
},
});
var dup1264 = match({
dissect: {
tokenizer: " at %{interface}, tunnel-id = %{fld1}, remote-peer = %{saddr}, virtual-interface = %{vsys}, client-dynamic-ip = %{daddr}, username = %{p2}",
field: "nwparser.p1",
},
});
var dup1265 = match({
dissect: {
tokenizer: ", MPPE-key-strength = %{fld2}",
field: "nwparser.p3",
},
});
var dup1266 = set_field({
dest: "nwparser.msg_id1",
value: constant("603108"),
});
var dup1267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720003"),
});
var dup1268 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1269 = set_field({
dest: "nwparser.msg_id1",
value: constant("106027"),
});
var dup1270 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006:02"),
});
var dup1271 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006"),
});
var dup1272 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006:01"),
});
var dup1273 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain}",
field: "nwparser.p1",
},
});
var dup1274 = set_field({
dest: "nwparser.msg_id1",
value: constant("338101"),
});
var dup1275 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1103000000"),
});
var dup1276 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400028"),
});
var dup1277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400036"),
});
var dup1278 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604102"),
});
var dup1279 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721004"),
});
var dup1280 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212006"),
});
var dup1281 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313008:01"),
});
var dup1282 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313008"),
});
var dup1283 = match({
dissect: {
tokenizer: ", IP = %{saddr}, User (%{fld1}) authenticated",
field: "nwparser.p1",
},
});
var dup1284 = set_field({
dest: "nwparser.msg_id1",
value: constant("713052"),
});
var dup1285 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202004"),
});
var dup1286 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105031"),
});
var dup1287 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199908"),
});
var dup1288 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617003"),
});
var dup1289 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("742004"),
});
var dup1290 = match({
dissect: {
tokenizer: "AAA user authentication Successful : local database : user = %{p0}",
field: "nwparser.payload",
},
});
var dup1291 = set_field({
dest: "nwparser.msg_id1",
value: constant("113012"),
});
var dup1292 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400024"),
});
var dup1293 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402124"),
});
var dup1294 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611104"),
});
var dup1295 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("711002"),
});
var dup1296 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713042"),
});
var dup1297 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717001"),
});
var dup1298 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720026"),
});
var dup1299 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209005"),
});
var dup1300 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720027"),
});
var dup1301 = linear_select([
match({
dissect: {
tokenizer: " Interface %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " interface %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1302 = match({
dissect: {
tokenizer: " %{interface} %{p1}",
field: "nwparser.p0",
},
});
var dup1303 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1304 = set_field({
dest: "nwparser.msg_id1",
value: constant("411003"),
});
var dup1305 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611304"),
});
var dup1306 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713211"),
});
var dup1307 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400023"),
});
var dup1308 = match({
dissect: {
tokenizer: "Drop %{p0}",
field: "nwparser.payload",
},
});
var dup1309 = linear_select([
match({
dissect: {
tokenizer: " GTPv %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " GTP %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1310 = match({
dissect: {
tokenizer: " %{misc} message %{fld1} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} Reason: %{result}",
field: "nwparser.p1",
},
});
var dup1311 = set_field({
dest: "nwparser.msg_id1",
value: constant("324000"),
});
var dup1312 = set_field({
dest: "nwparser.msg_id1",
value: constant("411004"),
});
var dup1313 = set_field({
dest: "nwparser.msg_id1",
value: constant("715047:01"),
});
var dup1314 = set_field({
dest: "nwparser.msg_id1",
value: constant("715047"),
});
var dup1315 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302010"),
});
var dup1316 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1317 = match({
dissect: {
tokenizer: " Old P1 SA is being deleted but new SA is DEAD, %{result}",
field: "nwparser.p0",
},
});
var dup1318 = set_field({
dest: "nwparser.msg_id1",
value: constant("715052"),
});
var dup1319 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description} user %{p0}",
field: "nwparser.payload",
},
});
var dup1320 = match({
dissect: {
tokenizer: ", IP %{saddr} has been deleted.",
field: "nwparser.p1",
},
});
var dup1321 = set_field({
dest: "nwparser.msg_id1",
value: constant("721018"),
});
var dup1322 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204010000"),
});
var dup1323 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746015"),
});
var dup1324 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106009"),
});
var dup1325 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613030000"),
});
var dup1326 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717002"),
});
var dup1327 = match({
dissect: {
tokenizer: "SSH session from %{saddr} on interface %{interface} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1328 = linear_select([
match({
dissect: {
tokenizer: " \"\"%{username}\"\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1329 = match({
dissect: {
tokenizer: " disconnected by SSH server, reason: %{p2}",
field: "nwparser.p1",
},
});
var dup1330 = linear_select([
match({
dissect: {
tokenizer: " \"\"%{result}\"\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " \"%{result}\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1331 = set_field({
dest: "nwparser.msg_id1",
value: constant("315011"),
});
var dup1332 = match({
dissect: {
tokenizer: " terminated normally%{}",
field: "nwparser.p1",
},
});
var dup1333 = set_field({
dest: "nwparser.msg_id1",
value: constant("315011:01"),
});
var dup1334 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444104"),
});
var dup1335 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1336 = match({
dissect: {
tokenizer: " Automatic NAT Detection Status:%{event_description}",
field: "nwparser.p0",
},
});
var dup1337 = set_field({
dest: "nwparser.msg_id1",
value: constant("713172"),
});
var dup1338 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716059"),
});
var dup1339 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e Stale SVC connection closed.",
field: "nwparser.p1",
},
});
var dup1340 = set_field({
dest: "nwparser.msg_id1",
value: constant("722028"),
});
var dup1341 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("434002"),
});
var dup1342 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309004"),
});
var dup1343 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("414001"),
});
var dup1344 = match({
dissect: {
tokenizer: "Authentication: %{action}, group = \u003c\u003c%{group}\u003e user = %{p0}",
field: "nwparser.payload",
},
});
var dup1345 = match({
dissect: {
tokenizer: " IP = \u003c\u003c %{p2}",
field: "nwparser.p1",
},
});
var dup1346 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{info}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1347 = match({
dissect: {
tokenizer: " \u003e, Session Type: %{network_service}",
field: "nwparser.p3",
},
});
var dup1348 = set_field({
dest: "nwparser.msg_id1",
value: constant("716039"),
});
var dup1349 = match({
dissect: {
tokenizer: "Group \u003c\u003c %{group}\u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup1350 = match({
dissect: {
tokenizer: " \u003e Authentication:%{result} Session Type: %{network_service}",
field: "nwparser.p3",
},
});
var dup1351 = set_field({
dest: "nwparser.msg_id1",
value: constant("716039:01"),
});
var dup1352 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e New %{p2}",
field: "nwparser.p1",
},
});
var dup1353 = linear_select([
match({
dissect: {
tokenizer: " %{protocol} SVC %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " SVC %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1354 = match({
dissect: {
tokenizer: " connection replacing old connection.%{}",
field: "nwparser.p3",
},
});
var dup1355 = set_field({
dest: "nwparser.msg_id1",
value: constant("722032"),
});
var dup1356 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105046"),
});
var dup1357 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702302"),
});
var dup1358 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717005"),
});
var dup1359 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409010"),
});
var dup1360 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305010"),
});
var dup1361 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305010:01"),
});
var dup1362 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403108"),
});
var dup1363 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409013"),
});
var dup1364 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603101"),
});
var dup1365 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715080"),
});
var dup1366 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718062"),
});
var dup1367 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302025"),
});
var dup1368 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603102"),
});
var dup1369 = set_field({
dest: "nwparser.msg_id1",
value: constant("713132"),
});
var dup1370 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1371 = match({
dissect: {
tokenizer: " %{action}",
field: "nwparser.p0",
},
});
var dup1372 = set_field({
dest: "nwparser.msg_id1",
value: constant("713194"),
});
var dup1373 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715034"),
});
var dup1374 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302302"),
});
var dup1375 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714006"),
});
var dup1376 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714006:01"),
});
var dup1377 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("325001"),
});
var dup1378 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("605001"),
});
var dup1379 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725014"),
});
var dup1380 = match({
dissect: {
tokenizer: "Downloaded authorization access-list %{listnum} not found for user %{p0}",
field: "nwparser.payload",
},
});
var dup1381 = set_field({
dest: "nwparser.msg_id1",
value: constant("109016"),
});
var dup1382 = match({
dissect: {
tokenizer: "Can't find authorization ACL '%{listnum}' on '%{interface}' for user %{p0}",
field: "nwparser.payload",
},
});
var dup1383 = set_field({
dest: "nwparser.msg_id1",
value: constant("109016:01"),
});
var dup1384 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737016"),
});
var dup1385 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737016:01"),
});
var dup1386 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421001"),
});
var dup1387 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106001"),
});
var dup1388 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106001:01"),
});
var dup1389 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106008"),
});
var dup1390 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106008:01"),
});
var dup1391 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106020"),
});
var dup1392 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302018"),
});
var dup1393 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} File %{p0}",
field: "nwparser.payload",
},
});
var dup1394 = match({
dissect: {
tokenizer: " as a Soft Reset was necessary. %{fld1}",
field: "nwparser.p1",
},
});
var dup1395 = set_field({
dest: "nwparser.msg_id1",
value: constant("402126"),
});
var dup1396 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611309"),
});
var dup1397 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1302000000"),
});
var dup1398 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717022"),
});
var dup1399 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120001"),
});
var dup1400 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Unknown client %{p0}",
field: "nwparser.payload",
},
});
var dup1401 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{application} for %{product} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \u003c\u003c%{application} %{product} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1402 = match({
dissect: {
tokenizer: " %{version}\u003e connection",
field: "nwparser.p1",
},
});
var dup1403 = set_field({
dest: "nwparser.msg_id1",
value: constant("722053"),
});
var dup1404 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720048"),
});
var dup1405 = match({
dissect: {
tokenizer: "Teardown %{p0}",
field: "nwparser.payload",
},
});
var dup1406 = linear_select([
match({
dissect: {
tokenizer: " local-host %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " localhost %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1407 = match({
dissect: {
tokenizer: "%{interface}:%{hostip} duration %{duration}",
field: "nwparser.p1",
},
});
var dup1408 = set_field({
dest: "nwparser.msg_id1",
value: constant("609002:01"),
});
var dup1409 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752012"),
});
var dup1410 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752012:1"),
});
var dup1411 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106003"),
});
var dup1412 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("404101"),
});
var dup1413 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("607001"),
});
var dup1414 = set_field({
dest: "nwparser.msg_id1",
value: constant("715007"),
});
var dup1415 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613050100"),
});
var dup1416 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715007:01"),
});
var dup1417 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725012"),
});
var dup1418 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725012:01"),
});
var dup1419 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{fld3}%{p4}",
field: "nwparser.p3",
},
});
var dup1420 = linear_select([
match({
dissect: {
tokenizer: " /%{mask}, threat-level: %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " /%{mask} threat-level: %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1421 = set_field({
dest: "nwparser.msg_id1",
value: constant("338004"),
});
var dup1422 = linear_select([
match({
dissect: {
tokenizer: " Shunned %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Shun %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1423 = match({
dissect: {
tokenizer: " packet: %{saddr} ==\u003e %{daddr} on interface %{interface}",
field: "nwparser.p0",
},
});
var dup1424 = set_field({
dest: "nwparser.msg_id1",
value: constant("401004"),
});
var dup1425 = match({
dissect: {
tokenizer: " decompression history reset%{}",
field: "nwparser.p5",
},
});
var dup1426 = set_field({
dest: "nwparser.msg_id1",
value: constant("722027"),
});
var dup1427 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305002"),
});
var dup1428 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106021"),
});
var dup1429 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400040"),
});
var dup1430 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611315"),
});
var dup1431 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Received authentication failure message",
field: "nwparser.p1",
},
});
var dup1432 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301020000"),
});
var dup1433 = set_field({
dest: "nwparser.msg_id1",
value: constant("713251"),
});
var dup1434 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105039"),
});
var dup1435 = match({
dissect: {
tokenizer: "AAA challenge received for user %{p0}",
field: "nwparser.payload",
},
});
var dup1436 = match({
dissect: {
tokenizer: " from server %{hostip}",
field: "nwparser.p1",
},
});
var dup1437 = set_field({
dest: "nwparser.msg_id1",
value: constant("113010"),
});
var dup1438 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("337005"),
});
var dup1439 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105037"),
});
var dup1440 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209002"),
});
var dup1441 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403104"),
});
var dup1442 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1443 = set_field({
dest: "nwparser.msg_id1",
value: constant("713136"),
});
var dup1444 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713255"),
});
var dup1445 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202003"),
});
var dup1446 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415013"),
});
var dup1447 = match({
dissect: {
tokenizer: " connection terminated %{p6}",
field: "nwparser.p5",
},
});
var dup1448 = match({
dissect: {
tokenizer: " compression%{}",
field: "nwparser.p7",
},
});
var dup1449 = set_field({
dest: "nwparser.msg_id1",
value: constant("722023"),
});
var dup1450 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733100"),
});
var dup1451 = match({
dissect: {
tokenizer: "Deny %{direction} %{p0}",
field: "nwparser.payload",
},
});
var dup1452 = linear_select([
match({
dissect: {
tokenizer: " ICMP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " icmp %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1453 = match({
dissect: {
tokenizer: " src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.p1",
},
});
var dup1454 = set_field({
dest: "nwparser.msg_id1",
value: constant("106014"),
});
var dup1455 = match({
dissect: {
tokenizer: ", IP = %{saddr}, IKE Remote Peer configured for crypto map: %{fld1}",
field: "nwparser.p1",
},
});
var dup1456 = set_field({
dest: "nwparser.msg_id1",
value: constant("713066"),
});
var dup1457 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713066:01"),
});
var dup1458 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400022"),
});
var dup1459 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419002"),
});
var dup1460 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419003"),
});
var dup1461 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611321"),
});
var dup1462 = set_field({
dest: "nwparser.msg_id1",
value: constant("715056"),
});
var dup1463 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720032"),
});
var dup1464 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725008"),
});
var dup1465 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725008:01"),
});
var dup1466 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010"),
});
var dup1467 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:01"),
});
var dup1468 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:02"),
});
var dup1469 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:03"),
});
var dup1470 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("615001"),
});
var dup1471 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 exchange %{p0}",
field: "nwparser.payload",
},
});
var dup1472 = linear_select([
match({
dissect: {
tokenizer: " completed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " complete %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1473 = match({
dissect: {
tokenizer: " %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1474 = set_field({
dest: "nwparser.msg_id1",
value: constant("702210:01"),
});
var dup1475 = match({
dissect: {
tokenizer: " %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1476 = set_field({
dest: "nwparser.msg_id1",
value: constant("702210"),
});
var dup1477 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717029"),
});
var dup1478 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Client Type: %{application} %{p0}",
field: "nwparser.payload",
},
});
var dup1479 = linear_select([
match({
dissect: {
tokenizer: "for %{product} %{version}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "v%{version}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1480 = set_field({
dest: "nwparser.msg_id1",
value: constant("722055"),
});
var dup1481 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Received message%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Received message%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1482 = match({
dissect: {
tokenizer: " '%{info}'",
field: "nwparser.p1",
},
});
var dup1483 = set_field({
dest: "nwparser.msg_id1",
value: constant("737001"),
});
var dup1484 = match({
dissect: {
tokenizer: "Permitted SSH session from %{saddr} on interface %{interface} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1485 = set_field({
dest: "nwparser.msg_id1",
value: constant("315002"),
});
var dup1486 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319001:01"),
});
var dup1487 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319001"),
});
var dup1488 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720024"),
});
var dup1489 = set_field({
dest: "nwparser.msg_id1",
value: constant("724003"),
});
var dup1490 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106103:01"),
});
var dup1491 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106103"),
});
var dup1492 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1602000000"),
});
var dup1493 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321005"),
});
var dup1494 = match({
dissect: {
tokenizer: " to %{daddr} that failed authentication.",
field: "nwparser.p1",
},
});
var dup1495 = set_field({
dest: "nwparser.msg_id1",
value: constant("402120"),
});
var dup1496 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611312"),
});
var dup1497 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107001:01"),
});
var dup1498 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107001"),
});
var dup1499 = match({
dissect: {
tokenizer: "Address %{hostip} discovered for domain %{web_domain} from %{p0}",
field: "nwparser.payload",
},
});
var dup1500 = linear_select([
match({
dissect: {
tokenizer: " %{category}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{category}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1501 = match({
dissect: {
tokenizer: " Adding rule%{}",
field: "nwparser.p1",
},
});
var dup1502 = set_field({
dest: "nwparser.msg_id1",
value: constant("338302"),
});
var dup1503 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611314"),
});
var dup1504 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317001"),
});
var dup1505 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321003"),
});
var dup1506 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1507 = set_field({
dest: "nwparser.msg_id1",
value: constant("338006"),
});
var dup1508 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("413001"),
});
var dup1509 = match({
dissect: {
tokenizer: "User authentication failed: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1510 = set_field({
dest: "nwparser.msg_id1",
value: constant("611102"),
});
var dup1511 = match({
dissect: {
tokenizer: "User authentication failed: %{p0}",
field: "nwparser.payload",
},
});
var dup1512 = linear_select([
match({
dissect: {
tokenizer: "IP address: %{saddr}, Uname: %{username}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "IP address: %{saddr}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1513 = set_field({
dest: "nwparser.msg_id1",
value: constant("611102:01"),
});
var dup1514 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611323"),
});
var dup1515 = match({
dissect: {
tokenizer: "Starting SSL handshake with %{p0}",
field: "nwparser.payload",
},
});
var dup1516 = linear_select([
match({
dissect: {
tokenizer: " client %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " server %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1517 = match({
dissect: {
tokenizer: " %{sinterface}:%{saddr}/%{sport}to%{daddr}/%{dport}for %{version} session",
field: "nwparser.p1",
},
});
var dup1518 = set_field({
dest: "nwparser.msg_id1",
value: constant("725001:01"),
});
var dup1519 = match({
dissect: {
tokenizer: " %{interface}:%{hostip}/%{network_port} for %{version} session.",
field: "nwparser.p1",
},
});
var dup1520 = set_field({
dest: "nwparser.msg_id1",
value: constant("725001"),
});
var dup1521 = match({
dissect: {
tokenizer: "Call-Home is processing %{p0}",
field: "nwparser.payload",
},
});
var dup1522 = linear_select([
match({
dissect: {
tokenizer: " configuration %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " inventory %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " snapshot %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1523 = match({
dissect: {
tokenizer: " event %{info}",
field: "nwparser.p1",
},
});
var dup1524 = set_field({
dest: "nwparser.msg_id1",
value: constant("120003"),
});
var dup1525 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("414002"),
});
var dup1526 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415007"),
});
var dup1527 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1528 = set_field({
dest: "nwparser.msg_id1",
value: constant("714011"),
});
var dup1529 = linear_select([
match({
dissect: {
tokenizer: " ID_IPV4_ADDR_SUBNET %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " ID_IPV4_ADDR %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1530 = match({
dissect: {
tokenizer: " ID %{fld1}",
field: "nwparser.p0",
},
});
var dup1531 = set_field({
dest: "nwparser.msg_id1",
value: constant("714011:01"),
});
var dup1532 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101002"),
});
var dup1533 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409008"),
});
var dup1534 = match({
dissect: {
tokenizer: "PPTP Tunnel %{p0}",
field: "nwparser.payload",
},
});
var dup1535 = linear_select([
match({
dissect: {
tokenizer: " deleted, tunnel_id %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " deleted tunnel_id %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1536 = match({
dissect: {
tokenizer: " =%{fld1}, remote_peer_ip=%{saddr}",
field: "nwparser.p1",
},
});
var dup1537 = set_field({
dest: "nwparser.msg_id1",
value: constant("603105"),
});
var dup1538 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713061"),
});
var dup1539 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Assigned private IP address %{stransaddr} to remote user",
field: "nwparser.p1",
},
});
var dup1540 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605020000"),
});
var dup1541 = set_field({
dest: "nwparser.msg_id1",
value: constant("713228"),
});
var dup1542 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103004"),
});
var dup1543 = set_field({
dest: "nwparser.msg_id1",
value: constant("715021"),
});
var dup1544 = match({
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{fld1} \u003e GroupPolicy \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup1545 = match({
dissect: {
tokenizer: " \u003e No IPv6 address available for SVC connection%{}",
field: "nwparser.p3",
},
});
var dup1546 = set_field({
dest: "nwparser.msg_id1",
value: constant("722041"),
});
var dup1547 = match({
dissect: {
tokenizer: " to %{daddr}. %{result}",
field: "nwparser.p1",
},
});
var dup1548 = set_field({
dest: "nwparser.msg_id1",
value: constant("402116"),
});
var dup1549 = match({
dissect: {
tokenizer: ", Error processing payload: Payload ID: %{fld1}",
field: "nwparser.p0",
},
});
var dup1550 = set_field({
dest: "nwparser.msg_id1",
value: constant("713048"),
});
var dup1551 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103001"),
});
var dup1552 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318006"),
});
var dup1553 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407001"),
});
var dup1554 = match({
dissect: {
tokenizer: "ospf %{p0}",
field: "nwparser.payload",
},
});
var dup1555 = linear_select([
match({
dissect: {
tokenizer: " E1 update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " E2 update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IA update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " update %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1556 = match({
dissect: {
tokenizer: " %{stransaddr} %{fld1} [%{fld2}] via %{daddr}:%{host} overriding conflict with %{dtransaddr} %{fld3} [%{fld4}] %{interface}",
field: "nwparser.p1",
},
});
var dup1557 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805020000"),
});
var dup1558 = set_field({
dest: "nwparser.msg_id1",
value: constant("408002"),
});
var dup1559 = match({
dissect: {
tokenizer: "Device proposes the following %{dclass_counter1} cipher(s) to %{p0}",
field: "nwparser.payload",
},
});
var dup1560 = linear_select([
match({
dissect: {
tokenizer: "server%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "client%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1561 = match({
dissect: {
tokenizer: " %{interface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1562 = set_field({
dest: "nwparser.msg_id1",
value: constant("725009:01"),
});
var dup1563 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725009"),
});
var dup1564 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120007"),
});
var dup1565 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718023"),
});
var dup1566 = match({
dissect: {
tokenizer: "(VPN-%{context}) Receiving %{obj_type} message %{p0}",
field: "nwparser.payload",
},
});
var dup1567 = linear_select([
match({
dissect: {
tokenizer: " (%{info}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{info} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1568 = match({
dissect: {
tokenizer: " from active unit%{}",
field: "nwparser.p1",
},
});
var dup1569 = set_field({
dest: "nwparser.msg_id1",
value: constant("720042"),
});
var dup1570 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415011"),
});
var dup1571 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611307"),
});
var dup1572 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713206"),
});
var dup1573 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324006"),
});
var dup1574 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210001"),
});
var dup1575 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304002"),
});
var dup1576 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304002:01"),
});
var dup1577 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application up \"%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips, application up \"%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1578 = set_field({
dest: "nwparser.msg_id1",
value: constant("505015"),
});
var dup1579 = set_field({
dest: "nwparser.msg_id1",
value: constant("702208:01"),
});
var dup1580 = set_field({
dest: "nwparser.msg_id1",
value: constant("702208"),
});
var dup1581 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735006"),
});
var dup1582 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109013"),
});
var dup1583 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1584 = set_field({
dest: "nwparser.msg_id1",
value: constant("715046:01"),
});
var dup1585 = set_field({
dest: "nwparser.msg_id1",
value: constant("715046"),
});
var dup1586 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400025"),
});
var dup1587 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444106"),
});
var dup1588 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1589 = match({
dissect: {
tokenizer: " Received non-routine %{p2}",
field: "nwparser.p1",
},
});
var dup1590 = linear_select([
match({
dissect: {
tokenizer: " Notify %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " notify %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1591 = match({
dissect: {
tokenizer: " message: %{p4}",
field: "nwparser.p3",
},
});
var dup1592 = linear_select([
match({
dissect: {
tokenizer: " %{result} (%{info}) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1593 = set_field({
dest: "nwparser.msg_id1",
value: constant("713068"),
});
var dup1594 = match({
dissect: {
tokenizer: " \u003e Session terminated: %{info}",
field: "nwparser.p3",
},
});
var dup1595 = set_field({
dest: "nwparser.msg_id1",
value: constant("722049"),
});
var dup1596 = match({
dissect: {
tokenizer: " \u003e IPv4 %{p4}",
field: "nwparser.p3",
},
});
var dup1597 = linear_select([
match({
dissect: {
tokenizer: " Address %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " address %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1598 = match({
dissect: {
tokenizer: " \u003c\u003c %{stransaddr} \u003e IPv6 %{p6}",
field: "nwparser.p5",
},
});
var dup1599 = linear_select([
match({
dissect: {
tokenizer: " address %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " Address %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup1600 = match({
dissect: {
tokenizer: " \u003c\u003c%{info}\u003e assigned to session",
field: "nwparser.p7",
},
});
var dup1601 = set_field({
dest: "nwparser.msg_id1",
value: constant("722051:01"),
});
var dup1602 = match({
dissect: {
tokenizer: " \u003e Address \u003c\u003c %{stransaddr} \u003e assigned to session",
field: "nwparser.p3",
},
});
var dup1603 = set_field({
dest: "nwparser.msg_id1",
value: constant("722051"),
});
var dup1604 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716601"),
});
var dup1605 = match({
dissect: {
tokenizer: "Downloaded ACL %{p0}",
field: "nwparser.payload",
},
});
var dup1606 = linear_select([
match({
dissect: {
tokenizer: " '%{listnum}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{listnum} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1607 = match({
dissect: {
tokenizer: " is empty%{}",
field: "nwparser.p1",
},
});
var dup1608 = set_field({
dest: "nwparser.msg_id1",
value: constant("109018"),
});
var dup1609 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup1610 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld7}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1611 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{p2}",
field: "nwparser.p1",
},
});
var dup1612 = linear_select([
match({
dissect: {
tokenizer: "%{bytes} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{bytes} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1613 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:05"),
});
var dup1614 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport}(%{fld1}) to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} %{p0}",
field: "nwparser.payload",
},
});
var dup1615 = linear_select([
match({
dissect: {
tokenizer: "bytes %{bytes} (%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "bytes %{bytes}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1616 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:07"),
});
var dup1617 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} %{p0}",
field: "nwparser.payload",
},
});
var dup1618 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:04"),
});
var dup1619 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld5}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1620 = match({
dissect: {
tokenizer: "%{dinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1621 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{fld20})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1622 = match({
dissect: {
tokenizer: " duration %{duration} %{p4}",
field: "nwparser.p3",
},
});
var dup1623 = linear_select([
match({
dissect: {
tokenizer: " bytes %{bytes} '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " bytes %{bytes} (%{username}) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " bytes %{bytes} %{p6}",
field: "nwparser.p4",
},
}),
]);
var dup1624 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:06"),
});
var dup1625 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1626 = match({
dissect: {
tokenizer: "%{duration} bytes %{bytes} %{p4}",
field: "nwparser.p3",
},
});
var dup1627 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1628 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016"),
});
var dup1629 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld5}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld20}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1630 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1631 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:01"),
});
var dup1632 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302016:02"),
});
var dup1633 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302016:03"),
});
var dup1634 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocated %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1635 = match({
dissect: {
tokenizer: " RTSP %{protocol} backconnection %{p1}",
field: "nwparser.p0",
},
});
var dup1636 = linear_select([
match({
dissect: {
tokenizer: " for faddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " for foreign_address %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " for %{sinterface}: %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1637 = match({
dissect: {
tokenizer: "%{saddr}%{p3}",
field: "nwparser.p2",
},
});
var dup1638 = linear_select([
match({
dissect: {
tokenizer: " /%{sport} to %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " to %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1639 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " local_address %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " %{dinterface}:%{p6}",
field: "nwparser.p5",
},
}),
]);
var dup1640 = match({
dissect: {
tokenizer: "%{daddr}/%{p7}",
field: "nwparser.p6",
},
});
var dup1641 = linear_select([
match({
dissect: {
tokenizer: " %{dport}. %{p8}",
field: "nwparser.p7",
},
}),
match({
dissect: {
tokenizer: " %{dport} %{p8}",
field: "nwparser.p7",
},
}),
]);
var dup1642 = set_field({
dest: "nwparser.msg_id1",
value: constant("314001"),
});
var dup1643 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338309"),
});
var dup1644 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716058"),
});
var dup1645 = match({
dissect: {
tokenizer: "Authen Session End: user %{p0}",
field: "nwparser.payload",
},
});
var dup1646 = match({
dissect: {
tokenizer: ", sid %{sessionid}, elapsed %{duration} seconds",
field: "nwparser.p1",
},
});
var dup1647 = set_field({
dest: "nwparser.msg_id1",
value: constant("109012"),
});
var dup1648 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400045"),
});
var dup1649 = match({
dissect: {
tokenizer: "Attempting AAA Fallback method %{process} for %{info} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1650 = match({
dissect: {
tokenizer: ": %{space} Auth-server group %{product} unreachable",
field: "nwparser.p1",
},
});
var dup1651 = set_field({
dest: "nwparser.msg_id1",
value: constant("409023"),
});
var dup1652 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714002"),
});
var dup1653 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714002:01"),
});
var dup1654 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717007"),
});
var dup1655 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304004"),
});
var dup1656 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("408001"),
});
var dup1657 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713216"),
});
var dup1658 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713216:01"),
});
var dup1659 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210005"),
});
var dup1660 = match({
dissect: {
tokenizer: "User authentication succeeded: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1661 = set_field({
dest: "nwparser.msg_id1",
value: constant("611101"),
});
var dup1662 = match({
dissect: {
tokenizer: "User authentication succeeded: IP address: %{saddr}, Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1663 = set_field({
dest: "nwparser.msg_id1",
value: constant("611101:01"),
});
var dup1664 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713134"),
});
var dup1665 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720035"),
});
var dup1666 = set_field({
dest: "nwparser.msg_id1",
value: constant("722003"),
});
var dup1667 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737010"),
});
var dup1668 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737010:01"),
});
var dup1669 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305008"),
});
var dup1670 = match({
dissect: {
tokenizer: " %{info}",
field: "nwparser.p0",
},
});
var dup1671 = set_field({
dest: "nwparser.msg_id1",
value: constant("715028"),
});
var dup1672 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} Proxy Id:%{fld1} Remote host: %{hostname} Protocol %{protocol} Port %{port} Local subnet: %{fld2} mask %{mask} Protocol %{fld3} Port %{fld4} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description} flags %{fld5}, refcnt %{fld6}, tuncnt %{fld7}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description} %{fld9} flags %{fld5}, refcnt %{fld6}, tuncnt %{fld7}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} (%{fld1}) %{fld2} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1673 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906:01"),
});
var dup1674 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} flags %{fld1}, refcnt %{fld2}, tuncnt %{fld3}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} Proxy Id:%{fld1} Remote host: %{hostname} Protocol %{protocol} Port %{port} Local subnet: %{fld2} mask %{mask} Protocol %{fld3} Port %{fld4} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} for remote peer %{fld1}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1675 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906:03"),
});
var dup1676 = match({
dissect: {
tokenizer: "IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
});
var dup1677 = linear_select([
match({
dissect: {
tokenizer: " Responder: %{event_description} TCP port: %{network_port} peer TCP port: %{fld1} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1678 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906"),
});
var dup1679 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713906:02"),
});
var dup1680 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209003"),
});
var dup1681 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309001"),
});
var dup1682 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713143"),
});
var dup1683 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111111"),
});
var dup1684 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400041"),
});
var dup1685 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400049"),
});
var dup1686 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("703002"),
});
var dup1687 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Security negotiation complete for %{p1}",
field: "nwparser.p0",
},
});
var dup1688 = linear_select([
match({
dissect: {
tokenizer: " LAN-to-LAN Group %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " User %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1689 = match({
dissect: {
tokenizer: " (%{fld1}) %{p3}",
field: "nwparser.p2",
},
});
var dup1690 = linear_select([
match({
dissect: {
tokenizer: " Initiator %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " Responder %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1691 = match({
dissect: {
tokenizer: ", Inbound SPI = %{src_spi}, Outbound SPI = %{dst_spi}",
field: "nwparser.p4",
},
});
var dup1692 = set_field({
dest: "nwparser.msg_id1",
value: constant("713049"),
});
var dup1693 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1694 = set_field({
dest: "nwparser.msg_id1",
value: constant("713120"),
});
var dup1695 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1696 = match({
dissect: {
tokenizer: " %{event_description} (version: %{version}, capabilities: %{fld1})",
field: "nwparser.p0",
},
});
var dup1697 = set_field({
dest: "nwparser.msg_id1",
value: constant("715038"),
});
var dup1698 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318002"),
});
var dup1699 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("219002"),
});
var dup1700 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400004"),
});
var dup1701 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617001"),
});
var dup1702 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713014"),
});
var dup1703 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715040"),
});
var dup1704 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718034"),
});
var dup1705 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720012"),
});
var dup1706 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105001"),
});
var dup1707 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752004"),
});
var dup1708 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717039"),
});
var dup1709 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720036"),
});
var dup1710 = match({
dissect: {
tokenizer: "Deny IP from %{saddr} %{p0}",
field: "nwparser.payload",
},
});
var dup1711 = linear_select([
match({
dissect: {
tokenizer: " from %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1712 = match({
dissect: {
tokenizer: " %{daddr}, IP options %{fld1}",
field: "nwparser.p1",
},
});
var dup1713 = set_field({
dest: "nwparser.msg_id1",
value: constant("106012"),
});
var dup1714 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106007"),
});
var dup1715 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210021"),
});
var dup1716 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713900:02"),
});
var dup1717 = match({
dissect: {
tokenizer: ", %{info}(): %{event_description}",
field: "nwparser.p0",
},
});
var dup1718 = set_field({
dest: "nwparser.msg_id1",
value: constant("713900"),
});
var dup1719 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713900:01"),
});
var dup1720 = match({
dissect: {
tokenizer: ", IP = %{saddr}, IKEGetUserAttributes: %{change_attribute} = %{change_new}",
field: "nwparser.p1",
},
});
var dup1721 = set_field({
dest: "nwparser.msg_id1",
value: constant("715019"),
});
var dup1722 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715019:01"),
});
var dup1723 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101001"),
});
var dup1724 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713229"),
});
var dup1725 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718028"),
});
var dup1726 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210020"),
});
var dup1727 = linear_select([
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1728 = match({
dissect: {
tokenizer: " %{network_service} %{protocol} backconnection for %{p1}",
field: "nwparser.p0",
},
});
var dup1729 = linear_select([
match({
dissect: {
tokenizer: " faddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " foreign_address %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1730 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{p3}",
field: "nwparser.p2",
},
});
var dup1731 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " local_address %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1732 = match({
dissect: {
tokenizer: " %{daddr}/%{dport}",
field: "nwparser.p4",
},
});
var dup1733 = set_field({
dest: "nwparser.msg_id1",
value: constant("302004"),
});
var dup1734 = match({
dissect: {
tokenizer: " %{saddr} to %{p3}",
field: "nwparser.p2",
},
});
var dup1735 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p6}",
field: "nwparser.p5",
},
}),
]);
var dup1736 = set_field({
dest: "nwparser.msg_id1",
value: constant("302004:01"),
});
var dup1737 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313009"),
});
var dup1738 = match({
dissect: {
tokenizer: " dropped greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1739 = set_field({
dest: "nwparser.msg_id1",
value: constant("338204"),
});
var dup1740 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407002"),
});
var dup1741 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407002:01"),
});
var dup1742 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} Process = %{process}, PC = %{fld1}, Call stack = %{fld2}%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1743 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603110000"),
});
var dup1744 = set_field({
dest: "nwparser.msg_id1",
value: constant("711004"),
});
var dup1745 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713105"),
});
var dup1746 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805010100"),
});
var dup1747 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405003"),
});
var dup1748 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109026"),
});
var dup1749 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338306"),
});
var dup1750 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420005"),
});
var dup1751 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603060000"),
});
var dup1752 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713016"),
});
var dup1753 = match({
dissect: {
tokenizer: "SSL client %{interface}:%{hostip}/%{network_port} %{p0}",
field: "nwparser.payload",
},
});
var dup1754 = linear_select([
match({
dissect: {
tokenizer: "to %{daddr}/%{dport} %{action}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{action}.%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1755 = set_field({
dest: "nwparser.msg_id1",
value: constant("725003"),
});
var dup1756 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725013"),
});
var dup1757 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1758 = set_field({
dest: "nwparser.msg_id1",
value: constant("338007"),
});
var dup1759 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709007"),
});
var dup1760 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("102001"),
});
var dup1761 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400038"),
});
var dup1762 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714007"),
});
var dup1763 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718016"),
});
var dup1764 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201008"),
});
var dup1765 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311001"),
});
var dup1766 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302017"),
});
var dup1767 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302017:01"),
});
var dup1768 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713129"),
});
var dup1769 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716041"),
});
var dup1770 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302006"),
});
var dup1771 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302006:01"),
});
var dup1772 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720049"),
});
var dup1773 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750003"),
});
var dup1774 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751014"),
});
var dup1775 = match({
dissect: {
tokenizer: "AAA retrieved default group policy %{p0}",
field: "nwparser.payload",
},
});
var dup1776 = linear_select([
match({
dissect: {
tokenizer: " (%{policyname}) for %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{policyname} for %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1777 = linear_select([
match({
dissect: {
tokenizer: " user = %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " user %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1778 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1779 = set_field({
dest: "nwparser.msg_id1",
value: constant("113009"),
});
var dup1780 = match({
dissect: {
tokenizer: " for %{daddr}",
field: "nwparser.p1",
},
});
var dup1781 = set_field({
dest: "nwparser.msg_id1",
value: constant("113009:01"),
});
var dup1782 = match({
dissect: {
tokenizer: "%{direction} %{protocol} request (%{bytes} bytes) %{p0}",
field: "nwparser.payload",
},
});
var dup1783 = linear_select([
match({
dissect: {
tokenizer: " from IP address %{saddr} Port %{sport} Interface \"%{interface}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " on interface %{interface} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1784 = match({
dissect: {
tokenizer: " exceeds data buffer %{p2}",
field: "nwparser.p1",
},
});
var dup1785 = linear_select([
match({
dissect: {
tokenizer: " SIZE, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " size, %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1786 = match({
dissect: {
tokenizer: " %{result}",
field: "nwparser.p3",
},
});
var dup1787 = set_field({
dest: "nwparser.msg_id1",
value: constant("212005"),
});
var dup1788 = set_field({
dest: "nwparser.msg_id1",
value: constant("715057"),
});
var dup1789 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199002"),
});
var dup1790 = match({
dissect: {
tokenizer: "Authorization denied for user %{p0}",
field: "nwparser.payload",
},
});
var dup1791 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501040000"),
});
var dup1792 = set_field({
dest: "nwparser.msg_id1",
value: constant("109008"),
});
var dup1793 = linear_select([
match({
dissect: {
tokenizer: " created, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " created %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1794 = match({
dissect: {
tokenizer: " tunnel_id is %{fld1}, remote_peer_ip is %{saddr}, ppp_virtual_interface_id is %{interface}, client_dynamic_ip is %{p2}",
field: "nwparser.p1",
},
});
var dup1795 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1796 = match({
dissect: {
tokenizer: " username is %{p4}",
field: "nwparser.p3",
},
});
var dup1797 = set_field({
dest: "nwparser.msg_id1",
value: constant("603106"),
});
var dup1798 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Password for user (%{fld1}) too long, %{info}",
field: "nwparser.p1",
},
});
var dup1799 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402040101"),
});
var dup1800 = set_field({
dest: "nwparser.msg_id1",
value: constant("713072"),
});
var dup1801 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Remote peer has failed user authentication - %{info}",
field: "nwparser.p1",
},
});
var dup1802 = set_field({
dest: "nwparser.msg_id1",
value: constant("713167"),
});
var dup1803 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713167:01"),
});
var dup1804 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Client Type: %{product} Client Application Version: %{version}",
field: "nwparser.p1",
},
});
var dup1805 = set_field({
dest: "nwparser.msg_id1",
value: constant("713184"),
});
var dup1806 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713184:01"),
});
var dup1807 = match({
dissect: {
tokenizer: "%{process}: User %{p0}",
field: "nwparser.payload",
},
});
var dup1808 = match({
dissect: {
tokenizer: ", %{p2}",
field: "nwparser.p1",
},
});
var dup1809 = linear_select([
match({
dissect: {
tokenizer: " Addr %{hostip}, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " Addr %{hostip}: %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1810 = set_field({
dest: "nwparser.msg_id1",
value: constant("734002"),
});
var dup1811 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106022"),
});
var dup1812 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317004"),
});
var dup1813 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338304"),
});
var dup1814 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403109"),
});
var dup1815 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713187"),
});
var dup1816 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105009"),
});
var dup1817 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400046"),
});
var dup1818 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403106"),
});
var dup1819 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111001"),
});
var dup1820 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713223"),
});
var dup1821 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("701001"),
});
var dup1822 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402101"),
});
var dup1823 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602104"),
});
var dup1824 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1825 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902"),
});
var dup1826 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1827 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902:02"),
});
var dup1828 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902:01"),
});
var dup1829 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("215001"),
});
var dup1830 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735003"),
});
var dup1831 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751007"),
});
var dup1832 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("306001"),
});
var dup1833 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1834 = set_field({
dest: "nwparser.msg_id1",
value: constant("715001"),
});
var dup1835 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718068"),
});
var dup1836 = match({
dissect: {
tokenizer: "Scheduled reload for %{fld1} cancelled by %{p0}",
field: "nwparser.payload",
},
});
var dup1837 = match({
dissect: {
tokenizer: " at %{fld2}",
field: "nwparser.p1",
},
});
var dup1838 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701020000"),
});
var dup1839 = set_field({
dest: "nwparser.msg_id1",
value: constant("199008"),
});
var dup1840 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713214"),
});
var dup1841 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605010000"),
});
var dup1842 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199015"),
});
var dup1843 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602103"),
});
var dup1844 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401030000"),
});
var dup1845 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307003"),
});
var dup1846 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307003:01"),
});
var dup1847 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400027"),
});
var dup1848 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721012"),
});
var dup1849 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202005"),
});
var dup1850 = match({
dissect: {
tokenizer: "Auto Update failed:%{p0}",
field: "nwparser.payload",
},
});
var dup1851 = match({
dissect: {
tokenizer: ", version:%{version}, reason:%{result}",
field: "nwparser.p1",
},
});
var dup1852 = set_field({
dest: "nwparser.msg_id1",
value: constant("612002"),
});
var dup1853 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713119"),
});
var dup1854 = match({
dissect: {
tokenizer: ", %{event_description}, %{fld1}",
field: "nwparser.p1",
},
});
var dup1855 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603020000"),
});
var dup1856 = set_field({
dest: "nwparser.msg_id1",
value: constant("713232"),
});
var dup1857 = match({
dissect: {
tokenizer: ", IP = %{saddr}, MODE_CFG: %{action}",
field: "nwparser.p1",
},
});
var dup1858 = set_field({
dest: "nwparser.msg_id1",
value: constant("715053"),
});
var dup1859 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715053:01"),
});
var dup1860 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746014"),
});
var dup1861 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717045"),
});
var dup1862 = match({
dissect: {
tokenizer: "Authentication succeeded for user %{p0}",
field: "nwparser.payload",
},
});
var dup1863 = set_field({
dest: "nwparser.msg_id1",
value: constant("109005"),
});
var dup1864 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713092"),
});
var dup1865 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717055"),
});
var dup1866 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710004"),
});
var dup1867 = match({
dissect: {
tokenizer: "%{result}; Connection for %{protocol} src %{sinterface}:%{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1868 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1869 = set_field({
dest: "nwparser.msg_id1",
value: constant("305013"),
});
var dup1870 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305013:01"),
});
var dup1871 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305013:02"),
});
var dup1872 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319004"),
});
var dup1873 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321004"),
});
var dup1874 = match({
dissect: {
tokenizer: " %{service} Connection for %{p2}",
field: "nwparser.p1",
},
});
var dup1875 = set_field({
dest: "nwparser.msg_id1",
value: constant("405102"),
});
var dup1876 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("450001"),
});
var dup1877 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702303"),
});
var dup1878 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199017"),
});
var dup1879 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105006"),
});
var dup1880 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322002"),
});
var dup1881 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.device.hostname=\"%{hostname}\"",
field: "nwparser.p1",
},
});
var dup1882 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:01"),
});
var dup1883 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.device.MAC[\"%{macaddr}\"]=\"%{fld2}\"",
field: "nwparser.p1",
},
});
var dup1884 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:02"),
});
var dup1885 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.os.version=\"%{version}\"",
field: "nwparser.p1",
},
});
var dup1886 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:03"),
});
var dup1887 = match({
dissect: {
tokenizer: ", Addr %{hostip}: %{result}",
field: "nwparser.p1",
},
});
var dup1888 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003"),
});
var dup1889 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735011"),
});
var dup1890 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103002:01"),
});
var dup1891 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103002"),
});
var dup1892 = match({
dissect: {
tokenizer: " %{interface} experienced a hardware transmit hang. %{result}.",
field: "nwparser.p0",
},
});
var dup1893 = set_field({
dest: "nwparser.msg_id1",
value: constant("411005"),
});
var dup1894 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415004"),
});
var dup1895 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415004:01"),
});
var dup1896 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415009"),
});
var dup1897 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709008"),
});
var dup1898 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718010"),
});
var dup1899 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("331001"),
});
var dup1900 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210002"),
});
var dup1901 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400044"),
});
var dup1902 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709005"),
});
var dup1903 = match({
dissect: {
tokenizer: ", IP %{saddr} has been created.",
field: "nwparser.p1",
},
});
var dup1904 = set_field({
dest: "nwparser.msg_id1",
value: constant("721016"),
});
var dup1905 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105005"),
});
var dup1906 = match({
dissect: {
tokenizer: "Authorization permitted for user %{p0}",
field: "nwparser.payload",
},
});
var dup1907 = set_field({
dest: "nwparser.msg_id1",
value: constant("109007"),
});
var dup1908 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("208005"),
});
var dup1909 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400011"),
});
var dup1910 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409001"),
});
var dup1911 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("612001"),
});
var dup1912 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713147"),
});
var dup1913 = match({
dissect: {
tokenizer: "SMTP: Bad Checksum %{network_service} %{p0}",
field: "nwparser.payload",
},
});
var dup1914 = linear_select([
match({
dissect: {
tokenizer: " Request %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Response %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1915 = match({
dissect: {
tokenizer: " from %{sinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1916 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1917 = match({
dissect: {
tokenizer: " to %{dinterface}:%{p4}",
field: "nwparser.p3",
},
});
var dup1918 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1919 = match({
dissect: {
tokenizer: ";%{info}",
field: "nwparser.p5",
},
});
var dup1920 = set_field({
dest: "nwparser.msg_id1",
value: constant("108004:01"),
});
var dup1921 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108004"),
});
var dup1922 = match({
dissect: {
tokenizer: "ESMTP Classification: %{action} for %{network_service} %{p0}",
field: "nwparser.payload",
},
});
var dup1923 = set_field({
dest: "nwparser.msg_id1",
value: constant("108004:02"),
});
var dup1924 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720006"),
});
var dup1925 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("734004"),
});
var dup1926 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746002"),
});
var dup1927 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("434004"),
});
var dup1928 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("315001"),
});
var dup1929 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305001"),
});
var dup1930 = match({
dissect: {
tokenizer: "Authorization %{p0}",
field: "nwparser.payload",
},
});
var dup1931 = match({
dissect: {
tokenizer: ": Cmd: %{action} Cmdtype: %{fld1}",
field: "nwparser.p1",
},
});
var dup1932 = set_field({
dest: "nwparser.msg_id1",
value: constant("610101"),
});
var dup1933 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105042"),
});
var dup1934 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409007"),
});
var dup1935 = match({
dissect: {
tokenizer: "(%{context}) Testing %{p0}",
field: "nwparser.payload",
},
});
var dup1936 = match({
dissect: {
tokenizer: " %{interface}",
field: "nwparser.p1",
},
});
var dup1937 = set_field({
dest: "nwparser.msg_id1",
value: constant("105008"),
});
var dup1938 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020205"),
});
var dup1939 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400051"),
});
var dup1940 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419001"),
});
var dup1941 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746001"),
});
var dup1942 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("336010"),
});
var dup1943 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317002"),
});
var dup1944 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709004"),
});
var dup1945 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("747016"),
});
var dup1946 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212004"),
});
var dup1947 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403506"),
});
var dup1948 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505005"),
});
var dup1949 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713225"),
});
var dup1950 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717027"),
});
var dup1951 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322004"),
});
var dup1952 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400005"),
});
var dup1953 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400006"),
});
var dup1954 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("606004"),
});
var dup1955 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717008"),
});
var dup1956 = match({
dissect: {
tokenizer: "Device completed SSL handshake with %{p0}",
field: "nwparser.payload",
},
});
var dup1957 = linear_select([
match({
dissect: {
tokenizer: " server %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " client %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1958 = match({
dissect: {
tokenizer: " %{interface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1959 = linear_select([
match({
dissect: {
tokenizer: "%{fld1}_%{fld2}_%{saddr}/%{sport} to %{daddr}/%{dport} for %{version} session %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{daddr}/%{dport} for %{version} session %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{hostip}/%{network_port}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1960 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050100"),
});
var dup1961 = set_field({
dest: "nwparser.msg_id1",
value: constant("725002"),
});
var dup1962 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212003"),
});
var dup1963 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409012"),
});
var dup1964 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1965 = set_field({
dest: "nwparser.msg_id1",
value: constant("338005"),
});
var dup1966 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710003"),
});
var dup1967 = set_field({
dest: "nwparser.msg_id1",
value: constant("713199"),
});
var dup1968 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716052"),
});
var dup1969 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717046"),
});
var dup1970 = match({
dissect: {
tokenizer: "SSL session with %{p0}",
field: "nwparser.payload",
},
});
var dup1971 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{hostip}/%{network_port} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1972 = linear_select([
match({
dissect: {
tokenizer: "terminated.%{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: "terminated%{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1973 = set_field({
dest: "nwparser.msg_id1",
value: constant("725007"),
});
var dup1974 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444100"),
});
var dup1975 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338307"),
});
var dup1976 = match({
dissect: {
tokenizer: "Shun %{p0}",
field: "nwparser.payload",
},
});
var dup1977 = linear_select([
match({
dissect: {
tokenizer: " deleted: %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " delete: %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1978 = match({
dissect: {
tokenizer: " %{hostip}",
field: "nwparser.p1",
},
});
var dup1979 = set_field({
dest: "nwparser.msg_id1",
value: constant("401003"),
});
var dup1980 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{saddr}/%{smacaddr} on interface inside with existing ARP entry %{fld1}/%{fld2} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1981 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030300"),
});
var dup1982 = set_field({
dest: "nwparser.msg_id1",
value: constant("405001"),
});
var dup1983 = match({
dissect: {
tokenizer: "%{service}: An %{agent} SA (SPI= %{fld1}) between %{saddr} and %{daddr} %{p0}",
field: "nwparser.payload",
},
});
var dup1984 = set_field({
dest: "nwparser.msg_id1",
value: constant("702307"),
});
var dup1985 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713124"),
});
var dup1986 = match({
dissect: {
tokenizer: ", IP = %{saddr}, construct_cfg_set: %{action}",
field: "nwparser.p1",
},
});
var dup1987 = set_field({
dest: "nwparser.msg_id1",
value: constant("715020"),
});
var dup1988 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715066"),
});
var dup1989 = match({
dissect: {
tokenizer: " locked out on %{result}",
field: "nwparser.p1",
},
});
var dup1990 = set_field({
dest: "nwparser.msg_id1",
value: constant("113006"),
});
var dup1991 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713145"),
});
var dup1992 = linear_select([
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{space} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1993 = match({
dissect: {
tokenizer: " IKE_DECODE %{p1}",
field: "nwparser.p0",
},
});
var dup1994 = linear_select([
match({
dissect: {
tokenizer: " SENDING %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " RECEIVED %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " RESENDING %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1995 = match({
dissect: {
tokenizer: " Message%{}",
field: "nwparser.p2",
},
});
var dup1996 = set_field({
dest: "nwparser.msg_id1",
value: constant("713236"),
});
var dup1997 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403110"),
});
var dup1998 = match({
dissect: {
tokenizer: "AAA %{p0}",
field: "nwparser.payload",
},
});
var dup1999 = match({
dissect: {
tokenizer: " server not accessible : server = %{hostip} : user = %{p2}",
field: "nwparser.p1",
},
});
var dup2000 = set_field({
dest: "nwparser.msg_id1",
value: constant("113014"),
});
var dup2001 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("610002"),
});
var dup2002 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106017"),
});
var dup2003 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030000"),
});
var dup2004 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106017:01"),
});
var dup2005 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500001"),
});
var dup2006 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752008"),
});
var dup2007 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400037"),
});
var dup2008 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106013:01"),
});
var dup2009 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106013"),
});
var dup2010 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} using %{protocol}",
field: "nwparser.p1",
},
});
var dup2011 = set_field({
dest: "nwparser.msg_id1",
value: constant("109025"),
});
var dup2012 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("320001"),
});
var dup2013 = match({
dissect: {
tokenizer: " add failed: unable to allocate resources for %{p1}",
field: "nwparser.p0",
},
});
var dup2014 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} %{daddr} %{sport} %{dport} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup2015 = set_field({
dest: "nwparser.msg_id1",
value: constant("401005"),
});
var dup2016 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("406001"),
});
var dup2017 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018"),
});
var dup2018 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:01"),
});
var dup2019 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:02"),
});
var dup2020 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:03"),
});
var dup2021 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:04"),
});
var dup2022 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:05"),
});
var dup2023 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105002"),
});
var dup2024 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201013"),
});
var dup2025 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720039"),
});
var dup2026 = match({
dissect: {
tokenizer: "[%{protocol}] Unable to %{p0}",
field: "nwparser.payload",
},
});
var dup2027 = linear_select([
match({
dissect: {
tokenizer: " decipher %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " decypher %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2028 = match({
dissect: {
tokenizer: " response message Server = %{hostip}, User = %{p2}",
field: "nwparser.p1",
},
});
var dup2029 = set_field({
dest: "nwparser.msg_id1",
value: constant("109027"),
});
var dup2030 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400034"),
});
var dup2031 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318004"),
});
var dup2032 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group} IP %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2033 = match({
dissect: {
tokenizer: " = %{saddr} Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete",
field: "nwparser.p0",
},
});
var dup2034 = set_field({
dest: "nwparser.msg_id1",
value: constant("713219"),
});
var dup2035 = set_field({
dest: "nwparser.msg_id1",
value: constant("715055"),
});
var dup2036 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209001"),
});
var dup2037 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311003"),
});
var dup2038 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain}",
field: "nwparser.p1",
},
});
var dup2039 = set_field({
dest: "nwparser.msg_id1",
value: constant("338102"),
});
var dup2040 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717016"),
});
var dup2041 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752011"),
});
var dup2042 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324003"),
});
var dup2043 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403102"),
});
var dup2044 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715061"),
});
var dup2045 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752002"),
});
var dup2046 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201009"),
});
var dup2047 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400050"),
});
var dup2048 = match({
dissect: {
tokenizer: " \u003e First %{p4}",
field: "nwparser.p3",
},
});
var dup2049 = match({
dissect: {
tokenizer: " connection established for SVC session.%{}",
field: "nwparser.p5",
},
});
var dup2050 = set_field({
dest: "nwparser.msg_id1",
value: constant("722033"),
});
var dup2051 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199016"),
});
var dup2052 = match({
dissect: {
tokenizer: "Dropping invalid echo %{p0}",
field: "nwparser.payload",
},
});
var dup2053 = match({
dissect: {
tokenizer: " from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}, %{p2}",
field: "nwparser.p1",
},
});
var dup2054 = linear_select([
match({
dissect: {
tokenizer: " destination %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " source %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2055 = match({
dissect: {
tokenizer: " address %{fld1} should not match dynamic port translation, real %{fld2}:%{stransaddr}/%{stransport}, mapped %{fld3}:%{dtransaddr}/%{dtransport}",
field: "nwparser.p3",
},
});
var dup2056 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803010000"),
});
var dup2057 = set_field({
dest: "nwparser.msg_id1",
value: constant("106028"),
});
var dup2058 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106028:01"),
});
var dup2059 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2060 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{result}\u003e (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{result} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{result}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p4}",
field: "nwparser.p2",
},
}),
]);
var dup2061 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:03"),
});
var dup2062 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2063 = linear_select([
match({
dissect: {
tokenizer: "(%{result}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2064 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:02"),
});
var dup2065 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr}/%{sport}(%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2066 = match({
dissect: {
tokenizer: " %{dinterface}:%{daddr}/%{dport}(%{fld20}) duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2067 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{info}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2068 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:04"),
});
var dup2069 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport}(%{fld3}) to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2070 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{info}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2071 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:05"),
});
var dup2072 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2073 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2074 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{info} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2075 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014"),
});
var dup2076 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2077 = linear_select([
match({
dissect: {
tokenizer: " (%{result}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2078 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:01"),
});
var dup2079 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421004"),
});
var dup2080 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}: %{info}",
field: "nwparser.p1",
},
});
var dup2081 = set_field({
dest: "nwparser.msg_id1",
value: constant("715009"),
});
var dup2082 = match({
dissect: {
tokenizer: ", %{action}: %{info}",
field: "nwparser.p0",
},
});
var dup2083 = set_field({
dest: "nwparser.msg_id1",
value: constant("715009:01"),
});
var dup2084 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} access DENIED to specified location: %{info}",
field: "nwparser.p1",
},
});
var dup2085 = set_field({
dest: "nwparser.msg_id1",
value: constant("716004"),
});
var dup2086 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717003"),
});
var dup2087 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120011"),
});
var dup2088 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105043"),
});
var dup2089 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313005"),
});
var dup2090 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721010"),
});
var dup2091 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613050200"),
});
var dup2092 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725006:01"),
});
var dup2093 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725006"),
});
var dup2094 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735012"),
});
var dup2095 = match({
dissect: {
tokenizer: "(%{fld1}) %{p0}",
field: "nwparser.payload",
},
});
var dup2096 = linear_select([
match({
dissect: {
tokenizer: "S%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "s%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2097 = match({
dissect: {
tokenizer: "tandby unit failed to sync due to a locked %{fld2} config. Lock held by %{p2}",
field: "nwparser.p1",
},
});
var dup2098 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601020000"),
});
var dup2099 = set_field({
dest: "nwparser.msg_id1",
value: constant("105021"),
});
var dup2100 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720029"),
});
var dup2101 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720045"),
});
var dup2102 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} (%{saddr})%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2103 = set_field({
dest: "nwparser.msg_id1",
value: constant("604103"),
});
var dup2104 = set_field({
dest: "nwparser.msg_id1",
value: constant("702211:01"),
});
var dup2105 = set_field({
dest: "nwparser.msg_id1",
value: constant("702211"),
});
var dup2106 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713193"),
});
var dup2107 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720068"),
});
var dup2108 = match({
dissect: {
tokenizer: "Device supports the following %{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup2109 = linear_select([
match({
dissect: {
tokenizer: "cipher(s).%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "cipher(s)%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2110 = set_field({
dest: "nwparser.msg_id1",
value: constant("725010"),
});
var dup2111 = match({
dissect: {
tokenizer: "Device selects trust-point %{network_service} for client %{interface}:%{p0}",
field: "nwparser.payload",
},
});
var dup2112 = linear_select([
match({
dissect: {
tokenizer: " %{fld1}_%{fld2}_%{saddr}/%{sport} to %{daddr}/%{dport} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{daddr}/%{dport} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2113 = set_field({
dest: "nwparser.msg_id1",
value: constant("725016"),
});
var dup2114 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415005"),
});
var dup2115 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403101"),
});
var dup2116 = linear_select([
match({
dissect: {
tokenizer: " disconnected %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " disconnect %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2117 = set_field({
dest: "nwparser.msg_id1",
value: constant("602203:01"),
});
var dup2118 = set_field({
dest: "nwparser.msg_id1",
value: constant("602203"),
});
var dup2119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400016"),
});
var dup2120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("413002"),
});
var dup2121 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415010"),
});
var dup2122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713221"),
});
var dup2123 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735005"),
});
var dup2124 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("771002"),
});
var dup2125 = linear_select([
match({
dissect: {
tokenizer: "PAT%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "NAT%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2126 = match({
dissect: {
tokenizer: " pool exhausted. Unable to create %{protocol} connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p0",
},
});
var dup2127 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803020000"),
});
var dup2128 = set_field({
dest: "nwparser.msg_id1",
value: constant("202010"),
});
var dup2129 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201010"),
});
var dup2130 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601020000"),
});
var dup2131 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302019"),
});
var dup2132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602201"),
});
var dup2133 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602201:01"),
});
var dup2134 = set_field({
dest: "nwparser.msg_id1",
value: constant("602303"),
});
var dup2135 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e SVC Message: %{info}/NOTICE: %{p2}",
field: "nwparser.p1",
},
});
var dup2136 = linear_select([
match({
dissect: {
tokenizer: "%{event_description}(%{fld1}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2137 = set_field({
dest: "nwparser.msg_id1",
value: constant("722012"),
});
var dup2138 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202001"),
});
var dup2139 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{day}d %{hour}h:%{min}m:%{second}s, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2140 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019:01"),
});
var dup2141 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{hour}h:%{min}m:%{second}s, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2142 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019:02"),
});
var dup2143 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{duration}, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2144 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019"),
});
var dup2145 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("507002"),
});
var dup2146 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720038"),
});
var dup2147 = match({
dissect: {
tokenizer: "User \"%{username}\" chose to %{p0}",
field: "nwparser.payload",
},
});
var dup2148 = linear_select([
match({
dissect: {
tokenizer: " disable %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " postpone %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2149 = match({
dissect: {
tokenizer: " call-home anonymous reporting at the prompt.%{}",
field: "nwparser.p1",
},
});
var dup2150 = set_field({
dest: "nwparser.msg_id1",
value: constant("120012"),
});
var dup2151 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304009"),
});
var dup2152 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403505"),
});
var dup2153 = linear_select([
match({
dissect: {
tokenizer: " udp %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " tcp %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2154 = match({
dissect: {
tokenizer: " flow from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} terminated by %{service}, reason - %{result}",
field: "nwparser.p0",
},
});
var dup2155 = set_field({
dest: "nwparser.msg_id1",
value: constant("507003"),
});
var dup2156 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}",
field: "nwparser.p1",
},
});
var dup2157 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903"),
});
var dup2158 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2159 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}",
field: "nwparser.p0",
},
});
var dup2160 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903:01"),
});
var dup2161 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713903:02"),
});
var dup2162 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} on Port %{network_port} from %{saddr}:%{sport} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2163 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903:03"),
});
var dup2164 = set_field({
dest: "nwparser.msg_id1",
value: constant("715027"),
});
var dup2165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199005"),
});
var dup2166 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109009"),
});
var dup2167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305007"),
});
var dup2168 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403500"),
});
var dup2169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405103"),
});
var dup2170 = match({
dissect: {
tokenizer: "%{service} RAS message AdmissionConfirm received from %{saddr}/%{sport} to %{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup2171 = linear_select([
match({
dissect: {
tokenizer: " without an %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " withoutan %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2172 = match({
dissect: {
tokenizer: "%{info}",
field: "nwparser.p1",
},
});
var dup2173 = set_field({
dest: "nwparser.msg_id1",
value: constant("405105"),
});
var dup2174 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420002:01"),
});
var dup2175 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420002"),
});
var dup2176 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611302"),
});
var dup2177 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109003"),
});
var dup2178 = match({
dissect: {
tokenizer: "Auth from %{p0}",
field: "nwparser.payload",
},
});
var dup2179 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2180 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2181 = match({
dissect: {
tokenizer: " failed %{p4}",
field: "nwparser.p3",
},
});
var dup2182 = linear_select([
match({
dissect: {
tokenizer: " (all servers failed) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " (server %{hostip} failed) %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup2183 = set_field({
dest: "nwparser.msg_id1",
value: constant("109003:01"),
});
var dup2184 = match({
dissect: {
tokenizer: "%{protocol} access permitted from %{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup2185 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}:%{fld1}:%{daddr}/%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2186 = set_field({
dest: "nwparser.msg_id1",
value: constant("710002"),
});
var dup2187 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713202"),
});
var dup2188 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("769004"),
});
var dup2189 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106101"),
});
var dup2190 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("325002"),
});
var dup2191 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400042"),
});
var dup2192 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611313"),
});
var dup2193 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("614002"),
});
var dup2194 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715035"),
});
var dup2195 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1901000000"),
});
var dup2196 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_02"),
});
var dup2197 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_01"),
});
var dup2198 = match({
dissect: {
tokenizer: " has parsing error; ACE %{info}",
field: "nwparser.p1",
},
});
var dup2199 = set_field({
dest: "nwparser.msg_id1",
value: constant("109019"),
});
var dup2200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400002"),
});
var dup2201 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400007"),
});
var dup2202 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402118"),
});
var dup2203 = match({
dissect: {
tokenizer: "Pre-allocate CTIQBE %{p0}",
field: "nwparser.payload",
},
});
var dup2204 = linear_select([
match({
dissect: {
tokenizer: " RTP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " RTCP %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2205 = match({
dissect: {
tokenizer: " secondary channel for %{sinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup2206 = match({
dissect: {
tokenizer: " from %{fld1}",
field: "nwparser.p5",
},
});
var dup2207 = set_field({
dest: "nwparser.msg_id1",
value: constant("620001:01"),
});
var dup2208 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620001"),
});
var dup2209 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717028"),
});
var dup2210 = match({
dissect: {
tokenizer: " Transmitting large packet %{bytes} (%{info})",
field: "nwparser.p3",
},
});
var dup2211 = set_field({
dest: "nwparser.msg_id1",
value: constant("722036"),
});
var dup2212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730010"),
});
var dup2213 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209004"),
});
var dup2214 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611306"),
});
var dup2215 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709003"),
});
var dup2216 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720037"),
});
var dup2217 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752010"),
});
var dup2218 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("605002"),
});
var dup2219 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110002"),
});
var dup2220 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110002:01"),
});
var dup2221 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("501101"),
});
var dup2222 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("501101:01"),
});
var dup2223 = match({
dissect: {
tokenizer: "Group %{p0}",
field: "nwparser.payload",
},
});
var dup2224 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{group}\u003e User %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{group} User %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2225 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{username}\u003e IP %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{username} IP %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup2226 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{saddr}\u003e SVC Message: %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} SVC Message: %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2227 = set_field({
dest: "nwparser.msg_id1",
value: constant("722010"),
});
var dup2228 = linear_select([
match({
dissect: {
tokenizer: " %{hostip} is attacking. %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{hostip} is targeted. %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2229 = set_field({
dest: "nwparser.eventcategory",
value: constant("1103000000"),
});
var dup2230 = set_field({
dest: "nwparser.msg_id1",
value: constant("733101"),
});
var dup2231 = match({
dissect: {
tokenizer: ", Addr %{hostip}, %{result}",
field: "nwparser.p1",
},
});
var dup2232 = set_field({
dest: "nwparser.msg_id1",
value: constant("734001"),
});
var dup2233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105007"),
});
var dup2234 = match({
dissect: {
tokenizer: " greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup2235 = set_field({
dest: "nwparser.msg_id1",
value: constant("338202"),
});
var dup2236 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500004"),
});
var dup2237 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718044"),
});
var dup2238 = match({
dissect: {
tokenizer: " has config error; ACE %{p2}",
field: "nwparser.p1",
},
});
var dup2239 = linear_select([
match({
dissect: {
tokenizer: " : '%{info}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{space} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2240 = set_field({
dest: "nwparser.msg_id1",
value: constant("109020"),
});
var dup2241 = match({
dissect: {
tokenizer: "@%{daddr} %{action} %{saddr}:%{url}",
field: "nwparser.p0",
},
});
var dup2242 = set_field({
dest: "nwparser.msg_id1",
value: constant("303002"),
});
var dup2243 = match({
dissect: {
tokenizer: "FTP connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, user %{p0}",
field: "nwparser.payload",
},
});
var dup2244 = match({
dissect: {
tokenizer: " %{action} file %{filename}",
field: "nwparser.p1",
},
});
var dup2245 = set_field({
dest: "nwparser.msg_id1",
value: constant("303002:02"),
});
var dup2246 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303002:01"),
});
var dup2247 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400010"),
});
var dup2248 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400032"),
});
var dup2249 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718059"),
});
var dup2250 = set_field({
dest: "nwparser.msg_id1",
value: constant("111005"),
});
var dup2251 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709001"),
});
var dup2252 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210010"),
});
var dup2253 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2254 = match({
dissect: {
tokenizer: " %{network_service} Call Signalling Connection for faddr %{saddr}/%{sport} to laddr %{daddr}",
field: "nwparser.p0",
},
});
var dup2255 = set_field({
dest: "nwparser.msg_id1",
value: constant("302012"),
});
var dup2256 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400013"),
});
var dup2257 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720005"),
});
var dup2258 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720055"),
});
var dup2259 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("776251"),
});
var dup2260 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("112001"),
});
var dup2261 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403103"),
});
var dup2262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713227"),
});
var dup2263 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201007"),
});
var dup2264 = match({
dissect: {
tokenizer: "Reload scheduled for %{fld1} by %{p0}",
field: "nwparser.payload",
},
});
var dup2265 = match({
dissect: {
tokenizer: " at %{fld2}. Reload reason: %{result}",
field: "nwparser.p1",
},
});
var dup2266 = set_field({
dest: "nwparser.msg_id1",
value: constant("199007"),
});
var dup2267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302008"),
});
var dup2268 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{hostip} resolved from %{listnum} list:%{info}",
field: "nwparser.p1",
},
});
var dup2269 = set_field({
dest: "nwparser.msg_id1",
value: constant("338103"),
});
var dup2270 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("608001:01"),
});
var dup2271 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("608001"),
});
var dup2272 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730001"),
});
var dup2273 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730002"),
});
var dup2274 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1301010000"),
});
var dup2275 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109017"),
});
var dup2276 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201011"),
});
var dup2277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303003"),
});
var dup2278 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("614001"),
});
var dup2279 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111003"),
});
var dup2280 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400026"),
});
var dup2281 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403504"),
});
var dup2282 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415012"),
});
var dup2283 = match({
dissect: {
tokenizer: " greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup2284 = set_field({
dest: "nwparser.msg_id1",
value: constant("338201"),
});
var dup2285 = call({
dest: "nwparser.",
fn: SYSVAL,
args: [
field("$MSGID"),
field("$ID1"),
],
});
var dup2286 = call({
dest: "nwparser.level",
fn: HDR,
args: [
field("level"),
],
});
var dup2287 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dN,dU,dO],
});
var dup2288 = set_field({
dest: "nwparser.msg",
value: field("$MSG"),
});
var dup2289 = call({
dest: "nwparser.id",
fn: HDR,
args: [
field("messageid"),
],
});
var dup2290 = set_field({
dest: "nwparser.ec_theme",
value: constant("Configuration"),
});
var dup2291 = set_field({
dest: "nwparser.ec_subject",
value: constant("Configuration"),
});
var dup2292 = set_field({
dest: "nwparser.ec_activity",
value: constant("Modify"),
});
var dup2293 = set_field({
dest: "nwparser.disposition",
value: constant("failed"),
});
var dup2294 = set_field({
dest: "nwparser.disposition",
value: constant("Failed"),
});
var dup2295 = set_field({
dest: "nwparser.ec_activity",
value: constant("Disable"),
});
var dup2296 = set_field({
dest: "nwparser.ec_activity",
value: constant("Enable"),
});
var dup2297 = set_field({
dest: "nwparser.event_description",
value: constant("Monitoring on interface"),
});
var dup2298 = set_field({
dest: "nwparser.event_description",
value: constant("Testing Interface"),
});
var dup2299 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Error"),
});
var dup2300 = set_field({
dest: "nwparser.ec_activity",
value: constant("Deny"),
});
var dup2301 = set_field({
dest: "nwparser.ec_theme",
value: constant("Communication"),
});
var dup2302 = set_field({
dest: "nwparser.ec_subject",
value: constant("NetworkComm"),
});
var dup2303 = call({
dest: "nwparser.inout",
fn: DIRCHK,
args: [
field("saddr"),
],
});
var dup2304 = set_field({
dest: "nwparser.event_description",
value: constant("connection denied"),
});
var dup2305 = set_field({
dest: "nwparser.event_description",
value: constant("Translation denied"),
});
var dup2306 = set_field({
dest: "nwparser.protocol",
value: constant("icmp"),
});
var dup2307 = set_field({
dest: "nwparser.event_description",
value: constant("connection dropped"),
});
var dup2308 = set_field({
dest: "nwparser.protocol",
value: constant("ICMP"),
});
var dup2309 = set_field({
dest: "nwparser.ec_theme",
value: constant("TEV"),
});
var dup2310 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-list"),
});
var dup2311 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-group"),
});
var dup2312 = date_times({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmts: [
[dB,dF,dW,dN,dU,dO],
[dB,dF,dN,dU,dO],
],
});
var dup2313 = set_field({
dest: "nwparser.ec_theme",
value: constant("ALM"),
});
var dup2314 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Failure"),
});
var dup2315 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Hitcount"),
});
var dup2316 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Success"),
});
var dup2317 = set_field({
dest: "nwparser.event_description",
value: constant("permitted"),
});
var dup2318 = match({
dissect: {
tokenizer: "%{dclass_counter1} %{info}%{info}%{info}%{info}",
field: "nwparser.p5",
},
});
var dup2319 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("HitCount"),
});
var dup2320 = set_field({
dest: "nwparser.ec_theme",
value: constant("Authentication"),
});
var dup2321 = set_field({
dest: "nwparser.ec_subject",
value: constant("User"),
});
var dup2322 = set_field({
dest: "nwparser.event_description",
value: constant("authentication failed"),
});
var dup2323 = set_field({
dest: "nwparser.result",
value: constant("all servers failed"),
});
var dup2324 = set_field({
dest: "nwparser.ec_activity",
value: constant("Permit"),
});
var dup2325 = set_field({
dest: "nwparser.ec_theme",
value: constant("AccessControl"),
});
var dup2326 = set_field({
dest: "nwparser.result",
value: constant("Authorization denied"),
});
var dup2327 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Unknown"),
});
var dup2328 = set_field({
dest: "nwparser.event_description",
value: constant("Authorization denied"),
});
var dup2329 = set_field({
dest: "nwparser.event_description",
value: constant("Authentication Failed"),
});
var dup2330 = set_field({
dest: "nwparser.result",
value: constant("Interactive challenge processing not supported"),
});
var dup2331 = constant("Routing failed to locate next-hop");
var dup2332 = set_field({
dest: "nwparser.ec_activity",
value: constant("Read"),
});
var dup2333 = set_field({
dest: "nwparser.ec_activity",
value: constant("Delete"),
});
var dup2334 = set_field({
dest: "nwparser.ec_activity",
value: constant("Stop"),
});
var dup2335 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logon"),
});
var dup2336 = set_field({
dest: "nwparser.event_description",
value: constant("User executed command"),
});
var dup2337 = set_field({
dest: "nwparser.event_description",
value: constant("user authentication rejected"),
});
var dup2338 = set_field({
dest: "nwparser.result",
value: constant("retrieved default group policy"),
});
var dup2339 = call({
dest: "nwparser.bytes",
fn: CALC,
args: [
field("sbytes"),
constant("+"),
field("rbytes"),
],
});
var dup2340 = set_field({
dest: "nwparser.event_type",
value: constant("VPN"),
});
var dup2341 = set_field({
dest: "nwparser.event_description",
value: constant("Embryonic limit exceeded"),
});
var dup2342 = set_field({
dest: "nwparser.event_description",
value: constant("Embyonic connection limit exceeded"),
});
var dup2343 = set_field({
dest: "nwparser.ec_theme",
value: constant("Encryption"),
});
var dup2344 = set_field({
dest: "nwparser.ec_subject",
value: constant("CryptoKey"),
});
var dup2345 = set_field({
dest: "nwparser.protocol",
value: constant("UDP"),
});
var dup2346 = set_field({
dest: "nwparser.direction",
value: constant("inbound"),
});
var dup2347 = set_field({
dest: "nwparser.direction",
value: constant("outbound"),
});
var dup2348 = set_field({
dest: "nwparser.event_description",
value: constant("teardown connection"),
});
var dup2349 = set_field({
dest: "nwparser.protocol",
value: constant("TCP"),
});
var dup2350 = set_field({
dest: "nwparser.event_description",
value: constant("build connection"),
});
var dup2351 = set_field({
dest: "nwparser.event_description",
value: constant("Connection pre-allocated"),
});
var dup2352 = set_field({
dest: "nwparser.event_description",
value: constant("Teardown connection"),
});
var dup2353 = set_field({
dest: "nwparser.event_description",
value: constant("Rebuilt connection"),
});
var dup2354 = match({
dissect: {
tokenizer: "%{sport} (%{stransaddr}/%{stransport}))",
field: "nwparser.p3",
},
});
var dup2355 = call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N:%U:%O"),
field("duration"),
],
});
var dup2356 = match({
dissect: {
tokenizer: " '%{username}' %{p7}",
field: "nwparser.p6",
},
});
var dup2357 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{username} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2358 = set_field({
dest: "nwparser.event_description",
value: constant("Built connection"),
});
var dup2359 = call({
dest: "nwparser.protocol",
fn: action2Proto,
args: [
field("action"),
],
});
var dup2360 = call({
dest: "nwparser.urldomain",
fn: URL,
args: [
field("$DOMAIN"),
field("url"),
],
});
var dup2361 = call({
dest: "nwparser.urlroot",
fn: URL,
args: [
field("$ROOT"),
field("url"),
],
});
var dup2362 = call({
dest: "nwparser.urlpage",
fn: URL,
args: [
field("$PAGE"),
field("url"),
],
});
var dup2363 = call({
dest: "nwparser.urlquery",
fn: URL,
args: [
field("$QUERY"),
field("url"),
],
});
var dup2364 = set_field({
dest: "nwparser.event_description",
value: constant("Accessed"),
});
var dup2365 = set_field({
dest: "nwparser.protocol",
value: constant("HTTP"),
});
var dup2366 = set_field({
dest: "nwparser.event_description",
value: constant("teardown translation"),
});
var dup2367 = set_field({
dest: "nwparser.event_description",
value: constant("No translation group found"),
});
var dup2368 = set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed"),
});
var dup2369 = set_field({
dest: "nwparser.event_description",
value: constant("Built translation"),
});
var dup2370 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}%{dport}",
field: "nwparser.p1",
},
});
var dup2371 = set_field({
dest: "nwparser.result",
value: constant("due to NAT reverse path failure"),
});
var dup2372 = set_field({
dest: "nwparser.dport",
value: constant("23"),
});
var dup2373 = set_field({
dest: "nwparser.sport",
value: constant("0"),
});
var dup2374 = set_field({
dest: "nwparser.event_description",
value: constant("Denied login session"),
});
var dup2375 = set_field({
dest: "nwparser.event_description",
value: constant("login session failure"),
});
var dup2376 = set_field({
dest: "nwparser.event_description",
value: constant("session limit exceeded"),
});
var dup2377 = set_field({
dest: "nwparser.event_description",
value: constant("Invalid destination"),
});
var dup2378 = set_field({
dest: "nwparser.event_description",
value: constant("Login session failed"),
});
var dup2379 = set_field({
dest: "nwparser.event_description",
value: constant("Web Cache acquired"),
});
var dup2380 = set_field({
dest: "nwparser.ec_activity",
value: constant("Create"),
});
var dup2381 = lookup({
dest: "nwparser.src_zone",
map: map_srcDirName,
key: field("inout"),
});
var dup2382 = lookup({
dest: "nwparser.dst_zone",
map: map_dstDirName,
key: field("inout"),
});
var dup2383 = call({
dest: "nwparser.sigcat",
fn: SYSVAL,
args: [
field("$CATEGORY"),
],
});
var dup2384 = set_field({
dest: "nwparser.event_description",
value: constant("invalid IPSEC packet"),
});
var dup2385 = set_field({
dest: "nwparser.service",
value: constant("IPSEC"),
});
var dup2386 = set_field({
dest: "nwparser.result",
value: constant("hardware accelerator error"),
});
var dup2387 = set_field({
dest: "nwparser.event_description",
value: constant("Unable to create new connection"),
});
var dup2388 = set_field({
dest: "nwparser.event_description",
value: constant("FTP connection terminated"),
});
var dup2389 = set_field({
dest: "nwparser.result",
value: constant("for through connections"),
});
var dup2390 = set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP packet - length exceeded"),
});
var dup2391 = set_field({
dest: "nwparser.context",
value: constant("Content type not found"),
});
var dup2392 = set_field({
dest: "nwparser.event_description",
value: constant("icmp packet denied"),
});
var dup2393 = set_field({
dest: "nwparser.result",
value: constant("to/from mangement-only network"),
});
var dup2394 = set_field({
dest: "nwparser.event_description",
value: constant("packet denied"),
});
var dup2395 = set_field({
dest: "nwparser.event_description",
value: constant("IPS request to drop packet"),
});
var dup2396 = set_field({
dest: "nwparser.ec_theme",
value: constant("UserGroup"),
});
var dup2397 = match({
dissect: {
tokenizer: "%{application}\", %{info}%{info}",
field: "nwparser.p0",
},
});
var dup2398 = set_field({
dest: "nwparser.event_description",
value: constant("Received an ICMP Destination Unreachable"),
});
var dup2399 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session connected"),
});
var dup2400 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session disconnected"),
});
var dup2401 = constant("Login denied");
var dup2402 = set_field({
dest: "nwparser.result",
value: constant("User authentication succeeded"),
});
var dup2403 = set_field({
dest: "nwparser.event_description",
value: constant("User Authentication failed"),
});
var dup2404 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logoff"),
});
var dup2405 = set_field({
dest: "nwparser.event_description",
value: constant("NAT configured"),
});
var dup2406 = set_field({
dest: "nwparser.event_description",
value: constant("NAT exemption configured"),
});
var dup2407 = set_field({
dest: "nwparser.event_description",
value: constant("Policy installed"),
});
var dup2408 = set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocate connection"),
});
var dup2409 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete received"),
});
var dup2410 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete sent"),
});
var dup2411 = set_field({
dest: "nwparser.event_description",
value: constant("DPD timed out"),
});
var dup2412 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 retransmission"),
});
var dup2413 = set_field({
dest: "nwparser.event_description",
value: constant("malformed payload received"),
});
var dup2414 = set_field({
dest: "nwparser.event_description",
value: constant("duplicate packet detected"),
});
var dup2415 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange started"),
});
var dup2416 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange completed"),
});
var dup2417 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 initiating rekey"),
});
var dup2418 = set_field({
dest: "nwparser.event_description",
value: constant("request discarded"),
});
var dup2419 = set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator New/Rekeying Phase"),
});
var dup2420 = set_field({
dest: "nwparser.result",
value: constant("Tunnel Rejected"),
});
var dup2421 = set_field({
dest: "nwparser.ec_subject",
value: constant("Message"),
});
var dup2422 = set_field({
dest: "nwparser.ec_activity",
value: constant("Receive"),
});
var dup2423 = set_field({
dest: "nwparser.event_description",
value: constant("Rekeying duration changed"),
});
var dup2424 = set_field({
dest: "nwparser.event_description",
value: constant("IKE lost contact with remote peer deleting connection"),
});
var dup2425 = set_field({
dest: "nwparser.event_description",
value: constant("Connection Redirected via Load Balancing"),
});
var dup2426 = set_field({
dest: "nwparser.event_description",
value: constant("deleting static route for address"),
});
var dup2427 = set_field({
dest: "nwparser.event_description",
value: constant("Remote peer has failed user authentication"),
});
var dup2428 = constant("Tunnel Rejected");
var dup2429 = set_field({
dest: "nwparser.event_description",
value: constant("Client allowed"),
});
var dup2430 = set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check"),
});
var dup2431 = set_field({
dest: "nwparser.event_description",
value: constant("Session is being torn down"),
});
var dup2432 = set_field({
dest: "nwparser.event_description",
value: constant("IKEGetUserAttributes"),
});
var dup2433 = set_field({
dest: "nwparser.ec_subject",
value: constant("Certificate"),
});
var dup2434 = set_field({
dest: "nwparser.event_description",
value: constant("SVC connection established"),
});
var dup2435 = set_field({
dest: "nwparser.event_description",
value: constant("SVC Session Termination"),
});
var dup2436 = set_field({
dest: "nwparser.event_description",
value: constant("Session terminated"),
});
var dup2437 = set_field({
dest: "nwparser.event_description",
value: constant("assigned to session"),
});
var dup2438 = set_field({
dest: "nwparser.event_description",
value: constant("Starting SSL handshake"),
});
var dup2439 = set_field({
dest: "nwparser.event_description",
value: constant("SSL server requesting certificate for authentication"),
});
var dup2440 = set_field({
dest: "nwparser.event_description",
value: constant("Device failed SSL handshake"),
});
var dup2441 = set_field({
dest: "nwparser.event_description",
value: constant("Device proposes cipher(s)"),
});
var dup2442 = set_field({
dest: "nwparser.event_description",
value: constant("Device chooses cipher for the SSL session"),
});
var dup2443 = set_field({
dest: "nwparser.result",
value: constant("DHCP configured"),
});
var dup2444 = set_field({
dest: "nwparser.result",
value: constant("Local pool request succeeded "),
});
var dup2445 = set_field({
dest: "nwparser.event_description",
value: constant("Address assignment failed"),
});
var dup2446 = set_field({
dest: "nwparser.result",
value: constant("Freeing local pool address"),
});
var dup2447 = set_field({
dest: "nwparser.result",
value: constant("Unable to get address from group-policy or tunnel-group"),
});
var dup2448 = set_field({
dest: "nwparser.result",
value: constant("Succeeded"),
});
var dup2449 = constant("Failed");
var dup2450 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dH,dT,dS],
});
var dup2451 = set_field({
dest: "nwparser.event_description",
value: constant("Denied IPv6-ICMP"),
});
var dup2452 = set_field({
dest: "nwparser.id",
value: field("p_msgid"),
});
var dup2453 = set_field({
dest: "nwparser.msg_id",
value: field("p_msgid"),
});
var dup2454 = set_field({
dest: "nwparser.vid",
value: field("p_msgid"),
});
var dup2455 = constant("INSIDE");
var dup2456 = constant("OUTSIDE");
var hdr1 = match({
dissect: {
tokenizer: "%ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr2 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{hostip} : %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr3 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{hhost}: %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr4 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{p0}",
field: "message",
},
});
var msg1 = match({
dissect: {
tokenizer: "%{hhour}:%{hmin}:%{hsec}: %ASA%{p1}",
field: "nwparser.p0",
},
});
var msg2 = match({
dissect: {
tokenizer: "%{hhour}:%{hmin}:%{hsec} %ASA%{p1}",
field: "nwparser.p0",
},
});
var select1 = linear_select([
msg1,
msg2,
]);
var msg3 = match({
dissect: {
tokenizer: "-%{level}-%{messageid}: %{payload}",
field: "nwparser.p1",
},
});
var all1 = all_match({
processors: [
hdr4,
select1,
msg3,
],
});
var hdr5 = match({
dissect: {
tokenizer: "%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{hostip} %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr6 = match({
dissect: {
tokenizer: "%{paddr} %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr7 = match({
dissect: {
tokenizer: ":%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{timezone}: %ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr8 = match({
dissect: {
tokenizer: "%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{timezone}: %ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr9 = match({
dissect: {
tokenizer: "%ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr10 = match({
dissect: {
tokenizer: "%ASA-%{level}-%{messageid} %{payload}",
field: "message",
},
});
var hdr11 = match({
dissect: {
tokenizer: "%FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr12 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{paddr} : %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr13 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr14 = match({
dissect: {
tokenizer: "%{paddr} %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr15 = match({
dissect: {
tokenizer: ":%ASA-%{group}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr16 = match({
dissect: {
tokenizer: "%ASA-%{payload}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var hdr17 = match({
dissect: {
tokenizer: "%{fld}%ASA-%{payload}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var select2 = linear_select([
hdr1,
hdr2,
hdr3,
all1,
hdr5,
hdr6,
hdr7,
hdr8,
hdr9,
hdr10,
hdr11,
hdr12,
hdr13,
hdr14,
hdr15,
hdr16,
hdr17,
]);
var msg4 = match({
dissect: {
tokenizer: "%{fld1}: packet missing %{fld2}, destadr=%{daddr}, actual prot=%{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2,
]),
});
var all2 = all_match({
processors: [
dup3,
dup4,
dup5,
],
on_success: processor_chain([
dup6,
dup7,
]),
});
var all3 = all_match({
processors: [
dup8,
dup4,
dup9,
],
on_success: processor_chain([
dup10,
dup11,
]),
});
var all4 = all_match({
processors: [
dup12,
dup4,
dup13,
],
on_success: processor_chain([
dup14,
dup15,
]),
});
var msg5 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup17,
]),
});
var msg6 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, NAT-Discovery payloads missing. Aborting NAT-Traversal.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup19,
]),
});
var msg7 = match({
dissect: {
tokenizer: "Reloaded at %{event_time_string} by failover parser thread. Reload reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup21,
]),
});
var all5 = all_match({
processors: [
dup22,
dup4,
dup23,
dup24,
],
on_success: processor_chain([
dup25,
dup26,
]),
});
var select3 = linear_select([
msg7,
all5,
]);
var msg8 = match({
dissect: {
tokenizer: "%{sigid} Content size %{priority} out of range - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup28,
]),
});
var msg9 = match({
dissect: {
tokenizer: "OBSOLETE DESCRIPTOR - INDEX %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup30,
]),
});
var all6 = all_match({
processors: [
dup31,
dup32,
],
on_success: processor_chain([
dup33,
dup34,
]),
});
var msg10 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup35,
]),
});
var msg11 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect parent session started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup36,
]),
});
var msg12 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup37,
]),
});
var msg13 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup38,
]),
});
var msg14 = match({
dissect: {
tokenizer: "Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup39,
]),
});
var select4 = linear_select([
msg12,
msg13,
msg14,
]);
var msg15 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup40,
]),
});
var msg16 = match({
dissect: {
tokenizer: "IKE Initiator sending 1st QM pkt: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup42,
]),
});
var select5 = linear_select([
msg15,
msg16,
]);
var msg17 = match({
dissect: {
tokenizer: "No route to %{daddr} from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup44,
]),
});
var msg18 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Group:%{group} IPv4 Address=%{stransaddr} IPv6 address=%{hostip_v6} assigned to session",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup46,
]),
});
var msg19 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup48,
]),
});
var msg20 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup50,
]),
});
var msg21 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup51,
]),
});
var msg22 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received DH key with bad length: received length=%{observed_val} expected length=%{expected_val}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup52,
]),
});
var all7 = all_match({
processors: [
dup53,
dup54,
],
on_success: processor_chain([
dup55,
dup56,
]),
});
var msg23 = match({
dissect: {
tokenizer: "Sent KEEPALIVE response to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup57,
]),
});
var msg24 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup59,
]),
});
var msg25 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup60,
]),
});
var msg26 = match({
dissect: {
tokenizer: "%{service} requested to drop %{protocol} packet from %{sinterface}:%{saddr}/%{sport} %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup62,
]),
});
var all8 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup67,
],
on_success: processor_chain([
dup68,
dup69,
]),
});
var all9 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
dup78,
dup79,
dup80,
],
on_success: processor_chain([
dup81,
dup82,
]),
});
var all10 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
],
on_success: processor_chain([
dup81,
dup83,
]),
});
var select6 = linear_select([
all9,
all10,
]);
var all11 = all_match({
processors: [
dup84,
dup4,
],
on_success: processor_chain([
dup85,
dup86,
]),
});
var all12 = all_match({
processors: [
dup87,
dup88,
],
on_success: processor_chain([
dup89,
dup90,
]),
});
var all13 = all_match({
processors: [
dup91,
dup92,
],
on_success: processor_chain([
dup93,
dup94,
]),
});
var msg27 = match({
dissect: {
tokenizer: "Dynamic filter updater server dynamically changed from %{change_old} to %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup95,
]),
});
var msg28 = match({
dissect: {
tokenizer: "IKE port %{network_port} for IPSec UDP already reserved on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup96,
]),
});
var all14 = all_match({
processors: [
dup12,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup98,
]),
});
var all15 = all_match({
processors: [
dup99,
dup100,
dup101,
],
on_success: processor_chain([
dup14,
dup102,
]),
});
var msg29 = match({
dissect: {
tokenizer: "INFO: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup103,
]),
});
var all16 = all_match({
processors: [
dup104,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup105,
]),
});
var select7 = linear_select([
msg28,
all14,
all15,
msg29,
all16,
]);
var msg30 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup107,
]),
});
var all17 = all_match({
processors: [
dup108,
dup4,
dup109,
],
on_success: processor_chain([
dup110,
dup111,
]),
});
var msg31 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup112,
]),
});
var all18 = all_match({
processors: [
dup113,
dup4,
dup114,
],
on_success: processor_chain([
dup115,
dup116,
]),
});
var msg32 = match({
dissect: {
tokenizer: "Revoked certificate issued to user: %{username} with serial number %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup117,
]),
});
var msg33 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup118,
]),
});
var msg34 = match({
dissect: {
tokenizer: "Built %{context} translation from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup119,
]),
});
var msg35 = match({
dissect: {
tokenizer: "Web Cache %{saddr}/%{shost} lost",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup120,
]),
});
var msg36 = match({
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: %{stransaddr} Split Tunnel Networks:",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup122,
]),
});
var msg37 = match({
dissect: {
tokenizer: "%{fld1} card in slot %{fld2} which is different from my %{fld3}",
field: "nwparser.p1",
},
});
var all19 = all_match({
processors: [
dup123,
dup124,
msg37,
],
on_success: processor_chain([
dup125,
dup126,
]),
});
var all20 = all_match({
processors: [
dup127,
dup64,
dup128,
],
on_success: processor_chain([
dup14,
dup129,
]),
});
var msg38 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup130,
]),
});
var msg39 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup132,
]),
});
var msg40 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup133,
]),
});
var msg41 = match({
dissect: {
tokenizer: "%{application}: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup134,
]),
});
var msg42 = match({
dissect: {
tokenizer: "NAC policy added: name: \u003c\u003c%{policyname}\u003e Type: \u003c\u003c %{info} \u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup135,
dup136,
]),
});
var msg43 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup138,
]),
});
var all21 = all_match({
processors: [
dup139,
dup140,
],
on_success: processor_chain([
dup141,
dup142,
]),
});
var msg44 = match({
dissect: {
tokenizer: "%{hostip} changed from area %{fld1} to area %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup143,
]),
});
var all22 = all_match({
processors: [
dup144,
dup145,
dup146,
dup147,
dup148,
dup149,
],
on_success: processor_chain([
dup33,
dup150,
]),
});
var all23 = all_match({
processors: [
dup151,
dup152,
dup153,
],
on_success: processor_chain([
dup33,
dup154,
]),
});
var select8 = linear_select([
all22,
all23,
]);
var msg45 = match({
dissect: {
tokenizer: "Create group policy [%{policyname}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup155,
]),
});
var all24 = all_match({
processors: [
dup156,
dup157,
],
on_success: processor_chain([
dup14,
dup158,
]),
});
var all25 = all_match({
processors: [
dup70,
dup159,
dup160,
dup161,
],
on_success: processor_chain([
dup85,
dup162,
]),
});
var msg46 = match({
dissect: {
tokenizer: "GTPv0 packet parsing error from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, TID: %{fld1}, Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup163,
]),
});
var msg47 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup164,
]),
});
var msg48 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received remote Proxy Host FQDN in ID Payload: Host Name: %{hostname} Address %{hostip}, Protocol %{protocol}, Port %{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup165,
]),
});
var msg49 = match({
dissect: {
tokenizer: "Permitted manager connection from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup167,
]),
});
var msg50 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup169,
]),
});
var msg51 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup171,
]),
});
var msg52 = match({
dissect: {
tokenizer: "Threat-detection removes host %{hostip} from shun list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup172,
]),
});
var all26 = all_match({
processors: [
dup173,
dup174,
dup175,
dup176,
],
on_success: processor_chain([
dup177,
dup178,
]),
});
var all27 = all_match({
processors: [
dup179,
dup180,
dup181,
],
on_success: processor_chain([
dup177,
dup182,
]),
});
var select9 = linear_select([
all26,
all27,
]);
var msg53 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup184,
]),
});
var all28 = all_match({
processors: [
dup185,
dup186,
],
on_success: processor_chain([
dup141,
dup187,
]),
});
var all29 = all_match({
processors: [
dup188,
dup186,
],
on_success: processor_chain([
dup141,
dup189,
]),
});
var select10 = linear_select([
all28,
all29,
]);
var all30 = all_match({
processors: [
dup190,
dup191,
dup192,
],
on_success: processor_chain([
dup193,
dup194,
]),
});
var msg54 = match({
dissect: {
tokenizer: "Removing v1 PDP Context with TID %{fld1} from GGSN %{fld2} and SGSN %{fld3}, Reason: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup195,
]),
});
var select11 = linear_select([
all30,
msg54,
]);
var msg55 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup196,
]),
});
var msg56 = match({
dissect: {
tokenizer: "%{process}: Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup197,
]),
});
var msg57 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup198,
]),
});
var select12 = linear_select([
msg56,
msg57,
]);
var msg58 = match({
dissect: {
tokenizer: "Bad Checksum in %{network_service} command",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup200,
]),
});
var all31 = all_match({
processors: [
dup201,
dup202,
dup203,
],
on_success: processor_chain([
dup204,
dup205,
]),
});
var select13 = linear_select([
msg58,
all31,
]);
var msg59 = match({
dissect: {
tokenizer: "Detected %{network_service} size violation from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup206,
]),
});
var all32 = all_match({
processors: [
dup207,
dup208,
dup209,
],
on_success: processor_chain([
dup68,
dup210,
]),
});
var msg60 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup211,
]),
});
var msg61 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup212,
]),
});
var all33 = all_match({
processors: [
dup12,
dup4,
dup213,
dup214,
],
on_success: processor_chain([
dup215,
dup216,
]),
});
var all34 = all_match({
processors: [
dup217,
dup218,
],
on_success: processor_chain([
dup215,
dup219,
]),
});
var select14 = linear_select([
all33,
all34,
]);
var msg62 = match({
dissect: {
tokenizer: "Validating certificate chain containing %{fld1} certificate(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup221,
]),
});
var msg63 = match({
dissect: {
tokenizer: "Group %{group} User %{username} IP %{saddr} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup223,
]),
});
var all35 = all_match({
processors: [
dup63,
dup64,
dup65,
dup224,
dup225,
],
on_success: processor_chain([
dup93,
dup226,
]),
});
var msg64 = match({
dissect: {
tokenizer: "FTP port command different address: %{saddr}(%{fld1}) to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup227,
dup228,
]),
});
var msg65 = match({
dissect: {
tokenizer: "Unsupported CTIQBE version: %{fld1}: from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup229,
]),
});
var msg66 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup230,
]),
});
var select15 = linear_select([
msg65,
msg66,
]);
var msg67 = match({
dissect: {
tokenizer: "Tunnel Manager has failed to establish an L2L SA. %{result}. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup231,
]),
});
var msg68 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup233,
]),
});
var all36 = all_match({
processors: [
dup234,
dup4,
dup5,
],
on_success: processor_chain([
dup235,
dup236,
]),
});
var msg69 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup237,
]),
});
var all37 = all_match({
processors: [
dup238,
dup239,
dup240,
],
on_success: processor_chain([
dup14,
dup241,
]),
});
var msg70 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup242,
]),
});
var msg71 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup244,
]),
});
var msg72 = match({
dissect: {
tokenizer: "%{sigid} HTTP Tunnel detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup245,
]),
});
var msg73 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup246,
]),
});
var msg74 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([