Skip to content

Instantly share code, notes, and snippets.

@adriansr
Created April 21, 2020 08:50
Show Gist options
  • Save adriansr/37911fc3cb5d57ee4c205a424ba192a0 to your computer and use it in GitHub Desktop.
Save adriansr/37911fc3cb5d57ee4c205a424ba192a0 to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
// Register params from configuration.
function register(params) {
device = new DeviceProcessor();
}
function process(evt) {
return device.process(evt);
}
function DeviceProcessor() {
var builder = new processor.Chain();
builder.Add(save_flags);
builder.Add(chain1);
builder.Add(restore_flags);
var chain = builder.Build();
return {
process: chain.Run,
}
}
var map_srcDirName = {
keyvaluepairs: {
"0": dup2456,
"1": dup2455,
},
};
var map_dstDirName = {
keyvaluepairs: {
"0": dup2455,
"1": dup2456,
},
};
var map_dir2SumType = {
keyvaluepairs: {
"0": constant("2"),
"1": constant("3"),
},
"default": constant("0"),
};
var map_dir2Address = {
keyvaluepairs: {
"0": field("saddr"),
"1": field("daddr"),
},
"default": field("saddr"),
};
var map_dir2Port = {
keyvaluepairs: {
"0": field("sport"),
"1": field("dport"),
},
"default": field("sport"),
};
var dup0 = set_field({
dest: "nwparser.messageid",
value: constant("CISCOASA_GENERIC"),
});
var dup1 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801010100"),
});
var dup2 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402102"),
});
var dup3 = match({
dissect: {
tokenizer: "Group policy deleted: name:%{p0}",
field: "nwparser.payload",
},
});
var dup4 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup5 = match({
dissect: {
tokenizer: " Type:%{fld1}",
field: "nwparser.p1",
},
});
var dup6 = set_field({
dest: "nwparser.eventcategory",
value: constant("1502040000"),
});
var dup7 = set_field({
dest: "nwparser.msg_id1",
value: constant("502112"),
});
var dup8 = match({
dissect: {
tokenizer: "PPTP Tunnel created, tunnel_id is %{fld1}, remote_peer_ip is %{saddr}, ppp_virtual_interface_id is %{fld2}, client_dynamic_ip is %{daddr}, username is %{p0}",
field: "nwparser.payload",
},
});
var dup9 = match({
dissect: {
tokenizer: ", MPPE_key_strength is %{fld3}",
field: "nwparser.p1",
},
});
var dup10 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020100"),
});
var dup11 = set_field({
dest: "nwparser.msg_id1",
value: constant("603104"),
});
var dup12 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{p0}",
field: "nwparser.payload",
},
});
var dup13 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Tunnel Rejected: %{action}",
field: "nwparser.p1",
},
});
var dup14 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605000000"),
});
var dup15 = set_field({
dest: "nwparser.msg_id1",
value: constant("713060"),
});
var dup16 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801000000"),
});
var dup17 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713121"),
});
var dup18 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701020000"),
});
var dup19 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715058"),
});
var dup20 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1606000000"),
});
var dup21 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199009:01"),
});
var dup22 = match({
dissect: {
tokenizer: "Reloaded at %{event_time_string} by %{p0}",
field: "nwparser.payload",
},
});
var dup23 = match({
dissect: {
tokenizer: " from %{process}. Reload reason: %{p2}",
field: "nwparser.p1",
},
});
var dup24 = linear_select([
match({
dissect: {
tokenizer: " [%{result}] %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup25 = set_field({
dest: "nwparser.eventcategory",
value: constant("1606000000"),
});
var dup26 = set_field({
dest: "nwparser.msg_id1",
value: constant("199009"),
});
var dup27 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030305"),
});
var dup28 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415006"),
});
var dup29 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605000000"),
});
var dup30 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714001"),
});
var dup31 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup32 = match({
dissect: {
tokenizer: ", %{action}: msg id = %{fld1}",
field: "nwparser.p0",
},
});
var dup33 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801000000"),
});
var dup34 = set_field({
dest: "nwparser.msg_id1",
value: constant("714005"),
});
var dup35 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715068"),
});
var dup36 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113039"),
});
var dup37 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273"),
});
var dup38 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273:01"),
});
var dup39 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713273:02"),
});
var dup40 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714004"),
});
var dup41 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605020000"),
});
var dup42 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714004:01"),
});
var dup43 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805010000"),
});
var dup44 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110001"),
});
var dup45 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603000000"),
});
var dup46 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751025"),
});
var dup47 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603110000"),
});
var dup48 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105038"),
});
var dup49 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805020000"),
});
var dup50 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318008"),
});
var dup51 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("711001"),
});
var dup52 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713240"),
});
var dup53 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup54 = match({
dissect: {
tokenizer: ", %{action} history (%{fld1})",
field: "nwparser.p0",
},
});
var dup55 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010100"),
});
var dup56 = set_field({
dest: "nwparser.msg_id1",
value: constant("715065"),
});
var dup57 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718021"),
});
var dup58 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701000000"),
});
var dup59 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721003"),
});
var dup60 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103003"),
});
var dup61 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803000000"),
});
var dup62 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("429002"),
});
var dup63 = match({
dissect: {
tokenizer: "Group \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup64 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup65 = match({
dissect: {
tokenizer: " IP \u003c\u003c %{p2}",
field: "nwparser.p1",
},
});
var dup66 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup67 = match({
dissect: {
tokenizer: " \u003e SVC closing connection: %{info}.",
field: "nwparser.p3",
},
});
var dup68 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030100"),
});
var dup69 = set_field({
dest: "nwparser.msg_id1",
value: constant("722037"),
});
var dup70 = match({
dissect: {
tokenizer: "AAA user %{p0}",
field: "nwparser.payload",
},
});
var dup71 = linear_select([
match({
dissect: {
tokenizer: " authentication %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " authorization %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup72 = match({
dissect: {
tokenizer: " Rejected : reason = %{result} : server = %{p2}",
field: "nwparser.p1",
},
});
var dup73 = linear_select([
match({
dissect: {
tokenizer: " %{hostip} : %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{hostip}, %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup74 = match({
dissect: {
tokenizer: " %{p4}",
field: "nwparser.p3",
},
});
var dup75 = linear_select([
match({
dissect: {
tokenizer: " User %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " user %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup76 = match({
dissect: {
tokenizer: " = %{p6}",
field: "nwparser.p5",
},
});
var dup77 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup78 = match({
dissect: {
tokenizer: " : %{p8}",
field: "nwparser.p7",
},
});
var dup79 = linear_select([
match({
dissect: {
tokenizer: "user IP%{p9}",
field: "nwparser.p8",
},
}),
match({
dissect: {
tokenizer: "User IP%{p9}",
field: "nwparser.p8",
},
}),
]);
var dup80 = match({
dissect: {
tokenizer: " = %{saddr}",
field: "nwparser.p9",
},
});
var dup81 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301000000"),
});
var dup82 = set_field({
dest: "nwparser.msg_id1",
value: constant("113005:01"),
});
var dup83 = set_field({
dest: "nwparser.msg_id1",
value: constant("113005"),
});
var dup84 = match({
dissect: {
tokenizer: "AAA transaction status %{disposition} : user = %{p0}",
field: "nwparser.payload",
},
});
var dup85 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401060000"),
});
var dup86 = set_field({
dest: "nwparser.msg_id1",
value: constant("113008"),
});
var dup87 = linear_select([
match({
dissect: {
tokenizer: " FWSM console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " PIX console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Console %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup88 = match({
dissect: {
tokenizer: " enable password incorrect for %{fld1} tries (from %{hostip})",
field: "nwparser.p0",
},
});
var dup89 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050200"),
});
var dup90 = set_field({
dest: "nwparser.msg_id1",
value: constant("308001"),
});
var dup91 = match({
dissect: {
tokenizer: "Fail to establish SSH session because%{p0}",
field: "nwparser.payload",
},
});
var dup92 = linear_select([
match({
dissect: {
tokenizer: " PIX RSA host key retrieval failed.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{space}RSA host key retrieval failed.%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup93 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603000000"),
});
var dup94 = set_field({
dest: "nwparser.msg_id1",
value: constant("315004"),
});
var dup95 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338308"),
});
var dup96 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713905:04"),
});
var dup97 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}",
field: "nwparser.p1",
},
});
var dup98 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905"),
});
var dup99 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup100 = match({
dissect: {
tokenizer: ", %{p1}",
field: "nwparser.p0",
},
});
var dup101 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} port %{sport} to %{daddr} port %{dport} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p2}",
field: "nwparser.p1",
},
}),
]);
var dup102 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905:01"),
});
var dup103 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713905:02"),
});
var dup104 = match({
dissect: {
tokenizer: "Username = %{p0}",
field: "nwparser.payload",
},
});
var dup105 = set_field({
dest: "nwparser.msg_id1",
value: constant("713905:03"),
});
var dup106 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613030100"),
});
var dup107 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717004"),
});
var dup108 = match({
dissect: {
tokenizer: "Auth start for user %{p0}",
field: "nwparser.payload",
},
});
var dup109 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup110 = set_field({
dest: "nwparser.eventcategory",
value: constant("1304000000"),
});
var dup111 = set_field({
dest: "nwparser.msg_id1",
value: constant("109001"),
});
var dup112 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199003"),
});
var dup113 = match({
dissect: {
tokenizer: "New user added to local dbase: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup114 = match({
dissect: {
tokenizer: " Priv: %{fld1} Encpass: %{fld2}",
field: "nwparser.p1",
},
});
var dup115 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020200"),
});
var dup116 = set_field({
dest: "nwparser.msg_id1",
value: constant("502101"),
});
var dup117 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717047"),
});
var dup118 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109022"),
});
var dup119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305009"),
});
var dup120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("332004"),
});
var dup121 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501000000"),
});
var dup122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611303"),
});
var dup123 = linear_select([
match({
dissect: {
tokenizer: "Mate%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "%{info} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup124 = linear_select([
match({
dissect: {
tokenizer: "Matehas a %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{space}has a %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup125 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603010000"),
});
var dup126 = set_field({
dest: "nwparser.msg_id1",
value: constant("105047"),
});
var dup127 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup128 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} Java applet started. %{info}.",
field: "nwparser.p1",
},
});
var dup129 = set_field({
dest: "nwparser.msg_id1",
value: constant("716043"),
});
var dup130 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720040"),
});
var dup131 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1604000000"),
});
var dup132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721002"),
});
var dup133 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104003"),
});
var dup134 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746006"),
});
var dup135 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501020000"),
});
var dup136 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("731001"),
});
var dup137 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1002000000"),
});
var dup138 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("404102"),
});
var dup139 = linear_select([
match({
dissect: {
tokenizer: " PDM %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " ASDM %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup140 = match({
dissect: {
tokenizer: " session number %{sessionid} from %{hostip} started",
field: "nwparser.p0",
},
});
var dup141 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050100"),
});
var dup142 = set_field({
dest: "nwparser.msg_id1",
value: constant("606001"),
});
var dup143 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613003"),
});
var dup144 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup145 = match({
dissect: {
tokenizer: ", IKE Initiator: %{p1}",
field: "nwparser.p0",
},
});
var dup146 = linear_select([
match({
dissect: {
tokenizer: " Rekeying %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " New %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup147 = match({
dissect: {
tokenizer: " Phase %{p3}",
field: "nwparser.p2",
},
});
var dup148 = linear_select([
match({
dissect: {
tokenizer: " 1 %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " 2 %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup149 = match({
dissect: {
tokenizer: ", Intf %{fld1}, IKE Peer %{fld2} %{info}",
field: "nwparser.p4",
},
});
var dup150 = set_field({
dest: "nwparser.msg_id1",
value: constant("713041"),
});
var dup151 = match({
dissect: {
tokenizer: "IKE Initiator: %{p0}",
field: "nwparser.payload",
},
});
var dup152 = linear_select([
match({
dissect: {
tokenizer: " Rekeying %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " New %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup153 = match({
dissect: {
tokenizer: " Phase 2, Intf %{fld1}, IKE Peer %{fld2} %{info}",
field: "nwparser.p1",
},
});
var dup154 = set_field({
dest: "nwparser.msg_id1",
value: constant("713041:01"),
});
var dup155 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718046"),
});
var dup156 = match({
dissect: {
tokenizer: "%{process}:%{p0}",
field: "nwparser.payload",
},
});
var dup157 = linear_select([
match({
dissect: {
tokenizer: " Session=%{sessionid}, Added %{hostip} to standby %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Added %{hostip} to standby %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup158 = set_field({
dest: "nwparser.msg_id1",
value: constant("737029"),
});
var dup159 = linear_select([
match({
dissect: {
tokenizer: " authentication %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " authorization %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " accounting %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup160 = match({
dissect: {
tokenizer: " Successful : server = %{hostip} : user = %{p2}",
field: "nwparser.p1",
},
});
var dup161 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup162 = set_field({
dest: "nwparser.msg_id1",
value: constant("113004"),
});
var dup163 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324001"),
});
var dup164 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403501"),
});
var dup165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713177"),
});
var dup166 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401050100"),
});
var dup167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309002"),
});
var dup168 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020100"),
});
var dup169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400015"),
});
var dup170 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1002020000"),
});
var dup171 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400031"),
});
var dup172 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733103"),
});
var dup173 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup174 = match({
dissect: {
tokenizer: "@%{saddr} Accessed %{p1}",
field: "nwparser.p0",
},
});
var dup175 = linear_select([
match({
dissect: {
tokenizer: " JAVA URL %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " URL %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup176 = match({
dissect: {
tokenizer: " %{daddr}: %{url}",
field: "nwparser.p2",
},
});
var dup177 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204010000"),
});
var dup178 = set_field({
dest: "nwparser.msg_id1",
value: constant("304001"),
});
var dup179 = match({
dissect: {
tokenizer: "%{saddr} Accessed %{p0}",
field: "nwparser.payload",
},
});
var dup180 = linear_select([
match({
dissect: {
tokenizer: " JAVA URL %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " URL %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup181 = match({
dissect: {
tokenizer: " %{daddr}: %{url}",
field: "nwparser.p1",
},
});
var dup182 = set_field({
dest: "nwparser.msg_id1",
value: constant("304001:01"),
});
var dup183 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1303000000"),
});
var dup184 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109021"),
});
var dup185 = match({
dissect: {
tokenizer: "Login permitted from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service} for user %{p0}",
field: "nwparser.payload",
},
});
var dup186 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup187 = set_field({
dest: "nwparser.msg_id1",
value: constant("605005"),
});
var dup188 = match({
dissect: {
tokenizer: "%{result} for user %{p0}",
field: "nwparser.payload",
},
});
var dup189 = set_field({
dest: "nwparser.msg_id1",
value: constant("605005:01"),
});
var dup190 = match({
dissect: {
tokenizer: "Removing v1 %{p0}",
field: "nwparser.payload",
},
});
var dup191 = linear_select([
match({
dissect: {
tokenizer: " primary %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " secondary %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup192 = match({
dissect: {
tokenizer: " PDP Context with TID %{fld1} from GGSN %{fld2} and SGSN %{fld3}, Reason: %{event_description}",
field: "nwparser.p1",
},
});
var dup193 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701000000"),
});
var dup194 = set_field({
dest: "nwparser.msg_id1",
value: constant("617002"),
});
var dup195 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617002:01"),
});
var dup196 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715050"),
});
var dup197 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737019"),
});
var dup198 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737019:01"),
});
var dup199 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1207010200"),
});
var dup200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108003"),
});
var dup201 = match({
dissect: {
tokenizer: "Terminating %{network_service} connection; malicious pattern detected in the %{space} mail address from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}. %{p0}",
field: "nwparser.payload",
},
});
var dup202 = linear_select([
match({
dissect: {
tokenizer: " Mail Address %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Data %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup203 = match({
dissect: {
tokenizer: " :%{result}",
field: "nwparser.p1",
},
});
var dup204 = set_field({
dest: "nwparser.eventcategory",
value: constant("1207010200"),
});
var dup205 = set_field({
dest: "nwparser.msg_id1",
value: constant("108003:01"),
});
var dup206 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108006"),
});
var dup207 = match({
dissect: {
tokenizer: "%{service}: An %{direction} SA (SPI= %{fld1}) between %{saddr} and %{daddr} %{p0}",
field: "nwparser.payload",
},
});
var dup208 = linear_select([
match({
dissect: {
tokenizer: " (user=%{username}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup209 = match({
dissect: {
tokenizer: " %{action}",
field: "nwparser.p1",
},
});
var dup210 = set_field({
dest: "nwparser.msg_id1",
value: constant("602304"),
});
var dup211 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105020"),
});
var dup212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602102"),
});
var dup213 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{p2}",
field: "nwparser.p1",
},
});
var dup214 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} duration from %{fld1} to %{fld2} seconds%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup215 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613040200"),
});
var dup216 = set_field({
dest: "nwparser.msg_id1",
value: constant("713075"),
});
var dup217 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} ,%{p0}",
field: "nwparser.payload",
},
});
var dup218 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} to %{fld2} seconds %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup219 = set_field({
dest: "nwparser.msg_id1",
value: constant("713075:01"),
});
var dup220 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1304000000"),
});
var dup221 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717025"),
});
var dup222 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801020000"),
});
var dup223 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722034"),
});
var dup224 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1})\u003e %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr}\u003e %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup225 = match({
dissect: {
tokenizer: " Received large packet %{bytes} (%{info}).",
field: "nwparser.p3",
},
});
var dup226 = set_field({
dest: "nwparser.msg_id1",
value: constant("722035"),
});
var dup227 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030200"),
});
var dup228 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("406002"),
});
var dup229 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620002:01"),
});
var dup230 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620002"),
});
var dup231 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752015"),
});
var dup232 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701070000"),
});
var dup233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611319"),
});
var dup234 = match({
dissect: {
tokenizer: "New group policy added: name:%{p0}",
field: "nwparser.payload",
},
});
var dup235 = set_field({
dest: "nwparser.eventcategory",
value: constant("1502030000"),
});
var dup236 = set_field({
dest: "nwparser.msg_id1",
value: constant("502111"),
});
var dup237 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611322"),
});
var dup238 = match({
dissect: {
tokenizer: "%{process}: %{p0}",
field: "nwparser.payload",
},
});
var dup239 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Freeing%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Freeing%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup240 = match({
dissect: {
tokenizer: " DHCP address %{hostip}",
field: "nwparser.p1",
},
});
var dup241 = set_field({
dest: "nwparser.msg_id1",
value: constant("737015"),
});
var dup242 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400001"),
});
var dup243 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603020000"),
});
var dup244 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210022"),
});
var dup245 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415001"),
});
var dup246 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("506001"),
});
var dup247 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720021"),
});
var dup248 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201001"),
});
var dup249 = match({
dissect: {
tokenizer: "Dynamic %{p0}",
field: "nwparser.payload",
},
});
var dup250 = linear_select([
match({
dissect: {
tokenizer: " Filter %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " filter %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup251 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup252 = set_field({
dest: "nwparser.msg_id1",
value: constant("338008"),
});
var dup253 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030300"),
});
var dup254 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405002"),
});
var dup255 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444102"),
});
var dup256 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501040000"),
});
var dup257 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109024"),
});
var dup258 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803010000"),
});
var dup259 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106016"),
});
var dup260 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106016:01"),
});
var dup261 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1607000000"),
});
var dup262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338310"),
});
var dup263 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720046"),
});
var dup264 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737003:01"),
});
var dup265 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737003"),
});
var dup266 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737026"),
});
var dup267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737026:01"),
});
var dup268 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1702030000"),
});
var dup269 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105040"),
});
var dup270 = match({
dissect: {
tokenizer: "Authentication failed for admin user %{p0}",
field: "nwparser.payload",
},
});
var dup271 = match({
dissect: {
tokenizer: " from %{saddr}. Interactive challenge processing is not supported for %{p2}",
field: "nwparser.p1",
},
});
var dup272 = linear_select([
match({
dissect: {
tokenizer: " administrative %{protocol} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{protocol} %{info} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup273 = match({
dissect: {
tokenizer: " connections%{}",
field: "nwparser.p3",
},
});
var dup274 = set_field({
dest: "nwparser.msg_id1",
value: constant("109033:01"),
});
var dup275 = match({
dissect: {
tokenizer: " from %{saddr}.",
field: "nwparser.p1",
},
});
var dup276 = set_field({
dest: "nwparser.msg_id1",
value: constant("109033"),
});
var dup277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720063"),
});
var dup278 = match({
dissect: {
tokenizer: "access-list %{listnum} denied %{p0}",
field: "nwparser.payload",
},
});
var dup279 = linear_select([
match({
dissect: {
tokenizer: "%{protocol} for user '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{protocol} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup280 = match({
dissect: {
tokenizer: "%{sinterface}/%{p2}",
field: "nwparser.p1",
},
});
var dup281 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}(%{sport}) -\u003e %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} %{sport} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup282 = match({
dissect: {
tokenizer: "%{dinterface}/%{p4}",
field: "nwparser.p3",
},
});
var dup283 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}(%{dport}) hit-cnt %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: "%{daddr} %{dport} hit-cnt %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup284 = match({
dissect: {
tokenizer: "%{dclass_counter1} %{info}",
field: "nwparser.p5",
},
});
var dup285 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803000000"),
});
var dup286 = set_field({
dest: "nwparser.msg_id1",
value: constant("106102:02"),
});
var dup287 = match({
dissect: {
tokenizer: "access-list %{listnum} permitted %{p0}",
field: "nwparser.payload",
},
});
var dup288 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020000"),
});
var dup289 = set_field({
dest: "nwparser.msg_id1",
value: constant("106102:01"),
});
var dup290 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106102"),
});
var dup291 = match({
dissect: {
tokenizer: "AAA group policy for user %{p0}",
field: "nwparser.payload",
},
});
var dup292 = match({
dissect: {
tokenizer: " is being set to %{p2}",
field: "nwparser.p1",
},
});
var dup293 = linear_select([
match({
dissect: {
tokenizer: " %{policyname}. %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{policyname} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup294 = set_field({
dest: "nwparser.msg_id1",
value: constant("113003"),
});
var dup295 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709006"),
});
var dup296 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725011"),
});
var dup297 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105034"),
});
var dup298 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105034:01"),
});
var dup299 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305004"),
});
var dup300 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311004"),
});
var dup301 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400020"),
});
var dup302 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718005"),
});
var dup303 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750007"),
});
var dup304 = match({
dissect: {
tokenizer: "Rebuilt %{protocol} connection %{connectionid} for %{p0}",
field: "nwparser.payload",
},
});
var dup305 = linear_select([
match({
dissect: {
tokenizer: " faddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " foreign_address %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup306 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p2}",
field: "nwparser.p1",
},
});
var dup307 = linear_select([
match({
dissect: {
tokenizer: " gaddr %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " global_address %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup308 = match({
dissect: {
tokenizer: " %{hostip}/%{network_port} %{p4}",
field: "nwparser.p3",
},
});
var dup309 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " local_address %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup310 = match({
dissect: {
tokenizer: " %{daddr}/%{dport}",
field: "nwparser.p5",
},
});
var dup311 = set_field({
dest: "nwparser.msg_id1",
value: constant("302009:01"),
});
var dup312 = match({
dissect: {
tokenizer: "Rebuild connection for %{p0}",
field: "nwparser.payload",
},
});
var dup313 = set_field({
dest: "nwparser.msg_id1",
value: constant("302009"),
});
var dup314 = linear_select([
match({
dissect: {
tokenizer: " Received %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Receive %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup315 = match({
dissect: {
tokenizer: " invalid packet: %{result} from %{saddr}, %{interface}",
field: "nwparser.p0",
},
});
var dup316 = set_field({
dest: "nwparser.eventcategory",
value: constant("1703000000"),
});
var dup317 = set_field({
dest: "nwparser.msg_id1",
value: constant("409003"),
});
var dup318 = linear_select([
match({
dissect: {
tokenizer: " Adding %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Removing %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup319 = match({
dissect: {
tokenizer: " tracked route %{info}, distance %{dclass_counter1}, table %{filename}, on interface %{interface}",
field: "nwparser.p0",
},
});
var dup320 = set_field({
dest: "nwparser.msg_id1",
value: constant("622001"),
});
var dup321 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup322 = match({
dissect: {
tokenizer: " %{event_description}",
field: "nwparser.p0",
},
});
var dup323 = set_field({
dest: "nwparser.msg_id1",
value: constant("715049:01"),
});
var dup324 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup325 = set_field({
dest: "nwparser.msg_id1",
value: constant("715049"),
});
var dup326 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} serial number: %{serial_number}, subject name: %{cert_subject}, issuer name: %{dn}%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup327 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613030100"),
});
var dup328 = set_field({
dest: "nwparser.msg_id1",
value: constant("717009"),
});
var dup329 = linear_select([
match({
dissect: {
tokenizer: "IKEv1%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "IKEv2%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup330 = match({
dissect: {
tokenizer: " was successful at setting up a tunnel. Map Tag = %{fld1}. Map Sequence Number = %{fld2}.",
field: "nwparser.p0",
},
});
var dup331 = set_field({
dest: "nwparser.msg_id1",
value: constant("752016"),
});
var dup332 = linear_select([
match({
dissect: {
tokenizer: " Auth from %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Auth %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup333 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{daddr}/%{dport} failed (server %{hostip} failed) on interface %{sinterface}",
field: "nwparser.p0",
},
});
var dup334 = set_field({
dest: "nwparser.eventcategory",
value: constant("1303000000"),
});
var dup335 = set_field({
dest: "nwparser.msg_id1",
value: constant("109002"),
});
var dup336 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204000000"),
});
var dup337 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304006"),
});
var dup338 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1610000000"),
});
var dup339 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505006"),
});
var dup340 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("615002"),
});
var dup341 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613040200"),
});
var dup342 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713073"),
});
var dup343 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603010000"),
});
var dup344 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101004"),
});
var dup345 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313003"),
});
var dup346 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313003:01"),
});
var dup347 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324002"),
});
var dup348 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715075"),
});
var dup349 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401050200"),
});
var dup350 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307004"),
});
var dup351 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338305"),
});
var dup352 = match({
dissect: {
tokenizer: ", %{action}",
field: "nwparser.p0",
},
});
var dup353 = set_field({
dest: "nwparser.msg_id1",
value: constant("715063"),
});
var dup354 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718056"),
});
var dup355 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109023"),
});
var dup356 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109023:01"),
});
var dup357 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801020100"),
});
var dup358 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602301"),
});
var dup359 = match({
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{group_object} \u003e GroupPolicy \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup360 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld2}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup361 = match({
dissect: {
tokenizer: " \u003e No address available for SVC connection%{}",
field: "nwparser.p3",
},
});
var dup362 = set_field({
dest: "nwparser.msg_id1",
value: constant("722020"),
});
var dup363 = match({
dissect: {
tokenizer: "identity doesn't match negotiated identity %{p0}",
field: "nwparser.payload",
},
});
var dup364 = linear_select([
match({
dissect: {
tokenizer: " ip %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (ip) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup365 = match({
dissect: {
tokenizer: " dest_addr=%{daddr}, src_addr=%{saddr}, prot= %{protocol}, (ident) %{info}",
field: "nwparser.p1",
},
});
var dup366 = set_field({
dest: "nwparser.msg_id1",
value: constant("402103"),
});
var dup367 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201006"),
});
var dup368 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210003"),
});
var dup369 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603040000"),
});
var dup370 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213002"),
});
var dup371 = match({
dissect: {
tokenizer: "Built %{p0}",
field: "nwparser.payload",
},
});
var dup372 = linear_select([
match({
dissect: {
tokenizer: "backup%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "director%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup373 = match({
dissect: {
tokenizer: " stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{fld1}) to %{dinterface}:%{daddr}/%{dport} (%{fld2})",
field: "nwparser.p1",
},
});
var dup374 = set_field({
dest: "nwparser.msg_id1",
value: constant("302026"),
});
var dup375 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321001"),
});
var dup376 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321001:01"),
});
var dup377 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324007"),
});
var dup378 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1703000000"),
});
var dup379 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409011"),
});
var dup380 = match({
dissect: {
tokenizer: "Too many connections on %{p0}",
field: "nwparser.payload",
},
});
var dup381 = linear_select([
match({
dissect: {
tokenizer: " static %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " xlate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup382 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1} %{fld2}",
field: "nwparser.p1",
},
});
var dup383 = set_field({
dest: "nwparser.msg_id1",
value: constant("201002"),
});
var dup384 = match({
dissect: {
tokenizer: "Too many %{p0}",
field: "nwparser.payload",
},
});
var dup385 = linear_select([
match({
dissect: {
tokenizer: " TCP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " tcp %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup386 = match({
dissect: {
tokenizer: " connections on %{p2}",
field: "nwparser.p1",
},
});
var dup387 = linear_select([
match({
dissect: {
tokenizer: " static %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " xlate %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup388 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1} %{fld2}",
field: "nwparser.p3",
},
});
var dup389 = set_field({
dest: "nwparser.msg_id1",
value: constant("201002:01"),
});
var dup390 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713128"),
});
var dup391 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713128:01"),
});
var dup392 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713257"),
});
var dup393 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
});
var dup394 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} (seq number %{fld1}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup395 = set_field({
dest: "nwparser.msg_id1",
value: constant("715036:01"),
});
var dup396 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
});
var dup397 = set_field({
dest: "nwparser.msg_id1",
value: constant("715036"),
});
var dup398 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701010000"),
});
var dup399 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420004"),
});
var dup400 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}:%{info}",
field: "nwparser.p1",
},
});
var dup401 = set_field({
dest: "nwparser.msg_id1",
value: constant("713034"),
});
var dup402 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713034:01"),
});
var dup403 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("776252"),
});
var dup404 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("609001"),
});
var dup405 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400021"),
});
var dup406 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720062"),
});
var dup407 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752006"),
});
var dup408 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103007"),
});
var dup409 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504001:01"),
});
var dup410 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504001"),
});
var dup411 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{hostip}\u003e User ACL \u003c\u003c%{info}\u003e from AAA ignored, AV-PAIR ACL used instead",
field: "nwparser.p1",
},
});
var dup412 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204020000"),
});
var dup413 = set_field({
dest: "nwparser.msg_id1",
value: constant("113034"),
});
var dup414 = match({
dissect: {
tokenizer: "SSH login session failed from %{saddr} on (%{fld1} attempts) on interface %{interface} by user %{p0}",
field: "nwparser.payload",
},
});
var dup415 = set_field({
dest: "nwparser.msg_id1",
value: constant("315003"),
});
var dup416 = match({
dissect: {
tokenizer: "SSH login session failed from %{saddr}(%{fld1} attempts) on interface %{interface} by user %{p0}",
field: "nwparser.payload",
},
});
var dup417 = linear_select([
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup418 = set_field({
dest: "nwparser.msg_id1",
value: constant("315003:01"),
});
var dup419 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("616001:01"),
});
var dup420 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("616001"),
});
var dup421 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup422 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} for peer %{peer}. Reason: %{result} %{info}",
field: "nwparser.p0",
},
});
var dup423 = set_field({
dest: "nwparser.msg_id1",
value: constant("713050"),
});
var dup424 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("316001"),
});
var dup425 = match({
dissect: {
tokenizer: "Cannot %{p0}",
field: "nwparser.payload",
},
});
var dup426 = linear_select([
match({
dissect: {
tokenizer: " create %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "creat %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup427 = match({
dissect: {
tokenizer: " more isakmp peers, exceeding the limit of %{fld1} peers",
field: "nwparser.p1",
},
});
var dup428 = set_field({
dest: "nwparser.msg_id1",
value: constant("316001:01"),
});
var dup429 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113022"),
});
var dup430 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801030000"),
});
var dup431 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302002"),
});
var dup432 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302002:01"),
});
var dup433 = linear_select([
match({
dissect: {
tokenizer: "backup%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "director%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "forwarder%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup434 = set_field({
dest: "nwparser.msg_id1",
value: constant("302024"),
});
var dup435 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713127"),
});
var dup436 = match({
dissect: {
tokenizer: ",%{info}",
field: "nwparser.p0",
},
});
var dup437 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701030000"),
});
var dup438 = set_field({
dest: "nwparser.msg_id1",
value: constant("713213"),
});
var dup439 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718072"),
});
var dup440 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107002"),
});
var dup441 = linear_select([
match({
dissect: {
tokenizer: " Authentication: successful, group = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup442 = match({
dissect: {
tokenizer: " \u003c\u003c%{group}\u003e %{p1}",
field: "nwparser.p0",
},
});
var dup443 = linear_select([
match({
dissect: {
tokenizer: " User %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " user = %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup444 = match({
dissect: {
tokenizer: " %{p3}",
field: "nwparser.p2",
},
});
var dup445 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{username}\u003e %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup446 = match({
dissect: {
tokenizer: " %{p5}",
field: "nwparser.p4",
},
});
var dup447 = linear_select([
match({
dissect: {
tokenizer: " IP = %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " IP %{p6}",
field: "nwparser.p5",
},
}),
]);
var dup448 = match({
dissect: {
tokenizer: " \u003c\u003c%{saddr}\u003e%{p7}",
field: "nwparser.p6",
},
});
var dup449 = linear_select([
match({
dissect: {
tokenizer: " , Session Type %{p8}",
field: "nwparser.p7",
},
}),
match({
dissect: {
tokenizer: " %{space}Authentication: successful, Session Type %{p8}",
field: "nwparser.p7",
},
}),
]);
var dup450 = match({
dissect: {
tokenizer: ": %{network_service}",
field: "nwparser.p8",
},
});
var dup451 = set_field({
dest: "nwparser.msg_id1",
value: constant("716038"),
});
var dup452 = match({
dissect: {
tokenizer: " %{p2}",
field: "nwparser.p1",
},
});
var dup453 = linear_select([
match({
dissect: {
tokenizer: " permitted %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " monitored %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup454 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup455 = set_field({
dest: "nwparser.msg_id1",
value: constant("338003"),
});
var dup456 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402117"),
});
var dup457 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714003"),
});
var dup458 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715041"),
});
var dup459 = match({
dissect: {
tokenizer: "(%{context}) Mate license (%{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup460 = linear_select([
match({
dissect: {
tokenizer: " Contexts %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " contexts %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Enabled %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup461 = match({
dissect: {
tokenizer: ") is not compatible with my license (%{fld2} %{p2}",
field: "nwparser.p1",
},
});
var dup462 = linear_select([
match({
dissect: {
tokenizer: " Contexts %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " contexts %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " Disabled %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup463 = match({
dissect: {
tokenizer: ").%{}",
field: "nwparser.p3",
},
});
var dup464 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702030000"),
});
var dup465 = set_field({
dest: "nwparser.msg_id1",
value: constant("105045"),
});
var dup466 = match({
dissect: {
tokenizer: "User %{p0}",
field: "nwparser.payload",
},
});
var dup467 = match({
dissect: {
tokenizer: " executed %{p2}",
field: "nwparser.p1",
},
});
var dup468 = linear_select([
match({
dissect: {
tokenizer: " the command %{action} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " the '%{action}' command %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup469 = set_field({
dest: "nwparser.msg_id1",
value: constant("111008"),
});
var dup470 = match({
dissect: {
tokenizer: "Parsing downloaded ACL: WARNING: %{p0}",
field: "nwparser.payload",
},
});
var dup471 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{listnum}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{listnum}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{listnum} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup472 = match({
dissect: {
tokenizer: " %{result}",
field: "nwparser.p1",
},
});
var dup473 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501050100"),
});
var dup474 = set_field({
dest: "nwparser.msg_id1",
value: constant("109029"),
});
var dup475 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1501050100"),
});
var dup476 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109029:01"),
});
var dup477 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604104"),
});
var dup478 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup479 = match({
dissect: {
tokenizer: " %{action}:%{info}",
field: "nwparser.p0",
},
});
var dup480 = set_field({
dest: "nwparser.msg_id1",
value: constant("715064"),
});
var dup481 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717026"),
});
var dup482 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718022"),
});
var dup483 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801030100"),
});
var dup484 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722047"),
});
var dup485 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750006"),
});
var dup486 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204020000"),
});
var dup487 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713203"),
});
var dup488 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409002"),
});
var dup489 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1801010000"),
});
var dup490 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409005"),
});
var dup491 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409009"),
});
var dup492 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713122"),
});
var dup493 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717024"),
});
var dup494 = match({
dissect: {
tokenizer: "IP %{p0}",
field: "nwparser.payload",
},
});
var dup495 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{fld1}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup496 = match({
dissect: {
tokenizer: " %{event_description}.",
field: "nwparser.p1",
},
});
var dup497 = set_field({
dest: "nwparser.msg_id1",
value: constant("722001"),
});
var dup498 = match({
dissect: {
tokenizer: " \u003e %{p4}",
field: "nwparser.p3",
},
});
var dup499 = linear_select([
match({
dissect: {
tokenizer: " TCP SVC %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " UDP SVC %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " SVC %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup500 = match({
dissect: {
tokenizer: " connection established %{p6}",
field: "nwparser.p5",
},
});
var dup501 = linear_select([
match({
dissect: {
tokenizer: " without %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " with %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup502 = match({
dissect: {
tokenizer: " %{obj_type} compression",
field: "nwparser.p7",
},
});
var dup503 = set_field({
dest: "nwparser.msg_id1",
value: constant("722022"),
});
var dup504 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("401001"),
});
var dup505 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710006"),
});
var dup506 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303004"),
});
var dup507 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not a recognized %{p0}",
field: "nwparser.payload",
},
});
var dup508 = linear_select([
match({
dissect: {
tokenizer: " type. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " type %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup509 = set_field({
dest: "nwparser.msg_id1",
value: constant("413003"),
});
var dup510 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, Pitcher: %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup511 = match({
dissect: {
tokenizer: " %{action}, spi %{dst_spi}",
field: "nwparser.p0",
},
});
var dup512 = set_field({
dest: "nwparser.msg_id1",
value: constant("715077"),
});
var dup513 = match({
dissect: {
tokenizer: "Pitcher: %{result} %{p0}",
field: "nwparser.payload",
},
});
var dup514 = linear_select([
match({
dissect: {
tokenizer: " , spi %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " spi %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup515 = match({
dissect: {
tokenizer: " %{dst_spi}",
field: "nwparser.p1",
},
});
var dup516 = set_field({
dest: "nwparser.msg_id1",
value: constant("715077:01"),
});
var dup517 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318003"),
});
var dup518 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 %{p0}",
field: "nwparser.payload",
},
});
var dup519 = linear_select([
match({
dissect: {
tokenizer: " deleted %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " delete %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup520 = match({
dissect: {
tokenizer: " received (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup521 = set_field({
dest: "nwparser.msg_id1",
value: constant("702201:01"),
});
var dup522 = match({
dissect: {
tokenizer: " received (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup523 = set_field({
dest: "nwparser.msg_id1",
value: constant("702201"),
});
var dup524 = set_field({
dest: "nwparser.msg_id1",
value: constant("713218"),
});
var dup525 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318001"),
});
var dup526 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{p2}",
field: "nwparser.p1",
},
});
var dup527 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} for client address: %{fld1} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup528 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701010000"),
});
var dup529 = set_field({
dest: "nwparser.msg_id1",
value: constant("713204"),
});
var dup530 = match({
dissect: {
tokenizer: " WebVPN Unable to create session%{}",
field: "nwparser.p1",
},
});
var dup531 = set_field({
dest: "nwparser.msg_id1",
value: constant("716007"),
});
var dup532 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401060000"),
});
var dup533 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746012"),
});
var dup534 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746012:01"),
});
var dup535 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup536 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{result}",
field: "nwparser.p0",
},
});
var dup537 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805000000"),
});
var dup538 = set_field({
dest: "nwparser.msg_id1",
value: constant("713171"),
});
var dup539 = match({
dissect: {
tokenizer: "CRYPTO: The ASA is skipping the writing of latest Crypto Archive File as the maximum # of files (%{fld2}) allowed have been written to %{p0}",
field: "nwparser.payload",
},
});
var dup540 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{filename}\u003e %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{filename}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{filename} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup541 = match({
dissect: {
tokenizer: ". Please archive \u0026 remove files from %{fld3} if you want more Crypto Archive Files saved",
field: "nwparser.p1",
},
});
var dup542 = set_field({
dest: "nwparser.msg_id1",
value: constant("402127"),
});
var dup543 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611317"),
});
var dup544 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("701002"),
});
var dup545 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105044"),
});
var dup546 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737013"),
});
var dup547 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109010"),
});
var dup548 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("214001"),
});
var dup549 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup550 = set_field({
dest: "nwparser.msg_id1",
value: constant("338001"),
});
var dup551 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105003"),
});
var dup552 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} session terminated: %{result}",
field: "nwparser.p1",
},
});
var dup553 = set_field({
dest: "nwparser.msg_id1",
value: constant("716002"),
});
var dup554 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737012"),
});
var dup555 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737012:01"),
});
var dup556 = match({
dissect: {
tokenizer: "Address %{hostip} (%{web_domain}) %{p0}",
field: "nwparser.payload",
},
});
var dup557 = linear_select([
match({
dissect: {
tokenizer: " timed out. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " timed out, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup558 = match({
dissect: {
tokenizer: " Removing rule%{}",
field: "nwparser.p1",
},
});
var dup559 = set_field({
dest: "nwparser.msg_id1",
value: constant("338303"),
});
var dup560 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444109"),
});
var dup561 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324005"),
});
var dup562 = match({
dissect: {
tokenizer: "Orderly reload started at %{fld1} by %{p0}",
field: "nwparser.payload",
},
});
var dup563 = linear_select([
match({
dissect: {
tokenizer: " %{username} from %{protocol} (remote %{saddr})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup564 = match({
dissect: {
tokenizer: ". Reload reason: %{result}",
field: "nwparser.p1",
},
});
var dup565 = set_field({
dest: "nwparser.msg_id1",
value: constant("199006"),
});
var dup566 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1803020000"),
});
var dup567 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313001"),
});
var dup568 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500002"),
});
var dup569 = match({
dissect: {
tokenizer: "%{service} daemon: Login %{p0}",
field: "nwparser.payload",
},
});
var dup570 = linear_select([
match({
dissect: {
tokenizer: " failed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " failure %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup571 = match({
dissect: {
tokenizer: " from %{saddr} for user %{p2}",
field: "nwparser.p1",
},
});
var dup572 = linear_select([
match({
dissect: {
tokenizer: " \"%{username}\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup573 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401030000"),
});
var dup574 = set_field({
dest: "nwparser.msg_id1",
value: constant("605003"),
});
var dup575 = match({
dissect: {
tokenizer: "%{action} : reason = %{result} : server = %{hostip} : user = %{p0}",
field: "nwparser.payload",
},
});
var dup576 = set_field({
dest: "nwparser.msg_id1",
value: constant("113016"),
});
var dup577 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752003"),
});
var dup578 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Session is being torn down. Reason: %{result}",
field: "nwparser.p1",
},
});
var dup579 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030000"),
});
var dup580 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259"),
});
var dup581 = match({
dissect: {
tokenizer: ", Session is being torn down. Reason: %{result}",
field: "nwparser.p0",
},
});
var dup582 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259:01"),
});
var dup583 = set_field({
dest: "nwparser.msg_id1",
value: constant("713259:02"),
});
var dup584 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400009"),
});
var dup585 = match({
dissect: {
tokenizer: "User priv level changed: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup586 = match({
dissect: {
tokenizer: " From: %{fld1} To: %{fld2}",
field: "nwparser.p1",
},
});
var dup587 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020300"),
});
var dup588 = set_field({
dest: "nwparser.msg_id1",
value: constant("502103"),
});
var dup589 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602302"),
});
var dup590 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305003"),
});
var dup591 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305003:01"),
});
var dup592 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505003"),
});
var dup593 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313004"),
});
var dup594 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313004:01"),
});
var dup595 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213001"),
});
var dup596 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400008"),
});
var dup597 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020200"),
});
var dup598 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400030"),
});
var dup599 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113020"),
});
var dup600 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199909"),
});
var dup601 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210008"),
});
var dup602 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application reloading \"%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips, application reloading \"%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup603 = match({
dissect: {
tokenizer: "%{application}\", %{info}",
field: "nwparser.p0",
},
});
var dup604 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702010000"),
});
var dup605 = set_field({
dest: "nwparser.msg_id1",
value: constant("505013"),
});
var dup606 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718015"),
});
var dup607 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715071"),
});
var dup608 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717041"),
});
var dup609 = match({
dissect: {
tokenizer: "AAA retrieved user specific group policy %{p0}",
field: "nwparser.payload",
},
});
var dup610 = linear_select([
match({
dissect: {
tokenizer: " (%{policyname}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{policyname} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup611 = match({
dissect: {
tokenizer: " for user = %{p2}",
field: "nwparser.p1",
},
});
var dup612 = set_field({
dest: "nwparser.msg_id1",
value: constant("113011"),
});
var dup613 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("326001"),
});
var dup614 = linear_select([
match({
dissect: {
tokenizer: " Shun added: %{result} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Shuns added %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup615 = set_field({
dest: "nwparser.msg_id1",
value: constant("401002"),
});
var dup616 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718051"),
});
var dup617 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1} experienced a data channel communication failure, data channel is DOWN%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips experienced a data channel communication failure, data channel is DOWN%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup618 = set_field({
dest: "nwparser.msg_id1",
value: constant("323006"),
});
var dup619 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737006"),
});
var dup620 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737006:01"),
});
var dup621 = match({
dissect: {
tokenizer: "Begin configuration: %{p0}",
field: "nwparser.payload",
},
});
var dup622 = linear_select([
match({
dissect: {
tokenizer: " Console %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " console %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup623 = match({
dissect: {
tokenizer: " reading from %{device}",
field: "nwparser.p1",
},
});
var dup624 = set_field({
dest: "nwparser.msg_id1",
value: constant("111007"),
});
var dup625 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1608000000"),
});
var dup626 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421006"),
});
var dup627 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720028"),
});
var dup628 = match({
dissect: {
tokenizer: "Unable to install ACL '%{listnum}', downloaded for user %{p0}",
field: "nwparser.payload",
},
});
var dup629 = match({
dissect: {
tokenizer: "; Error in ACE: '%{result}'",
field: "nwparser.p1",
},
});
var dup630 = set_field({
dest: "nwparser.msg_id1",
value: constant("109032"),
});
var dup631 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318007"),
});
var dup632 = match({
dissect: {
tokenizer: " %{p2}",
field: "nwparser.p1",
},
});
var dup633 = linear_select([
match({
dissect: {
tokenizer: " action %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " monitored %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup634 = match({
dissect: {
tokenizer: " whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{hostip} resolved from %{listnum} list: %{info}",
field: "nwparser.p3",
},
});
var dup635 = set_field({
dest: "nwparser.msg_id1",
value: constant("338104"),
});
var dup636 = match({
dissect: {
tokenizer: "Login denied from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service} for user %{p0}",
field: "nwparser.payload",
},
});
var dup637 = set_field({
dest: "nwparser.msg_id1",
value: constant("605004"),
});
var dup638 = match({
dissect: {
tokenizer: "%{action} for user %{p0}",
field: "nwparser.payload",
},
});
var dup639 = set_field({
dest: "nwparser.msg_id1",
value: constant("605004:01"),
});
var dup640 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302304"),
});
var dup641 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199907"),
});
var dup642 = linear_select([
match({
dissect: {
tokenizer: " LEAVING %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Leaving %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup643 = match({
dissect: {
tokenizer: " ALLOW mode, URL Server%{}",
field: "nwparser.p0",
},
});
var dup644 = set_field({
dest: "nwparser.msg_id1",
value: constant("304008"),
});
var dup645 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400035"),
});
var dup646 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713222"),
});
var dup647 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120008"),
});
var dup648 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{dst_spi}, sequence number= %{fld2}) from %{saddr} %{p0}",
field: "nwparser.payload",
},
});
var dup649 = match({
dissect: {
tokenizer: " to %{daddr} that failed anti-replay checking.",
field: "nwparser.p1",
},
});
var dup650 = set_field({
dest: "nwparser.msg_id1",
value: constant("402119"),
});
var dup651 = match({
dissect: {
tokenizer: "ISAKMP session %{p0}",
field: "nwparser.payload",
},
});
var dup652 = linear_select([
match({
dissect: {
tokenizer: " connected %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " connect %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup653 = match({
dissect: {
tokenizer: " (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup654 = set_field({
dest: "nwparser.msg_id1",
value: constant("602202:01"),
});
var dup655 = match({
dissect: {
tokenizer: " (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup656 = set_field({
dest: "nwparser.msg_id1",
value: constant("602202"),
});
var dup657 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} session started",
field: "nwparser.p1",
},
});
var dup658 = set_field({
dest: "nwparser.msg_id1",
value: constant("716001"),
});
var dup659 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("337009"),
});
var dup660 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321002"),
});
var dup661 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323001"),
});
var dup662 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1611000000"),
});
var dup663 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505001"),
});
var dup664 = match({
dissect: {
tokenizer: "Group = %{group}, %{p0}",
field: "nwparser.payload",
},
});
var dup665 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup666 = match({
dissect: {
tokenizer: ", %{action}",
field: "nwparser.p1",
},
});
var dup667 = set_field({
dest: "nwparser.msg_id1",
value: constant("715022"),
});
var dup668 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746016"),
});
var dup669 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105011"),
});
var dup670 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505004"),
});
var dup671 = set_field({
dest: "nwparser.msg_id1",
value: constant("713035"),
});
var dup672 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713035:01"),
});
var dup673 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e SVC Session Termination:%{info}",
field: "nwparser.p1",
},
});
var dup674 = set_field({
dest: "nwparser.msg_id1",
value: constant("722030"),
});
var dup675 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304007"),
});
var dup676 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("203001"),
});
var dup677 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400018"),
});
var dup678 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722005"),
});
var dup679 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737014"),
});
var dup680 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601000000"),
});
var dup681 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103005"),
});
var dup682 = set_field({
dest: "nwparser.msg_id1",
value: constant("715048"),
});
var dup683 = set_field({
dest: "nwparser.msg_id1",
value: constant("722029"),
});
var dup684 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("769001"),
});
var dup685 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701060000"),
});
var dup686 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611318"),
});
var dup687 = match({
dissect: {
tokenizer: "Unable to %{p0}",
field: "nwparser.payload",
},
});
var dup688 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocate %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup689 = match({
dissect: {
tokenizer: " %{service} Call Signalling Connection for %{p2}",
field: "nwparser.p1",
},
});
var dup690 = linear_select([
match({
dissect: {
tokenizer: " foreign_address %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " faddr %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup691 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup692 = match({
dissect: {
tokenizer: " to %{p6}",
field: "nwparser.p5",
},
});
var dup693 = linear_select([
match({
dissect: {
tokenizer: " local_address %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " laddr %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup694 = match({
dissect: {
tokenizer: " %{p8}",
field: "nwparser.p7",
},
});
var dup695 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p9}",
field: "nwparser.p8",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p9}",
field: "nwparser.p8",
},
}),
]);
var dup696 = set_field({
dest: "nwparser.msg_id1",
value: constant("405101"),
});
var dup697 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702207"),
});
var dup698 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702207:01"),
});
var dup699 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713123:01"),
});
var dup700 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713123"),
});
var dup701 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400019"),
});
var dup702 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710001"),
});
var dup703 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213004"),
});
var dup704 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}:%{info}",
field: "nwparser.p1",
},
});
var dup705 = set_field({
dest: "nwparser.msg_id1",
value: constant("713025"),
});
var dup706 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713025:01"),
});
var dup707 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713170"),
});
var dup708 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718045"),
});
var dup709 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721001"),
});
var dup710 = match({
dissect: {
tokenizer: "DCERPC %{p0}",
field: "nwparser.payload",
},
});
var dup711 = linear_select([
match({
dissect: {
tokenizer: " unknown %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " request %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup712 = match({
dissect: {
tokenizer: " non-standard major version %{version} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, %{result}",
field: "nwparser.p1",
},
});
var dup713 = set_field({
dest: "nwparser.msg_id1",
value: constant("508001"),
});
var dup714 = match({
dissect: {
tokenizer: "L2TP Tunnel %{p0}",
field: "nwparser.payload",
},
});
var dup715 = linear_select([
match({
dissect: {
tokenizer: " deleted, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " deleted %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup716 = match({
dissect: {
tokenizer: " tunnel_id = %{fld1} remote_peer_ip =%{saddr}",
field: "nwparser.p1",
},
});
var dup717 = set_field({
dest: "nwparser.msg_id1",
value: constant("603107"),
});
var dup718 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611310"),
});
var dup719 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702301"),
});
var dup720 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106100"),
});
var dup721 = match({
dissect: {
tokenizer: "access-list %{listnum} %{p0}",
field: "nwparser.payload",
},
});
var dup722 = linear_select([
match({
dissect: {
tokenizer: " est-allowed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " permitted %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup723 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport})(%{domain}\\%{username}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup724 = linear_select([
match({
dissect: {
tokenizer: "(%{dport})(%{fld7})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup725 = match({
dissect: {
tokenizer: " hit-cnt %{dclass_counter1} %{fld6}",
field: "nwparser.p3",
},
});
var dup726 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:01"),
});
var dup727 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport})(%{fld5}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup728 = linear_select([
match({
dissect: {
tokenizer: "(%{dport})(%{domain}\\%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})(%{fld7})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{dport})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup729 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:02"),
});
var dup730 = match({
dissect: {
tokenizer: " %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}%{p2}",
field: "nwparser.p1",
},
});
var dup731 = set_field({
dest: "nwparser.msg_id1",
value: constant("106100:03"),
});
var dup732 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("412001"),
});
var dup733 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505014"),
});
var dup734 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307002"),
});
var dup735 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:07"),
});
var dup736 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup737 = linear_select([
match({
dissect: {
tokenizer: "%{stransport})(%{domain}\\%{fld3})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{stransport}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup738 = match({
dissect: {
tokenizer: "to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) %{p2}",
field: "nwparser.p1",
},
});
var dup739 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup740 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013"),
});
var dup741 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) to %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) %{p0}",
field: "nwparser.payload",
},
});
var dup742 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup743 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:01"),
});
var dup744 = linear_select([
match({
dissect: {
tokenizer: "%{stransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{stransport}) %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup745 = match({
dissect: {
tokenizer: " to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.p1",
},
});
var dup746 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:02"),
});
var dup747 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{p0}",
field: "nwparser.payload",
},
});
var dup748 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}:%{fld1} :%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface} :%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup749 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}) to %{p2}",
field: "nwparser.p1",
},
});
var dup750 = linear_select([
match({
dissect: {
tokenizer: "%{sinterface}:%{fld2}:%{saddr}/%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup751 = match({
dissect: {
tokenizer: "%{sport} (%{stransaddr}/%{stransport})",
field: "nwparser.p3",
},
});
var dup752 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:03"),
});
var dup753 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:04"),
});
var dup754 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:05"),
});
var dup755 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface} :%{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup756 = linear_select([
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup757 = match({
dissect: {
tokenizer: " to %{p2}",
field: "nwparser.p1",
},
});
var dup758 = set_field({
dest: "nwparser.msg_id1",
value: constant("302013:06"),
});
var dup759 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:09"),
});
var dup760 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302013:08"),
});
var dup761 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1701030000"),
});
var dup762 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444005"),
});
var dup763 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713107"),
});
var dup764 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720025"),
});
var dup765 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Unable%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Unable%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup766 = match({
dissect: {
tokenizer: " to remove %{saddr} from standby: %{result}",
field: "nwparser.p1",
},
});
var dup767 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604000000"),
});
var dup768 = set_field({
dest: "nwparser.msg_id1",
value: constant("737032"),
});
var dup769 = linear_select([
match({
dissect: {
tokenizer: " PIX reload %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Reload %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup770 = match({
dissect: {
tokenizer: " command executed from %{p1}",
field: "nwparser.p0",
},
});
var dup771 = linear_select([
match({
dissect: {
tokenizer: " %{process} (remote %{hostip}). %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{hostip}. %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup772 = set_field({
dest: "nwparser.msg_id1",
value: constant("199001:01"),
});
var dup773 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199001"),
});
var dup774 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400000"),
});
var dup775 = match({
dissect: {
tokenizer: " session number %{sessionid} from %{hostip} ended",
field: "nwparser.p0",
},
});
var dup776 = set_field({
dest: "nwparser.msg_id1",
value: constant("606002"),
});
var dup777 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713074"),
});
var dup778 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr} , %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup779 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{fld1} to %{fld2} kbs %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup780 = set_field({
dest: "nwparser.msg_id1",
value: constant("713076"),
});
var dup781 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722006"),
});
var dup782 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108002"),
});
var dup783 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405104"),
});
var dup784 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420003"),
});
var dup785 = match({
dissect: {
tokenizer: "ISAKMP Phase 2 %{p0}",
field: "nwparser.payload",
},
});
var dup786 = linear_select([
match({
dissect: {
tokenizer: " retransmission %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " retransmit %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup787 = set_field({
dest: "nwparser.msg_id1",
value: constant("702205:01"),
});
var dup788 = set_field({
dest: "nwparser.msg_id1",
value: constant("702205"),
});
var dup789 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup790 = match({
dissect: {
tokenizer: " %{event_description}",
field: "nwparser.p0",
},
});
var dup791 = set_field({
dest: "nwparser.msg_id1",
value: constant("715076"),
});
var dup792 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("726001"),
});
var dup793 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733102"),
});
var dup794 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020300"),
});
var dup795 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400048"),
});
var dup796 = match({
dissect: {
tokenizer: "%{action} : reason = %{result} : local database : user = %{p0}",
field: "nwparser.payload",
},
});
var dup797 = linear_select([
match({
dissect: {
tokenizer: "%{username} : user IP = %{saddr}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup798 = set_field({
dest: "nwparser.msg_id1",
value: constant("113015"),
});
var dup799 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("216005"),
});
var dup800 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403107"),
});
var dup801 = match({
dissect: {
tokenizer: "Dropped UDP DNS %{p0}",
field: "nwparser.payload",
},
});
var dup802 = linear_select([
match({
dissect: {
tokenizer: " reply %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " request %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup803 = match({
dissect: {
tokenizer: " from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{p2}",
field: "nwparser.p1",
},
});
var dup804 = linear_select([
match({
dissect: {
tokenizer: " packet %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " label %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " domain-name %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " compression pointer %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup805 = match({
dissect: {
tokenizer: " length %{bytes} bytes exceeds %{p4}",
field: "nwparser.p3",
},
});
var dup806 = linear_select([
match({
dissect: {
tokenizer: "remaining packet length %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " configured %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " protocol %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " packet length %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup807 = match({
dissect: {
tokenizer: " limit of %{fld2} bytes",
field: "nwparser.p5",
},
});
var dup808 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010000"),
});
var dup809 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001"),
});
var dup810 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport}; %{p2}",
field: "nwparser.p1",
},
});
var dup811 = linear_select([
match({
dissect: {
tokenizer: " packet %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " label %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup812 = linear_select([
match({
dissect: {
tokenizer: " configured %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " protocol %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup813 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001:02"),
});
var dup814 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("410001:03"),
});
var dup815 = match({
dissect: {
tokenizer: "UDP DNS packet dropped due to %{p0}",
field: "nwparser.payload",
},
});
var dup816 = linear_select([
match({
dissect: {
tokenizer: " compression %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " domainname %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " label %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " packet %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup817 = match({
dissect: {
tokenizer: " length check of %{bytes} bytes: actual length:%{fld11} bytes",
field: "nwparser.p1",
},
});
var dup818 = set_field({
dest: "nwparser.msg_id1",
value: constant("410001:01"),
});
var dup819 = match({
dissect: {
tokenizer: "Line protocol on Interface %{interface} %{p0}",
field: "nwparser.payload",
},
});
var dup820 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup821 = set_field({
dest: "nwparser.msg_id1",
value: constant("411001"),
});
var dup822 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604101"),
});
var dup823 = match({
dissect: {
tokenizer: "ISAKMP Phase 2 exchange %{p0}",
field: "nwparser.payload",
},
});
var dup824 = linear_select([
match({
dissect: {
tokenizer: " started %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " start %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup825 = set_field({
dest: "nwparser.msg_id1",
value: constant("702209:01"),
});
var dup826 = set_field({
dest: "nwparser.msg_id1",
value: constant("702209"),
});
var dup827 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106015"),
});
var dup828 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106015:01"),
});
var dup829 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}",
field: "nwparser.p1",
},
});
var dup830 = set_field({
dest: "nwparser.msg_id1",
value: constant("713131"),
});
var dup831 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713131:01"),
});
var dup832 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105004"),
});
var dup833 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("301001"),
});
var dup834 = match({
dissect: {
tokenizer: "User deleted from local dbase: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup835 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402020100"),
});
var dup836 = set_field({
dest: "nwparser.msg_id1",
value: constant("502102"),
});
var dup837 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613002"),
});
var dup838 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617004"),
});
var dup839 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720002"),
});
var dup840 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101005"),
});
var dup841 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722025"),
});
var dup842 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400029"),
});
var dup843 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710007"),
});
var dup844 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715033"),
});
var dup845 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717037"),
});
var dup846 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("507001"),
});
var dup847 = match({
dissect: {
tokenizer: ", running '%{fld1}' from IP %{saddr}, executed '%{action}'",
field: "nwparser.p1",
},
});
var dup848 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401040000"),
});
var dup849 = set_field({
dest: "nwparser.msg_id1",
value: constant("111010"),
});
var dup850 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212002"),
});
var dup851 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400047"),
});
var dup852 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} access GRANTED: %{url}",
field: "nwparser.p1",
},
});
var dup853 = set_field({
dest: "nwparser.msg_id1",
value: constant("716003"),
});
var dup854 = linear_select([
match({
dissect: {
tokenizer: " Console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " console %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup855 = match({
dissect: {
tokenizer: " end configuration: %{disposition}",
field: "nwparser.p0",
},
});
var dup856 = set_field({
dest: "nwparser.msg_id1",
value: constant("111004"),
});
var dup857 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199004"),
});
var dup858 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1604010000"),
});
var dup859 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311002"),
});
var dup860 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717006"),
});
var dup861 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603030000"),
});
var dup862 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105035"),
});
var dup863 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500003"),
});
var dup864 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210006"),
});
var dup865 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402123"),
});
var dup866 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{hostip}\u003e Secure Desktop Results: %{info}",
field: "nwparser.p1",
},
});
var dup867 = set_field({
dest: "nwparser.eventcategory",
value: constant("1704010000"),
});
var dup868 = set_field({
dest: "nwparser.msg_id1",
value: constant("724004"),
});
var dup869 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737005"),
});
var dup870 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005"),
});
var dup871 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:01"),
});
var dup872 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:02"),
});
var dup873 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305005:03"),
});
var dup874 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415014"),
});
var dup875 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302022"),
});
var dup876 = match({
dissect: {
tokenizer: " stub %{protocol} connection for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.p1",
},
});
var dup877 = set_field({
dest: "nwparser.msg_id1",
value: constant("302022:01"),
});
var dup878 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("315005"),
});
var dup879 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713149"),
});
var dup880 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, DHCP%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " DHCP%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup881 = match({
dissect: {
tokenizer: " request attempt %{dclass_counter1} succeeded",
field: "nwparser.p1",
},
});
var dup882 = set_field({
dest: "nwparser.msg_id1",
value: constant("737017"),
});
var dup883 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201012"),
});
var dup884 = match({
dissect: {
tokenizer: " executed cmd:%{action}",
field: "nwparser.p1",
},
});
var dup885 = set_field({
dest: "nwparser.msg_id1",
value: constant("111009"),
});
var dup886 = match({
dissect: {
tokenizer: "Unable to open AAA session. Session limit %{p0}",
field: "nwparser.payload",
},
});
var dup887 = linear_select([
match({
dissect: {
tokenizer: " %{fld1} reached. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " reached. %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup888 = set_field({
dest: "nwparser.msg_id1",
value: constant("113001:01"),
});
var dup889 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113001"),
});
var dup890 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("416001"),
});
var dup891 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1301000000"),
});
var dup892 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611311"),
});
var dup893 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111002"),
});
var dup894 = match({
dissect: {
tokenizer: "Line protocol on %{p0}",
field: "nwparser.payload",
},
});
var dup895 = linear_select([
match({
dissect: {
tokenizer: " Interface %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " interface %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup896 = match({
dissect: {
tokenizer: " %{interface} %{p2}",
field: "nwparser.p1",
},
});
var dup897 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup898 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603030000"),
});
var dup899 = set_field({
dest: "nwparser.msg_id1",
value: constant("411002"),
});
var dup900 = set_field({
dest: "nwparser.msg_id1",
value: constant("702204:01"),
});
var dup901 = set_field({
dest: "nwparser.msg_id1",
value: constant("702204"),
});
var dup902 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715060"),
});
var dup903 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("216001"),
});
var dup904 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106018"),
});
var dup905 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302023"),
});
var dup906 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302023:01"),
});
var dup907 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("332003"),
});
var dup908 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104001"),
});
var dup909 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104001:01"),
});
var dup910 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup911 = set_field({
dest: "nwparser.msg_id1",
value: constant("338002"),
});
var dup912 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403502"),
});
var dup913 = match({
dissect: {
tokenizer: "SSL server %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport} requesting our device certificate for %{p0}",
field: "nwparser.payload",
},
});
var dup914 = linear_select([
match({
dissect: {
tokenizer: "authentication.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "authentication%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup915 = set_field({
dest: "nwparser.msg_id1",
value: constant("725005:01"),
});
var dup916 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725005"),
});
var dup917 = linear_select([
match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid} Local pool request failed for tunnel-group '%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "%{process} Local pool request failed for tunnel-group '%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup918 = set_field({
dest: "nwparser.msg_id1",
value: constant("737007"),
});
var dup919 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305012:02"),
});
var dup920 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup921 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld51}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup922 = set_field({
dest: "nwparser.msg_id1",
value: constant("305012"),
});
var dup923 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup924 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}(%{fld52}):%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface}:%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup925 = set_field({
dest: "nwparser.msg_id1",
value: constant("305012:01"),
});
var dup926 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1} data channel communication is %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips data channel communication is %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup927 = linear_select([
match({
dissect: {
tokenizer: "UP.%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "UP%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup928 = set_field({
dest: "nwparser.msg_id1",
value: constant("505011"),
});
var dup929 = match({
dissect: {
tokenizer: "Authentication failed for user %{p0}",
field: "nwparser.payload",
},
});
var dup930 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.p1",
},
});
var dup931 = set_field({
dest: "nwparser.msg_id1",
value: constant("109006"),
});
var dup932 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302303"),
});
var dup933 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322001"),
});
var dup934 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402106"),
});
var dup935 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101003"),
});
var dup936 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304003"),
});
var dup937 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305011:02"),
});
var dup938 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup939 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup940 = set_field({
dest: "nwparser.msg_id1",
value: constant("305011"),
});
var dup941 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup942 = set_field({
dest: "nwparser.msg_id1",
value: constant("305011:01"),
});
var dup943 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713020"),
});
var dup944 = match({
dissect: {
tokenizer: " \u003e DTLS disabled: %{info}",
field: "nwparser.p3",
},
});
var dup945 = set_field({
dest: "nwparser.msg_id1",
value: constant("722043"),
});
var dup946 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("211003"),
});
var dup947 = match({
dissect: {
tokenizer: "ISAKMP DPD %{p0}",
field: "nwparser.payload",
},
});
var dup948 = linear_select([
match({
dissect: {
tokenizer: " timed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " time %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup949 = match({
dissect: {
tokenizer: " out (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup950 = set_field({
dest: "nwparser.msg_id1",
value: constant("702203:01"),
});
var dup951 = match({
dissect: {
tokenizer: " out (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup952 = set_field({
dest: "nwparser.msg_id1",
value: constant("702203"),
});
var dup953 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737030"),
});
var dup954 = match({
dissect: {
tokenizer: "User logged out: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup955 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401070000"),
});
var dup956 = set_field({
dest: "nwparser.msg_id1",
value: constant("611103"),
});
var dup957 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("724002"),
});
var dup958 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:01"),
});
var dup959 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:03"),
});
var dup960 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:04"),
});
var dup961 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904:05"),
});
var dup962 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713904"),
});
var dup963 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup964 = set_field({
dest: "nwparser.msg_id1",
value: constant("713904:02"),
});
var dup965 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718069"),
});
var dup966 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1802000000"),
});
var dup967 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746013"),
});
var dup968 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746013:01"),
});
var dup969 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302027"),
});
var dup970 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402114"),
});
var dup971 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444108"),
});
var dup972 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444108:01"),
});
var dup973 = match({
dissect: {
tokenizer: ", %{action}:%{info}",
field: "nwparser.p0",
},
});
var dup974 = set_field({
dest: "nwparser.msg_id1",
value: constant("713024"),
});
var dup975 = set_field({
dest: "nwparser.msg_id1",
value: constant("715042"),
});
var dup976 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720041"),
});
var dup977 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109014"),
});
var dup978 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318005"),
});
var dup979 = set_field({
dest: "nwparser.msg_id1",
value: constant("713201"),
});
var dup980 = set_field({
dest: "nwparser.msg_id1",
value: constant("713201:01"),
});
var dup981 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718073"),
});
var dup982 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737033"),
});
var dup983 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713224"),
});
var dup984 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307001"),
});
var dup985 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307001:01"),
});
var dup986 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Removed%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Removed%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup987 = match({
dissect: {
tokenizer: "%{hostip} from standby",
field: "nwparser.p1",
},
});
var dup988 = set_field({
dest: "nwparser.msg_id1",
value: constant("737031"),
});
var dup989 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750002"),
});
var dup990 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710005"),
});
var dup991 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717036"),
});
var dup992 = match({
dissect: {
tokenizer: "Too many %{protocol} connections on %{p0}",
field: "nwparser.payload",
},
});
var dup993 = match({
dissect: {
tokenizer: " %{hostip}! %{fld1}",
field: "nwparser.p1",
},
});
var dup994 = set_field({
dest: "nwparser.msg_id1",
value: constant("201004:01"),
});
var dup995 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201004"),
});
var dup996 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415003"),
});
var dup997 = match({
dissect: {
tokenizer: " Session could not be established: session limit of maximum_sessions reached%{}",
field: "nwparser.p1",
},
});
var dup998 = set_field({
dest: "nwparser.msg_id1",
value: constant("716023"),
});
var dup999 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104002"),
});
var dup1000 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104002:01"),
});
var dup1001 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400017"),
});
var dup1002 = set_field({
dest: "nwparser.msg_id1",
value: constant("713130"),
});
var dup1003 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001"),
});
var dup1004 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:01"),
});
var dup1005 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:02"),
});
var dup1006 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:03"),
});
var dup1007 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302001:04"),
});
var dup1008 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444101"),
});
var dup1009 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201005"),
});
var dup1010 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713141"),
});
var dup1011 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717033"),
});
var dup1012 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011"),
});
var dup1013 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:01"),
});
var dup1014 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:02"),
});
var dup1015 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106011:03"),
});
var dup1016 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("613001"),
});
var dup1017 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611301"),
});
var dup1018 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}. %{fld1}",
field: "nwparser.p1",
},
});
var dup1019 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603040000"),
});
var dup1020 = set_field({
dest: "nwparser.msg_id1",
value: constant("713235"),
});
var dup1021 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713235:01"),
});
var dup1022 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717030"),
});
var dup1023 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001:02"),
});
var dup1024 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001:03"),
});
var dup1025 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol} src %{p0}",
field: "nwparser.payload",
},
});
var dup1026 = linear_select([
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{sport} (%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sinterface}:%{saddr}/%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1027 = set_field({
dest: "nwparser.msg_id1",
value: constant("418001:01"),
});
var dup1028 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("418001"),
});
var dup1029 = match({
dissect: {
tokenizer: "Deny protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1030 = linear_select([
match({
dissect: {
tokenizer: " \\\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \" %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1031 = match({
dissect: {
tokenizer: " %{rule_group} %{p2}",
field: "nwparser.p1",
},
});
var dup1032 = linear_select([
match({
dissect: {
tokenizer: "\\\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " \" %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1033 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023"),
});
var dup1034 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1035 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{domain}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1036 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{p2}",
field: "nwparser.p1",
},
});
var dup1037 = linear_select([
match({
dissect: {
tokenizer: "%{dport}(%{dhost}) by access-group \"%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{dport} by access-group \"%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1038 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:01"),
});
var dup1039 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1040 = linear_select([
match({
dissect: {
tokenizer: "%{dport}(%{domain}\\%{username}) by access-group %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dport}(%{fld2}) by access-group %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dport} by access-group %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1041 = linear_select([
match({
dissect: {
tokenizer: " \"%{rule_group}\" %{fld1} %{p3}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "\"%{rule_group}\"%{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{rule_group} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1042 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:04"),
});
var dup1043 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1044 = linear_select([
match({
dissect: {
tokenizer: " \"%{rule_group}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{rule_group} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1045 = set_field({
dest: "nwparser.msg_id1",
value: constant("106023:02"),
});
var dup1046 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202002"),
});
var dup1047 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400014"),
});
var dup1048 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415002"),
});
var dup1049 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201003"),
});
var dup1050 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210007"),
});
var dup1051 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720010"),
});
var dup1052 = match({
dissect: {
tokenizer: "Authorization denied (acl=\"%{listnum}\") for user %{p0}",
field: "nwparser.payload",
},
});
var dup1053 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015"),
});
var dup1054 = match({
dissect: {
tokenizer: "Authorization denied (acl=#%{listnum}#%{group}) for user %{p0}",
field: "nwparser.payload",
},
});
var dup1055 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015:01"),
});
var dup1056 = match({
dissect: {
tokenizer: "Authorization denied (acl=%{listnum}) for user %{p0}",
field: "nwparser.payload",
},
});
var dup1057 = set_field({
dest: "nwparser.msg_id1",
value: constant("109015:02"),
});
var dup1058 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108005:01"),
});
var dup1059 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108005"),
});
var dup1060 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713220"),
});
var dup1061 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603050000"),
});
var dup1062 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105041"),
});
var dup1063 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302007"),
});
var dup1064 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Mismatch: %{event_description}",
field: "nwparser.p1",
},
});
var dup1065 = set_field({
dest: "nwparser.msg_id1",
value: constant("713133"),
});
var dup1066 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e User ACL \u003c\u003c%{listnum}\u003e from %{fld1} ignored, %{info}.",
field: "nwparser.p1",
},
});
var dup1067 = set_field({
dest: "nwparser.eventcategory",
value: constant("1602000000"),
});
var dup1068 = set_field({
dest: "nwparser.msg_id1",
value: constant("716047"),
});
var dup1069 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103006"),
});
var dup1070 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716009"),
});
var dup1071 = linear_select([
match({
dissect: {
tokenizer: " Username = '%{username}', IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1072 = match({
dissect: {
tokenizer: " %{action}: SPI = %{dst_spi}",
field: "nwparser.p1",
},
});
var dup1073 = set_field({
dest: "nwparser.msg_id1",
value: constant("715006"),
});
var dup1074 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715006:01"),
});
var dup1075 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718033"),
});
var dup1076 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403503"),
});
var dup1077 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212001"),
});
var dup1078 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("213003"),
});
var dup1079 = match({
dissect: {
tokenizer: "Teardown PPPOE %{p0}",
field: "nwparser.payload",
},
});
var dup1080 = linear_select([
match({
dissect: {
tokenizer: " Tunnel %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " tunnel %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1081 = match({
dissect: {
tokenizer: " at %{interface}, tunnel-id = %{fld1}, remote-peer = %{saddr}",
field: "nwparser.p1",
},
});
var dup1082 = set_field({
dest: "nwparser.msg_id1",
value: constant("603109"),
});
var dup1083 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("612003"),
});
var dup1084 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713169"),
});
var dup1085 = set_field({
dest: "nwparser.msg_id1",
value: constant("722031"),
});
var dup1086 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109039"),
});
var dup1087 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720020"),
});
var dup1088 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720044"),
});
var dup1089 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611305"),
});
var dup1090 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322003"),
});
var dup1091 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400043"),
});
var dup1092 = match({
dissect: {
tokenizer: "PMTU-D packet %{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup1093 = linear_select([
match({
dissect: {
tokenizer: " bytes %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " byte %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1094 = match({
dissect: {
tokenizer: " greater than effective mtu %{fld2} dest_addr=%{daddr}, src_addr=%{saddr}, prot=%{protocol}",
field: "nwparser.p1",
},
});
var dup1095 = set_field({
dest: "nwparser.msg_id1",
value: constant("602101"),
});
var dup1096 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106006"),
});
var dup1097 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106006:01"),
});
var dup1098 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("335004"),
});
var dup1099 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717010"),
});
var dup1100 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("113023"),
});
var dup1101 = match({
dissect: {
tokenizer: "Routing failed to locate %{p0}",
field: "nwparser.payload",
},
});
var dup1102 = linear_select([
match({
dissect: {
tokenizer: "next-hop %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " next hop%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1103 = match({
dissect: {
tokenizer: " for %{protocol} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1104 = set_field({
dest: "nwparser.msg_id1",
value: constant("110003:01"),
});
var dup1105 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110003:02"),
});
var dup1106 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110003"),
});
var dup1107 = linear_select([
match({
dissect: {
tokenizer: " initiating %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " initiate %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1108 = match({
dissect: {
tokenizer: " rekey (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1109 = set_field({
dest: "nwparser.msg_id1",
value: constant("702212:01"),
});
var dup1110 = match({
dissect: {
tokenizer: " rekey (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1111 = set_field({
dest: "nwparser.msg_id1",
value: constant("702212"),
});
var dup1112 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716051"),
});
var dup1113 = match({
dissect: {
tokenizer: "SMTP made noop: out %{fld1} in %{fld2} %{p0}",
field: "nwparser.payload",
},
});
var dup1114 = linear_select([
match({
dissect: {
tokenizer: " data %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " data: %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1115 = match({
dissect: {
tokenizer: " %{info}",
field: "nwparser.p1",
},
});
var dup1116 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603050000"),
});
var dup1117 = set_field({
dest: "nwparser.msg_id1",
value: constant("108001"),
});
var dup1118 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302003"),
});
var dup1119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317005"),
});
var dup1120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323003"),
});
var dup1121 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601010000"),
});
var dup1122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402125"),
});
var dup1123 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611308"),
});
var dup1124 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718049"),
});
var dup1125 = match({
dissect: {
tokenizer: "Console Login from %{p0}",
field: "nwparser.payload",
},
});
var dup1126 = match({
dissect: {
tokenizer: " at %{saddr}",
field: "nwparser.p1",
},
});
var dup1127 = set_field({
dest: "nwparser.msg_id1",
value: constant("111006"),
});
var dup1128 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106025"),
});
var dup1129 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005"),
});
var dup1130 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005:01"),
});
var dup1131 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302005:02"),
});
var dup1132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746018"),
});
var dup1133 = match({
dissect: {
tokenizer: "%{protocol} %{p0}",
field: "nwparser.payload",
},
});
var dup1134 = linear_select([
match({
dissect: {
tokenizer: " Connection %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " connection %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1135 = match({
dissect: {
tokenizer: " denied by %{direction} list %{fld1} src %{saddr}/%{sport} dest %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1136 = set_field({
dest: "nwparser.msg_id1",
value: constant("106002"),
});
var dup1137 = match({
dissect: {
tokenizer: " denied by %{direction} list %{fld1} src %{saddr} %{sport} dest %{daddr} %{dport}",
field: "nwparser.p1",
},
});
var dup1138 = set_field({
dest: "nwparser.msg_id1",
value: constant("106002:01"),
});
var dup1139 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611320"),
});
var dup1140 = match({
dissect: {
tokenizer: "ISAKMP %{p0}",
field: "nwparser.payload",
},
});
var dup1141 = linear_select([
match({
dissect: {
tokenizer: " malformed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " malform %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1142 = match({
dissect: {
tokenizer: " payload received (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1143 = set_field({
dest: "nwparser.msg_id1",
value: constant("702206:01"),
});
var dup1144 = match({
dissect: {
tokenizer: " payload received (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1145 = set_field({
dest: "nwparser.msg_id1",
value: constant("702206"),
});
var dup1146 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713231"),
});
var dup1147 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("722050"),
});
var dup1148 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505007"),
});
var dup1149 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105010"),
});
var dup1150 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718039"),
});
var dup1151 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400003"),
});
var dup1152 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("606003"),
});
var dup1153 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("610001"),
});
var dup1154 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750001"),
});
var dup1155 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750001:01"),
});
var dup1156 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106019"),
});
var dup1157 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("323002"),
});
var dup1158 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324004"),
});
var dup1159 = match({
dissect: {
tokenizer: " dropped greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1160 = set_field({
dest: "nwparser.msg_id1",
value: constant("338203"),
});
var dup1161 = match({
dissect: {
tokenizer: "Intercepted DNS reply for %{p0}",
field: "nwparser.payload",
},
});
var dup1162 = linear_select([
match({
dissect: {
tokenizer: " domain %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " name %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1163 = match({
dissect: {
tokenizer: " %{web_domain} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, %{result}",
field: "nwparser.p1",
},
});
var dup1164 = set_field({
dest: "nwparser.msg_id1",
value: constant("338301"),
});
var dup1165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304005"),
});
var dup1166 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303005"),
});
var dup1167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504002:01"),
});
var dup1168 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("504002"),
});
var dup1169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720004"),
});
var dup1170 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105036"),
});
var dup1171 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105036:01"),
});
var dup1172 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400033"),
});
var dup1173 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409004"),
});
var dup1174 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805000000"),
});
var dup1175 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("503001"),
});
var dup1176 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("308002"),
});
var dup1177 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415008"),
});
var dup1178 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415008:01"),
});
var dup1179 = match({
dissect: {
tokenizer: "%{interface}:%{hostip} is counted as a user %{p0}",
field: "nwparser.payload",
},
});
var dup1180 = linear_select([
match({
dissect: {
tokenizer: " for %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " of %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1181 = match({
dissect: {
tokenizer: " %{product}",
field: "nwparser.p1",
},
});
var dup1182 = set_field({
dest: "nwparser.eventcategory",
value: constant("1608000000"),
});
var dup1183 = set_field({
dest: "nwparser.msg_id1",
value: constant("421005"),
});
var dup1184 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1185 = match({
dissect: {
tokenizer: " Received Invalid SPI notify (SPI %{dst_spi})!",
field: "nwparser.p0",
},
});
var dup1186 = set_field({
dest: "nwparser.msg_id1",
value: constant("713117"),
});
var dup1187 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409006"),
});
var dup1188 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("703001"),
});
var dup1189 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105032"),
});
var dup1190 = match({
dissect: {
tokenizer: "Authen Session Start: user %{p0}",
field: "nwparser.payload",
},
});
var dup1191 = match({
dissect: {
tokenizer: ", sid %{sessionid}",
field: "nwparser.p1",
},
});
var dup1192 = set_field({
dest: "nwparser.msg_id1",
value: constant("109011"),
});
var dup1193 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400012"),
});
var dup1194 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400039"),
});
var dup1195 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611316"),
});
var dup1196 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{event_description}.",
field: "nwparser.p1",
},
});
var dup1197 = set_field({
dest: "nwparser.msg_id1",
value: constant("715039"),
});
var dup1198 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715039:01"),
});
var dup1199 = set_field({
dest: "nwparser.msg_id1",
value: constant("715059"),
});
var dup1200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715059:01"),
});
var dup1201 = match({
dissect: {
tokenizer: "Extraction of username from VPN client certificate has %{p0}",
field: "nwparser.payload",
},
});
var dup1202 = linear_select([
match({
dissect: {
tokenizer: " finished %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " been %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{disposition}. %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1203 = match({
dissect: {
tokenizer: " [Request %{fld1}]",
field: "nwparser.p1",
},
});
var dup1204 = set_field({
dest: "nwparser.msg_id1",
value: constant("113028"),
});
var dup1205 = match({
dissect: {
tokenizer: "AAA unable to complete the request Error : reason = %{result}: user = %{p0}",
field: "nwparser.payload",
},
});
var dup1206 = set_field({
dest: "nwparser.msg_id1",
value: constant("113013"),
});
var dup1207 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} [%{fld1}]",
field: "nwparser.p1",
},
});
var dup1208 = set_field({
dest: "nwparser.msg_id1",
value: constant("713137"),
});
var dup1209 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713137:01"),
});
var dup1210 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735004"),
});
var dup1211 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717043"),
});
var dup1212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603103"),
});
var dup1213 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("211001"),
});
var dup1214 = match({
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{p0}",
field: "nwparser.payload",
},
});
var dup1215 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld1}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld20}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}(%{fld11}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr} gaddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1216 = linear_select([
match({
dissect: {
tokenizer: "%{hostip}/%{fld4} laddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{hostip} laddr %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1217 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{fld12}) type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p5}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}(%{fld10})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1218 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020"),
});
var dup1219 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr}/%{dport}(%{domain}\\%{username}) gaddr %{hostip}/%{fld4} laddr %{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1220 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{fld10})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1221 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:04"),
});
var dup1222 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr}/%{dport} gaddr %{hostip}/%{fld4} laddr %{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1223 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{fld20}) type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} type %{icmptype} code %{icmpcode}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}(%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1224 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:03"),
});
var dup1225 = match({
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{fld4} laddr %{p0}",
field: "nwparser.payload",
},
});
var dup1226 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{fld10})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1227 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:05"),
});
var dup1228 = match({
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{p0}",
field: "nwparser.payload",
},
});
var dup1229 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}(%{fld10}) gaddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{daddr} gaddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1230 = match({
dissect: {
tokenizer: "%{hostip} laddr %{p2}",
field: "nwparser.p1",
},
});
var dup1231 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}(%{fld11})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1232 = set_field({
dest: "nwparser.msg_id1",
value: constant("302020:01"),
});
var dup1233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302020:02"),
});
var dup1234 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("312001"),
});
var dup1235 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505002"),
});
var dup1236 = match({
dissect: {
tokenizer: " sent (local %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1237 = set_field({
dest: "nwparser.msg_id1",
value: constant("702202:01"),
});
var dup1238 = match({
dissect: {
tokenizer: " sent (local %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1239 = set_field({
dest: "nwparser.msg_id1",
value: constant("702202"),
});
var dup1240 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("104004"),
});
var dup1241 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317003"),
});
var dup1242 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402130"),
});
var dup1243 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709002"),
});
var dup1244 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718058"),
});
var dup1245 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport}(%{sdomain}\\%{fld5}) gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1246 = linear_select([
match({
dissect: {
tokenizer: "%{hostip}/%{fld4} laddr %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{hostip} laddr %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1247 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{username} %{p3}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p3}",
field: "nwparser.p1",
},
}),
]);
var dup1248 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021"),
});
var dup1249 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport}(%{fld20}) gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1250 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username}) type %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1251 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021:02"),
});
var dup1252 = match({
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr}/%{sport} gaddr %{p0}",
field: "nwparser.payload",
},
});
var dup1253 = set_field({
dest: "nwparser.msg_id1",
value: constant("302021:01"),
});
var dup1254 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302015:05"),
});
var dup1255 = match({
dissect: {
tokenizer: " to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport} %{p2}",
field: "nwparser.p1",
},
});
var dup1256 = linear_select([
match({
dissect: {
tokenizer: ") '%{username}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: ") (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: ")%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1257 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015"),
});
var dup1258 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015:01"),
});
var dup1259 = match({
dissect: {
tokenizer: "Built %{fld1} %{protocol} connection %{connectionid} for %{dinterface}:%{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup1260 = linear_select([
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{domain}\\%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})(%{fld3})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "(%{dtransaddr}/%{dtransport})%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1261 = set_field({
dest: "nwparser.msg_id1",
value: constant("302015:03"),
});
var dup1262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302015:04"),
});
var dup1263 = match({
dissect: {
tokenizer: "Built PPTP %{p0}",
field: "nwparser.payload",
},
});
var dup1264 = match({
dissect: {
tokenizer: " at %{interface}, tunnel-id = %{fld1}, remote-peer = %{saddr}, virtual-interface = %{vsys}, client-dynamic-ip = %{daddr}, username = %{p2}",
field: "nwparser.p1",
},
});
var dup1265 = match({
dissect: {
tokenizer: ", MPPE-key-strength = %{fld2}",
field: "nwparser.p3",
},
});
var dup1266 = set_field({
dest: "nwparser.msg_id1",
value: constant("603108"),
});
var dup1267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720003"),
});
var dup1268 = match({
dissect: {
tokenizer: "Deny %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} by access-group %{p0}",
field: "nwparser.payload",
},
});
var dup1269 = set_field({
dest: "nwparser.msg_id1",
value: constant("106027"),
});
var dup1270 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006:02"),
});
var dup1271 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006"),
});
var dup1272 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305006:01"),
});
var dup1273 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain}",
field: "nwparser.p1",
},
});
var dup1274 = set_field({
dest: "nwparser.msg_id1",
value: constant("338101"),
});
var dup1275 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1103000000"),
});
var dup1276 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400028"),
});
var dup1277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400036"),
});
var dup1278 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("604102"),
});
var dup1279 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721004"),
});
var dup1280 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212006"),
});
var dup1281 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313008:01"),
});
var dup1282 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313008"),
});
var dup1283 = match({
dissect: {
tokenizer: ", IP = %{saddr}, User (%{fld1}) authenticated",
field: "nwparser.p1",
},
});
var dup1284 = set_field({
dest: "nwparser.msg_id1",
value: constant("713052"),
});
var dup1285 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202004"),
});
var dup1286 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105031"),
});
var dup1287 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199908"),
});
var dup1288 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617003"),
});
var dup1289 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("742004"),
});
var dup1290 = match({
dissect: {
tokenizer: "AAA user authentication Successful : local database : user = %{p0}",
field: "nwparser.payload",
},
});
var dup1291 = set_field({
dest: "nwparser.msg_id1",
value: constant("113012"),
});
var dup1292 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400024"),
});
var dup1293 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402124"),
});
var dup1294 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611104"),
});
var dup1295 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("711002"),
});
var dup1296 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713042"),
});
var dup1297 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717001"),
});
var dup1298 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720026"),
});
var dup1299 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209005"),
});
var dup1300 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720027"),
});
var dup1301 = linear_select([
match({
dissect: {
tokenizer: " Interface %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " interface %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1302 = match({
dissect: {
tokenizer: " %{interface} %{p1}",
field: "nwparser.p0",
},
});
var dup1303 = linear_select([
match({
dissect: {
tokenizer: " , %{result} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1304 = set_field({
dest: "nwparser.msg_id1",
value: constant("411003"),
});
var dup1305 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611304"),
});
var dup1306 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713211"),
});
var dup1307 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400023"),
});
var dup1308 = match({
dissect: {
tokenizer: "Drop %{p0}",
field: "nwparser.payload",
},
});
var dup1309 = linear_select([
match({
dissect: {
tokenizer: " GTPv %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " GTP %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1310 = match({
dissect: {
tokenizer: " %{misc} message %{fld1} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} Reason: %{result}",
field: "nwparser.p1",
},
});
var dup1311 = set_field({
dest: "nwparser.msg_id1",
value: constant("324000"),
});
var dup1312 = set_field({
dest: "nwparser.msg_id1",
value: constant("411004"),
});
var dup1313 = set_field({
dest: "nwparser.msg_id1",
value: constant("715047:01"),
});
var dup1314 = set_field({
dest: "nwparser.msg_id1",
value: constant("715047"),
});
var dup1315 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302010"),
});
var dup1316 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1317 = match({
dissect: {
tokenizer: " Old P1 SA is being deleted but new SA is DEAD, %{result}",
field: "nwparser.p0",
},
});
var dup1318 = set_field({
dest: "nwparser.msg_id1",
value: constant("715052"),
});
var dup1319 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description} user %{p0}",
field: "nwparser.payload",
},
});
var dup1320 = match({
dissect: {
tokenizer: ", IP %{saddr} has been deleted.",
field: "nwparser.p1",
},
});
var dup1321 = set_field({
dest: "nwparser.msg_id1",
value: constant("721018"),
});
var dup1322 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1204010000"),
});
var dup1323 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746015"),
});
var dup1324 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106009"),
});
var dup1325 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613030000"),
});
var dup1326 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717002"),
});
var dup1327 = match({
dissect: {
tokenizer: "SSH session from %{saddr} on interface %{interface} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1328 = linear_select([
match({
dissect: {
tokenizer: " \"\"%{username}\"\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \"%{username}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " '%{username}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1329 = match({
dissect: {
tokenizer: " disconnected by SSH server, reason: %{p2}",
field: "nwparser.p1",
},
});
var dup1330 = linear_select([
match({
dissect: {
tokenizer: " \"\"%{result}\"\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " \"%{result}\" %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1331 = set_field({
dest: "nwparser.msg_id1",
value: constant("315011"),
});
var dup1332 = match({
dissect: {
tokenizer: " terminated normally%{}",
field: "nwparser.p1",
},
});
var dup1333 = set_field({
dest: "nwparser.msg_id1",
value: constant("315011:01"),
});
var dup1334 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444104"),
});
var dup1335 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1336 = match({
dissect: {
tokenizer: " Automatic NAT Detection Status:%{event_description}",
field: "nwparser.p0",
},
});
var dup1337 = set_field({
dest: "nwparser.msg_id1",
value: constant("713172"),
});
var dup1338 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716059"),
});
var dup1339 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e Stale SVC connection closed.",
field: "nwparser.p1",
},
});
var dup1340 = set_field({
dest: "nwparser.msg_id1",
value: constant("722028"),
});
var dup1341 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("434002"),
});
var dup1342 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309004"),
});
var dup1343 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("414001"),
});
var dup1344 = match({
dissect: {
tokenizer: "Authentication: %{action}, group = \u003c\u003c%{group}\u003e user = %{p0}",
field: "nwparser.payload",
},
});
var dup1345 = match({
dissect: {
tokenizer: " IP = \u003c\u003c %{p2}",
field: "nwparser.p1",
},
});
var dup1346 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} (%{info}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1347 = match({
dissect: {
tokenizer: " \u003e, Session Type: %{network_service}",
field: "nwparser.p3",
},
});
var dup1348 = set_field({
dest: "nwparser.msg_id1",
value: constant("716039"),
});
var dup1349 = match({
dissect: {
tokenizer: "Group \u003c\u003c %{group}\u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup1350 = match({
dissect: {
tokenizer: " \u003e Authentication:%{result} Session Type: %{network_service}",
field: "nwparser.p3",
},
});
var dup1351 = set_field({
dest: "nwparser.msg_id1",
value: constant("716039:01"),
});
var dup1352 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e New %{p2}",
field: "nwparser.p1",
},
});
var dup1353 = linear_select([
match({
dissect: {
tokenizer: " %{protocol} SVC %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " SVC %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1354 = match({
dissect: {
tokenizer: " connection replacing old connection.%{}",
field: "nwparser.p3",
},
});
var dup1355 = set_field({
dest: "nwparser.msg_id1",
value: constant("722032"),
});
var dup1356 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105046"),
});
var dup1357 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702302"),
});
var dup1358 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717005"),
});
var dup1359 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409010"),
});
var dup1360 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305010"),
});
var dup1361 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305010:01"),
});
var dup1362 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403108"),
});
var dup1363 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409013"),
});
var dup1364 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603101"),
});
var dup1365 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715080"),
});
var dup1366 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718062"),
});
var dup1367 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302025"),
});
var dup1368 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("603102"),
});
var dup1369 = set_field({
dest: "nwparser.msg_id1",
value: constant("713132"),
});
var dup1370 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1371 = match({
dissect: {
tokenizer: " %{action}",
field: "nwparser.p0",
},
});
var dup1372 = set_field({
dest: "nwparser.msg_id1",
value: constant("713194"),
});
var dup1373 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715034"),
});
var dup1374 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302302"),
});
var dup1375 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714006"),
});
var dup1376 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714006:01"),
});
var dup1377 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("325001"),
});
var dup1378 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("605001"),
});
var dup1379 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725014"),
});
var dup1380 = match({
dissect: {
tokenizer: "Downloaded authorization access-list %{listnum} not found for user %{p0}",
field: "nwparser.payload",
},
});
var dup1381 = set_field({
dest: "nwparser.msg_id1",
value: constant("109016"),
});
var dup1382 = match({
dissect: {
tokenizer: "Can't find authorization ACL '%{listnum}' on '%{interface}' for user %{p0}",
field: "nwparser.payload",
},
});
var dup1383 = set_field({
dest: "nwparser.msg_id1",
value: constant("109016:01"),
});
var dup1384 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737016"),
});
var dup1385 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737016:01"),
});
var dup1386 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421001"),
});
var dup1387 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106001"),
});
var dup1388 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106001:01"),
});
var dup1389 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106008"),
});
var dup1390 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106008:01"),
});
var dup1391 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106020"),
});
var dup1392 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302018"),
});
var dup1393 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} File %{p0}",
field: "nwparser.payload",
},
});
var dup1394 = match({
dissect: {
tokenizer: " as a Soft Reset was necessary. %{fld1}",
field: "nwparser.p1",
},
});
var dup1395 = set_field({
dest: "nwparser.msg_id1",
value: constant("402126"),
});
var dup1396 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611309"),
});
var dup1397 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1302000000"),
});
var dup1398 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717022"),
});
var dup1399 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120001"),
});
var dup1400 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Unknown client %{p0}",
field: "nwparser.payload",
},
});
var dup1401 = linear_select([
match({
dissect: {
tokenizer: " \u003c\u003c%{application} for %{product} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " \u003c\u003c%{application} %{product} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1402 = match({
dissect: {
tokenizer: " %{version}\u003e connection",
field: "nwparser.p1",
},
});
var dup1403 = set_field({
dest: "nwparser.msg_id1",
value: constant("722053"),
});
var dup1404 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720048"),
});
var dup1405 = match({
dissect: {
tokenizer: "Teardown %{p0}",
field: "nwparser.payload",
},
});
var dup1406 = linear_select([
match({
dissect: {
tokenizer: " local-host %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " localhost %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1407 = match({
dissect: {
tokenizer: "%{interface}:%{hostip} duration %{duration}",
field: "nwparser.p1",
},
});
var dup1408 = set_field({
dest: "nwparser.msg_id1",
value: constant("609002:01"),
});
var dup1409 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752012"),
});
var dup1410 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752012:1"),
});
var dup1411 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106003"),
});
var dup1412 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("404101"),
});
var dup1413 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("607001"),
});
var dup1414 = set_field({
dest: "nwparser.msg_id1",
value: constant("715007"),
});
var dup1415 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613050100"),
});
var dup1416 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715007:01"),
});
var dup1417 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725012"),
});
var dup1418 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725012:01"),
});
var dup1419 = match({
dissect: {
tokenizer: " blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{fld3}%{p4}",
field: "nwparser.p3",
},
});
var dup1420 = linear_select([
match({
dissect: {
tokenizer: " /%{mask}, threat-level: %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " /%{mask} threat-level: %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1421 = set_field({
dest: "nwparser.msg_id1",
value: constant("338004"),
});
var dup1422 = linear_select([
match({
dissect: {
tokenizer: " Shunned %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Shun %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1423 = match({
dissect: {
tokenizer: " packet: %{saddr} ==\u003e %{daddr} on interface %{interface}",
field: "nwparser.p0",
},
});
var dup1424 = set_field({
dest: "nwparser.msg_id1",
value: constant("401004"),
});
var dup1425 = match({
dissect: {
tokenizer: " decompression history reset%{}",
field: "nwparser.p5",
},
});
var dup1426 = set_field({
dest: "nwparser.msg_id1",
value: constant("722027"),
});
var dup1427 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305002"),
});
var dup1428 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106021"),
});
var dup1429 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400040"),
});
var dup1430 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611315"),
});
var dup1431 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Received authentication failure message",
field: "nwparser.p1",
},
});
var dup1432 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301020000"),
});
var dup1433 = set_field({
dest: "nwparser.msg_id1",
value: constant("713251"),
});
var dup1434 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105039"),
});
var dup1435 = match({
dissect: {
tokenizer: "AAA challenge received for user %{p0}",
field: "nwparser.payload",
},
});
var dup1436 = match({
dissect: {
tokenizer: " from server %{hostip}",
field: "nwparser.p1",
},
});
var dup1437 = set_field({
dest: "nwparser.msg_id1",
value: constant("113010"),
});
var dup1438 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("337005"),
});
var dup1439 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105037"),
});
var dup1440 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209002"),
});
var dup1441 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403104"),
});
var dup1442 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1443 = set_field({
dest: "nwparser.msg_id1",
value: constant("713136"),
});
var dup1444 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713255"),
});
var dup1445 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202003"),
});
var dup1446 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415013"),
});
var dup1447 = match({
dissect: {
tokenizer: " connection terminated %{p6}",
field: "nwparser.p5",
},
});
var dup1448 = match({
dissect: {
tokenizer: " compression%{}",
field: "nwparser.p7",
},
});
var dup1449 = set_field({
dest: "nwparser.msg_id1",
value: constant("722023"),
});
var dup1450 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("733100"),
});
var dup1451 = match({
dissect: {
tokenizer: "Deny %{direction} %{p0}",
field: "nwparser.payload",
},
});
var dup1452 = linear_select([
match({
dissect: {
tokenizer: " ICMP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " icmp %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1453 = match({
dissect: {
tokenizer: " src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.p1",
},
});
var dup1454 = set_field({
dest: "nwparser.msg_id1",
value: constant("106014"),
});
var dup1455 = match({
dissect: {
tokenizer: ", IP = %{saddr}, IKE Remote Peer configured for crypto map: %{fld1}",
field: "nwparser.p1",
},
});
var dup1456 = set_field({
dest: "nwparser.msg_id1",
value: constant("713066"),
});
var dup1457 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713066:01"),
});
var dup1458 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400022"),
});
var dup1459 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419002"),
});
var dup1460 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419003"),
});
var dup1461 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611321"),
});
var dup1462 = set_field({
dest: "nwparser.msg_id1",
value: constant("715056"),
});
var dup1463 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720032"),
});
var dup1464 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725008"),
});
var dup1465 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725008:01"),
});
var dup1466 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010"),
});
var dup1467 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:01"),
});
var dup1468 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:02"),
});
var dup1469 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106010:03"),
});
var dup1470 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("615001"),
});
var dup1471 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 exchange %{p0}",
field: "nwparser.payload",
},
});
var dup1472 = linear_select([
match({
dissect: {
tokenizer: " completed %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " complete %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1473 = match({
dissect: {
tokenizer: " %{saddr} (initiator), remote %{daddr})",
field: "nwparser.p1",
},
});
var dup1474 = set_field({
dest: "nwparser.msg_id1",
value: constant("702210:01"),
});
var dup1475 = match({
dissect: {
tokenizer: " %{daddr} (responder), remote %{saddr})",
field: "nwparser.p1",
},
});
var dup1476 = set_field({
dest: "nwparser.msg_id1",
value: constant("702210"),
});
var dup1477 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717029"),
});
var dup1478 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Client Type: %{application} %{p0}",
field: "nwparser.payload",
},
});
var dup1479 = linear_select([
match({
dissect: {
tokenizer: "for %{product} %{version}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "v%{version}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1480 = set_field({
dest: "nwparser.msg_id1",
value: constant("722055"),
});
var dup1481 = linear_select([
match({
dissect: {
tokenizer: "Session=%{sessionid}, Received message%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "Received message%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1482 = match({
dissect: {
tokenizer: " '%{info}'",
field: "nwparser.p1",
},
});
var dup1483 = set_field({
dest: "nwparser.msg_id1",
value: constant("737001"),
});
var dup1484 = match({
dissect: {
tokenizer: "Permitted SSH session from %{saddr} on interface %{interface} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1485 = set_field({
dest: "nwparser.msg_id1",
value: constant("315002"),
});
var dup1486 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319001:01"),
});
var dup1487 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319001"),
});
var dup1488 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720024"),
});
var dup1489 = set_field({
dest: "nwparser.msg_id1",
value: constant("724003"),
});
var dup1490 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106103:01"),
});
var dup1491 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106103"),
});
var dup1492 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1602000000"),
});
var dup1493 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321005"),
});
var dup1494 = match({
dissect: {
tokenizer: " to %{daddr} that failed authentication.",
field: "nwparser.p1",
},
});
var dup1495 = set_field({
dest: "nwparser.msg_id1",
value: constant("402120"),
});
var dup1496 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611312"),
});
var dup1497 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107001:01"),
});
var dup1498 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("107001"),
});
var dup1499 = match({
dissect: {
tokenizer: "Address %{hostip} discovered for domain %{web_domain} from %{p0}",
field: "nwparser.payload",
},
});
var dup1500 = linear_select([
match({
dissect: {
tokenizer: " %{category}. %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{category}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1501 = match({
dissect: {
tokenizer: " Adding rule%{}",
field: "nwparser.p1",
},
});
var dup1502 = set_field({
dest: "nwparser.msg_id1",
value: constant("338302"),
});
var dup1503 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611314"),
});
var dup1504 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317001"),
});
var dup1505 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321003"),
});
var dup1506 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1507 = set_field({
dest: "nwparser.msg_id1",
value: constant("338006"),
});
var dup1508 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("413001"),
});
var dup1509 = match({
dissect: {
tokenizer: "User authentication failed: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1510 = set_field({
dest: "nwparser.msg_id1",
value: constant("611102"),
});
var dup1511 = match({
dissect: {
tokenizer: "User authentication failed: %{p0}",
field: "nwparser.payload",
},
});
var dup1512 = linear_select([
match({
dissect: {
tokenizer: "IP address: %{saddr}, Uname: %{username}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "IP address: %{saddr}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1513 = set_field({
dest: "nwparser.msg_id1",
value: constant("611102:01"),
});
var dup1514 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611323"),
});
var dup1515 = match({
dissect: {
tokenizer: "Starting SSL handshake with %{p0}",
field: "nwparser.payload",
},
});
var dup1516 = linear_select([
match({
dissect: {
tokenizer: " client %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " server %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1517 = match({
dissect: {
tokenizer: " %{sinterface}:%{saddr}/%{sport}to%{daddr}/%{dport}for %{version} session",
field: "nwparser.p1",
},
});
var dup1518 = set_field({
dest: "nwparser.msg_id1",
value: constant("725001:01"),
});
var dup1519 = match({
dissect: {
tokenizer: " %{interface}:%{hostip}/%{network_port} for %{version} session.",
field: "nwparser.p1",
},
});
var dup1520 = set_field({
dest: "nwparser.msg_id1",
value: constant("725001"),
});
var dup1521 = match({
dissect: {
tokenizer: "Call-Home is processing %{p0}",
field: "nwparser.payload",
},
});
var dup1522 = linear_select([
match({
dissect: {
tokenizer: " configuration %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " inventory %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " snapshot %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1523 = match({
dissect: {
tokenizer: " event %{info}",
field: "nwparser.p1",
},
});
var dup1524 = set_field({
dest: "nwparser.msg_id1",
value: constant("120003"),
});
var dup1525 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("414002"),
});
var dup1526 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415007"),
});
var dup1527 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1528 = set_field({
dest: "nwparser.msg_id1",
value: constant("714011"),
});
var dup1529 = linear_select([
match({
dissect: {
tokenizer: " ID_IPV4_ADDR_SUBNET %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " ID_IPV4_ADDR %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1530 = match({
dissect: {
tokenizer: " ID %{fld1}",
field: "nwparser.p0",
},
});
var dup1531 = set_field({
dest: "nwparser.msg_id1",
value: constant("714011:01"),
});
var dup1532 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101002"),
});
var dup1533 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409008"),
});
var dup1534 = match({
dissect: {
tokenizer: "PPTP Tunnel %{p0}",
field: "nwparser.payload",
},
});
var dup1535 = linear_select([
match({
dissect: {
tokenizer: " deleted, tunnel_id %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " deleted tunnel_id %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1536 = match({
dissect: {
tokenizer: " =%{fld1}, remote_peer_ip=%{saddr}",
field: "nwparser.p1",
},
});
var dup1537 = set_field({
dest: "nwparser.msg_id1",
value: constant("603105"),
});
var dup1538 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713061"),
});
var dup1539 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Assigned private IP address %{stransaddr} to remote user",
field: "nwparser.p1",
},
});
var dup1540 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605020000"),
});
var dup1541 = set_field({
dest: "nwparser.msg_id1",
value: constant("713228"),
});
var dup1542 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103004"),
});
var dup1543 = set_field({
dest: "nwparser.msg_id1",
value: constant("715021"),
});
var dup1544 = match({
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{fld1} \u003e GroupPolicy \u003c\u003c %{group} \u003e User %{p0}",
field: "nwparser.payload",
},
});
var dup1545 = match({
dissect: {
tokenizer: " \u003e No IPv6 address available for SVC connection%{}",
field: "nwparser.p3",
},
});
var dup1546 = set_field({
dest: "nwparser.msg_id1",
value: constant("722041"),
});
var dup1547 = match({
dissect: {
tokenizer: " to %{daddr}. %{result}",
field: "nwparser.p1",
},
});
var dup1548 = set_field({
dest: "nwparser.msg_id1",
value: constant("402116"),
});
var dup1549 = match({
dissect: {
tokenizer: ", Error processing payload: Payload ID: %{fld1}",
field: "nwparser.p0",
},
});
var dup1550 = set_field({
dest: "nwparser.msg_id1",
value: constant("713048"),
});
var dup1551 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103001"),
});
var dup1552 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318006"),
});
var dup1553 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407001"),
});
var dup1554 = match({
dissect: {
tokenizer: "ospf %{p0}",
field: "nwparser.payload",
},
});
var dup1555 = linear_select([
match({
dissect: {
tokenizer: " E1 update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " E2 update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IA update %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " update %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1556 = match({
dissect: {
tokenizer: " %{stransaddr} %{fld1} [%{fld2}] via %{daddr}:%{host} overriding conflict with %{dtransaddr} %{fld3} [%{fld4}] %{interface}",
field: "nwparser.p1",
},
});
var dup1557 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805020000"),
});
var dup1558 = set_field({
dest: "nwparser.msg_id1",
value: constant("408002"),
});
var dup1559 = match({
dissect: {
tokenizer: "Device proposes the following %{dclass_counter1} cipher(s) to %{p0}",
field: "nwparser.payload",
},
});
var dup1560 = linear_select([
match({
dissect: {
tokenizer: "server%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "client%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1561 = match({
dissect: {
tokenizer: " %{interface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var dup1562 = set_field({
dest: "nwparser.msg_id1",
value: constant("725009:01"),
});
var dup1563 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725009"),
});
var dup1564 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120007"),
});
var dup1565 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718023"),
});
var dup1566 = match({
dissect: {
tokenizer: "(VPN-%{context}) Receiving %{obj_type} message %{p0}",
field: "nwparser.payload",
},
});
var dup1567 = linear_select([
match({
dissect: {
tokenizer: " (%{info}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{info} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1568 = match({
dissect: {
tokenizer: " from active unit%{}",
field: "nwparser.p1",
},
});
var dup1569 = set_field({
dest: "nwparser.msg_id1",
value: constant("720042"),
});
var dup1570 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415011"),
});
var dup1571 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611307"),
});
var dup1572 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713206"),
});
var dup1573 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324006"),
});
var dup1574 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210001"),
});
var dup1575 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304002"),
});
var dup1576 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304002:01"),
});
var dup1577 = linear_select([
match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application up \"%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Module ips, application up \"%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1578 = set_field({
dest: "nwparser.msg_id1",
value: constant("505015"),
});
var dup1579 = set_field({
dest: "nwparser.msg_id1",
value: constant("702208:01"),
});
var dup1580 = set_field({
dest: "nwparser.msg_id1",
value: constant("702208"),
});
var dup1581 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735006"),
});
var dup1582 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109013"),
});
var dup1583 = linear_select([
match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1584 = set_field({
dest: "nwparser.msg_id1",
value: constant("715046:01"),
});
var dup1585 = set_field({
dest: "nwparser.msg_id1",
value: constant("715046"),
});
var dup1586 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400025"),
});
var dup1587 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444106"),
});
var dup1588 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1589 = match({
dissect: {
tokenizer: " Received non-routine %{p2}",
field: "nwparser.p1",
},
});
var dup1590 = linear_select([
match({
dissect: {
tokenizer: " Notify %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " notify %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1591 = match({
dissect: {
tokenizer: " message: %{p4}",
field: "nwparser.p3",
},
});
var dup1592 = linear_select([
match({
dissect: {
tokenizer: " %{result} (%{info}) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1593 = set_field({
dest: "nwparser.msg_id1",
value: constant("713068"),
});
var dup1594 = match({
dissect: {
tokenizer: " \u003e Session terminated: %{info}",
field: "nwparser.p3",
},
});
var dup1595 = set_field({
dest: "nwparser.msg_id1",
value: constant("722049"),
});
var dup1596 = match({
dissect: {
tokenizer: " \u003e IPv4 %{p4}",
field: "nwparser.p3",
},
});
var dup1597 = linear_select([
match({
dissect: {
tokenizer: " Address %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " address %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1598 = match({
dissect: {
tokenizer: " \u003c\u003c %{stransaddr} \u003e IPv6 %{p6}",
field: "nwparser.p5",
},
});
var dup1599 = linear_select([
match({
dissect: {
tokenizer: " address %{p7}",
field: "nwparser.p6",
},
}),
match({
dissect: {
tokenizer: " Address %{p7}",
field: "nwparser.p6",
},
}),
]);
var dup1600 = match({
dissect: {
tokenizer: " \u003c\u003c%{info}\u003e assigned to session",
field: "nwparser.p7",
},
});
var dup1601 = set_field({
dest: "nwparser.msg_id1",
value: constant("722051:01"),
});
var dup1602 = match({
dissect: {
tokenizer: " \u003e Address \u003c\u003c %{stransaddr} \u003e assigned to session",
field: "nwparser.p3",
},
});
var dup1603 = set_field({
dest: "nwparser.msg_id1",
value: constant("722051"),
});
var dup1604 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716601"),
});
var dup1605 = match({
dissect: {
tokenizer: "Downloaded ACL %{p0}",
field: "nwparser.payload",
},
});
var dup1606 = linear_select([
match({
dissect: {
tokenizer: " '%{listnum}' %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{listnum} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1607 = match({
dissect: {
tokenizer: " is empty%{}",
field: "nwparser.p1",
},
});
var dup1608 = set_field({
dest: "nwparser.msg_id1",
value: constant("109018"),
});
var dup1609 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{p0}",
field: "nwparser.payload",
},
});
var dup1610 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld7}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1611 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{p2}",
field: "nwparser.p1",
},
});
var dup1612 = linear_select([
match({
dissect: {
tokenizer: "%{bytes} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{bytes} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1613 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:05"),
});
var dup1614 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport}(%{fld1}) to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} %{p0}",
field: "nwparser.payload",
},
});
var dup1615 = linear_select([
match({
dissect: {
tokenizer: "bytes %{bytes} (%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "bytes %{bytes}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1616 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:07"),
});
var dup1617 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} %{p0}",
field: "nwparser.payload",
},
});
var dup1618 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:04"),
});
var dup1619 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld5}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1620 = match({
dissect: {
tokenizer: "%{dinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1621 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{fld20})%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1622 = match({
dissect: {
tokenizer: " duration %{duration} %{p4}",
field: "nwparser.p3",
},
});
var dup1623 = linear_select([
match({
dissect: {
tokenizer: " bytes %{bytes} '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " bytes %{bytes} (%{username}) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " bytes %{bytes} %{p6}",
field: "nwparser.p4",
},
}),
]);
var dup1624 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:06"),
});
var dup1625 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1626 = match({
dissect: {
tokenizer: "%{duration} bytes %{bytes} %{p4}",
field: "nwparser.p3",
},
});
var dup1627 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " (%{username}) %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1628 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016"),
});
var dup1629 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{sdomain}\\%{fld5}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{fld20}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1630 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{c_username}) duration %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1631 = set_field({
dest: "nwparser.msg_id1",
value: constant("302016:01"),
});
var dup1632 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302016:02"),
});
var dup1633 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302016:03"),
});
var dup1634 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocated %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1635 = match({
dissect: {
tokenizer: " RTSP %{protocol} backconnection %{p1}",
field: "nwparser.p0",
},
});
var dup1636 = linear_select([
match({
dissect: {
tokenizer: " for faddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " for foreign_address %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " for %{sinterface}: %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1637 = match({
dissect: {
tokenizer: "%{saddr}%{p3}",
field: "nwparser.p2",
},
});
var dup1638 = linear_select([
match({
dissect: {
tokenizer: " /%{sport} to %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " to %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1639 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " local_address %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " %{dinterface}:%{p6}",
field: "nwparser.p5",
},
}),
]);
var dup1640 = match({
dissect: {
tokenizer: "%{daddr}/%{p7}",
field: "nwparser.p6",
},
});
var dup1641 = linear_select([
match({
dissect: {
tokenizer: " %{dport}. %{p8}",
field: "nwparser.p7",
},
}),
match({
dissect: {
tokenizer: " %{dport} %{p8}",
field: "nwparser.p7",
},
}),
]);
var dup1642 = set_field({
dest: "nwparser.msg_id1",
value: constant("314001"),
});
var dup1643 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338309"),
});
var dup1644 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716058"),
});
var dup1645 = match({
dissect: {
tokenizer: "Authen Session End: user %{p0}",
field: "nwparser.payload",
},
});
var dup1646 = match({
dissect: {
tokenizer: ", sid %{sessionid}, elapsed %{duration} seconds",
field: "nwparser.p1",
},
});
var dup1647 = set_field({
dest: "nwparser.msg_id1",
value: constant("109012"),
});
var dup1648 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400045"),
});
var dup1649 = match({
dissect: {
tokenizer: "Attempting AAA Fallback method %{process} for %{info} for user %{p0}",
field: "nwparser.payload",
},
});
var dup1650 = match({
dissect: {
tokenizer: ": %{space} Auth-server group %{product} unreachable",
field: "nwparser.p1",
},
});
var dup1651 = set_field({
dest: "nwparser.msg_id1",
value: constant("409023"),
});
var dup1652 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714002"),
});
var dup1653 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714002:01"),
});
var dup1654 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717007"),
});
var dup1655 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304004"),
});
var dup1656 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("408001"),
});
var dup1657 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713216"),
});
var dup1658 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713216:01"),
});
var dup1659 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210005"),
});
var dup1660 = match({
dissect: {
tokenizer: "User authentication succeeded: Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1661 = set_field({
dest: "nwparser.msg_id1",
value: constant("611101"),
});
var dup1662 = match({
dissect: {
tokenizer: "User authentication succeeded: IP address: %{saddr}, Uname: %{p0}",
field: "nwparser.payload",
},
});
var dup1663 = set_field({
dest: "nwparser.msg_id1",
value: constant("611101:01"),
});
var dup1664 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713134"),
});
var dup1665 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720035"),
});
var dup1666 = set_field({
dest: "nwparser.msg_id1",
value: constant("722003"),
});
var dup1667 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737010"),
});
var dup1668 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("737010:01"),
});
var dup1669 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305008"),
});
var dup1670 = match({
dissect: {
tokenizer: " %{info}",
field: "nwparser.p0",
},
});
var dup1671 = set_field({
dest: "nwparser.msg_id1",
value: constant("715028"),
});
var dup1672 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} Proxy Id:%{fld1} Remote host: %{hostname} Protocol %{protocol} Port %{port} Local subnet: %{fld2} mask %{mask} Protocol %{fld3} Port %{fld4} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description} flags %{fld5}, refcnt %{fld6}, tuncnt %{fld7}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{event_description} %{fld9} flags %{fld5}, refcnt %{fld6}, tuncnt %{fld7}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} (%{fld1}) %{fld2} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1673 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906:01"),
});
var dup1674 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} flags %{fld1}, refcnt %{fld2}, tuncnt %{fld3}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} Proxy Id:%{fld1} Remote host: %{hostname} Protocol %{protocol} Port %{port} Local subnet: %{fld2} mask %{mask} Protocol %{fld3} Port %{fld4} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description} for remote peer %{fld1}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1675 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906:03"),
});
var dup1676 = match({
dissect: {
tokenizer: "IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
});
var dup1677 = linear_select([
match({
dissect: {
tokenizer: " Responder: %{event_description} TCP port: %{network_port} peer TCP port: %{fld1} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{event_description}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1678 = set_field({
dest: "nwparser.msg_id1",
value: constant("713906"),
});
var dup1679 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713906:02"),
});
var dup1680 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209003"),
});
var dup1681 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("309001"),
});
var dup1682 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713143"),
});
var dup1683 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111111"),
});
var dup1684 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400041"),
});
var dup1685 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400049"),
});
var dup1686 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("703002"),
});
var dup1687 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Security negotiation complete for %{p1}",
field: "nwparser.p0",
},
});
var dup1688 = linear_select([
match({
dissect: {
tokenizer: " LAN-to-LAN Group %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " User %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1689 = match({
dissect: {
tokenizer: " (%{fld1}) %{p3}",
field: "nwparser.p2",
},
});
var dup1690 = linear_select([
match({
dissect: {
tokenizer: " Initiator %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " Responder %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1691 = match({
dissect: {
tokenizer: ", Inbound SPI = %{src_spi}, Outbound SPI = %{dst_spi}",
field: "nwparser.p4",
},
});
var dup1692 = set_field({
dest: "nwparser.msg_id1",
value: constant("713049"),
});
var dup1693 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1694 = set_field({
dest: "nwparser.msg_id1",
value: constant("713120"),
});
var dup1695 = linear_select([
match({
dissect: {
tokenizer: " Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1696 = match({
dissect: {
tokenizer: " %{event_description} (version: %{version}, capabilities: %{fld1})",
field: "nwparser.p0",
},
});
var dup1697 = set_field({
dest: "nwparser.msg_id1",
value: constant("715038"),
});
var dup1698 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318002"),
});
var dup1699 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("219002"),
});
var dup1700 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400004"),
});
var dup1701 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("617001"),
});
var dup1702 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713014"),
});
var dup1703 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715040"),
});
var dup1704 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718034"),
});
var dup1705 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720012"),
});
var dup1706 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105001"),
});
var dup1707 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752004"),
});
var dup1708 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717039"),
});
var dup1709 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720036"),
});
var dup1710 = match({
dissect: {
tokenizer: "Deny IP from %{saddr} %{p0}",
field: "nwparser.payload",
},
});
var dup1711 = linear_select([
match({
dissect: {
tokenizer: " from %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1712 = match({
dissect: {
tokenizer: " %{daddr}, IP options %{fld1}",
field: "nwparser.p1",
},
});
var dup1713 = set_field({
dest: "nwparser.msg_id1",
value: constant("106012"),
});
var dup1714 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106007"),
});
var dup1715 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210021"),
});
var dup1716 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713900:02"),
});
var dup1717 = match({
dissect: {
tokenizer: ", %{info}(): %{event_description}",
field: "nwparser.p0",
},
});
var dup1718 = set_field({
dest: "nwparser.msg_id1",
value: constant("713900"),
});
var dup1719 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713900:01"),
});
var dup1720 = match({
dissect: {
tokenizer: ", IP = %{saddr}, IKEGetUserAttributes: %{change_attribute} = %{change_new}",
field: "nwparser.p1",
},
});
var dup1721 = set_field({
dest: "nwparser.msg_id1",
value: constant("715019"),
});
var dup1722 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715019:01"),
});
var dup1723 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("101001"),
});
var dup1724 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713229"),
});
var dup1725 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718028"),
});
var dup1726 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210020"),
});
var dup1727 = linear_select([
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1728 = match({
dissect: {
tokenizer: " %{network_service} %{protocol} backconnection for %{p1}",
field: "nwparser.p0",
},
});
var dup1729 = linear_select([
match({
dissect: {
tokenizer: " faddr %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " foreign_address %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1730 = match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{p3}",
field: "nwparser.p2",
},
});
var dup1731 = linear_select([
match({
dissect: {
tokenizer: " laddr %{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: " local_address %{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1732 = match({
dissect: {
tokenizer: " %{daddr}/%{dport}",
field: "nwparser.p4",
},
});
var dup1733 = set_field({
dest: "nwparser.msg_id1",
value: constant("302004"),
});
var dup1734 = match({
dissect: {
tokenizer: " %{saddr} to %{p3}",
field: "nwparser.p2",
},
});
var dup1735 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p6}",
field: "nwparser.p5",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p6}",
field: "nwparser.p5",
},
}),
]);
var dup1736 = set_field({
dest: "nwparser.msg_id1",
value: constant("302004:01"),
});
var dup1737 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313009"),
});
var dup1738 = match({
dissect: {
tokenizer: " dropped greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1739 = set_field({
dest: "nwparser.msg_id1",
value: constant("338204"),
});
var dup1740 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407002"),
});
var dup1741 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("407002:01"),
});
var dup1742 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} Process = %{process}, PC = %{fld1}, Call stack = %{fld2}%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1743 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603110000"),
});
var dup1744 = set_field({
dest: "nwparser.msg_id1",
value: constant("711004"),
});
var dup1745 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713105"),
});
var dup1746 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1805010100"),
});
var dup1747 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405003"),
});
var dup1748 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109026"),
});
var dup1749 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338306"),
});
var dup1750 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420005"),
});
var dup1751 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1603060000"),
});
var dup1752 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713016"),
});
var dup1753 = match({
dissect: {
tokenizer: "SSL client %{interface}:%{hostip}/%{network_port} %{p0}",
field: "nwparser.payload",
},
});
var dup1754 = linear_select([
match({
dissect: {
tokenizer: "to %{daddr}/%{dport} %{action}%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{action}.%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1755 = set_field({
dest: "nwparser.msg_id1",
value: constant("725003"),
});
var dup1756 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725013"),
});
var dup1757 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{fld3}/%{mask} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1758 = set_field({
dest: "nwparser.msg_id1",
value: constant("338007"),
});
var dup1759 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709007"),
});
var dup1760 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("102001"),
});
var dup1761 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400038"),
});
var dup1762 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("714007"),
});
var dup1763 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718016"),
});
var dup1764 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201008"),
});
var dup1765 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311001"),
});
var dup1766 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302017"),
});
var dup1767 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302017:01"),
});
var dup1768 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713129"),
});
var dup1769 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716041"),
});
var dup1770 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302006"),
});
var dup1771 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302006:01"),
});
var dup1772 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720049"),
});
var dup1773 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("750003"),
});
var dup1774 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751014"),
});
var dup1775 = match({
dissect: {
tokenizer: "AAA retrieved default group policy %{p0}",
field: "nwparser.payload",
},
});
var dup1776 = linear_select([
match({
dissect: {
tokenizer: " (%{policyname}) for %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{policyname} for %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1777 = linear_select([
match({
dissect: {
tokenizer: " user = %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " user %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1778 = linear_select([
match({
dissect: {
tokenizer: " '%{username}' %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{username} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1779 = set_field({
dest: "nwparser.msg_id1",
value: constant("113009"),
});
var dup1780 = match({
dissect: {
tokenizer: " for %{daddr}",
field: "nwparser.p1",
},
});
var dup1781 = set_field({
dest: "nwparser.msg_id1",
value: constant("113009:01"),
});
var dup1782 = match({
dissect: {
tokenizer: "%{direction} %{protocol} request (%{bytes} bytes) %{p0}",
field: "nwparser.payload",
},
});
var dup1783 = linear_select([
match({
dissect: {
tokenizer: " from IP address %{saddr} Port %{sport} Interface \"%{interface}\" %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " on interface %{interface} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1784 = match({
dissect: {
tokenizer: " exceeds data buffer %{p2}",
field: "nwparser.p1",
},
});
var dup1785 = linear_select([
match({
dissect: {
tokenizer: " SIZE, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " size, %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1786 = match({
dissect: {
tokenizer: " %{result}",
field: "nwparser.p3",
},
});
var dup1787 = set_field({
dest: "nwparser.msg_id1",
value: constant("212005"),
});
var dup1788 = set_field({
dest: "nwparser.msg_id1",
value: constant("715057"),
});
var dup1789 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199002"),
});
var dup1790 = match({
dissect: {
tokenizer: "Authorization denied for user %{p0}",
field: "nwparser.payload",
},
});
var dup1791 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501040000"),
});
var dup1792 = set_field({
dest: "nwparser.msg_id1",
value: constant("109008"),
});
var dup1793 = linear_select([
match({
dissect: {
tokenizer: " created, %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " created %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1794 = match({
dissect: {
tokenizer: " tunnel_id is %{fld1}, remote_peer_ip is %{saddr}, ppp_virtual_interface_id is %{interface}, client_dynamic_ip is %{p2}",
field: "nwparser.p1",
},
});
var dup1795 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1796 = match({
dissect: {
tokenizer: " username is %{p4}",
field: "nwparser.p3",
},
});
var dup1797 = set_field({
dest: "nwparser.msg_id1",
value: constant("603106"),
});
var dup1798 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Password for user (%{fld1}) too long, %{info}",
field: "nwparser.p1",
},
});
var dup1799 = set_field({
dest: "nwparser.eventcategory",
value: constant("1402040101"),
});
var dup1800 = set_field({
dest: "nwparser.msg_id1",
value: constant("713072"),
});
var dup1801 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Remote peer has failed user authentication - %{info}",
field: "nwparser.p1",
},
});
var dup1802 = set_field({
dest: "nwparser.msg_id1",
value: constant("713167"),
});
var dup1803 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713167:01"),
});
var dup1804 = match({
dissect: {
tokenizer: ", IP = %{saddr}, Client Type: %{product} Client Application Version: %{version}",
field: "nwparser.p1",
},
});
var dup1805 = set_field({
dest: "nwparser.msg_id1",
value: constant("713184"),
});
var dup1806 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713184:01"),
});
var dup1807 = match({
dissect: {
tokenizer: "%{process}: User %{p0}",
field: "nwparser.payload",
},
});
var dup1808 = match({
dissect: {
tokenizer: ", %{p2}",
field: "nwparser.p1",
},
});
var dup1809 = linear_select([
match({
dissect: {
tokenizer: " Addr %{hostip}, %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " Addr %{hostip}: %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1810 = set_field({
dest: "nwparser.msg_id1",
value: constant("734002"),
});
var dup1811 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106022"),
});
var dup1812 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317004"),
});
var dup1813 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338304"),
});
var dup1814 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403109"),
});
var dup1815 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713187"),
});
var dup1816 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105009"),
});
var dup1817 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400046"),
});
var dup1818 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403106"),
});
var dup1819 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111001"),
});
var dup1820 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713223"),
});
var dup1821 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("701001"),
});
var dup1822 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402101"),
});
var dup1823 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602104"),
});
var dup1824 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Group = %{group}, Username = %{username}, IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1825 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902"),
});
var dup1826 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}' , IP = %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username} , IP = %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1827 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902:02"),
});
var dup1828 = set_field({
dest: "nwparser.msg_id1",
value: constant("713902:01"),
});
var dup1829 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("215001"),
});
var dup1830 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735003"),
});
var dup1831 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("751007"),
});
var dup1832 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("306001"),
});
var dup1833 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group}, Username = '%{username}', IP = %{saddr},%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP = %{saddr}, %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1834 = set_field({
dest: "nwparser.msg_id1",
value: constant("715001"),
});
var dup1835 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718068"),
});
var dup1836 = match({
dissect: {
tokenizer: "Scheduled reload for %{fld1} cancelled by %{p0}",
field: "nwparser.payload",
},
});
var dup1837 = match({
dissect: {
tokenizer: " at %{fld2}",
field: "nwparser.p1",
},
});
var dup1838 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701020000"),
});
var dup1839 = set_field({
dest: "nwparser.msg_id1",
value: constant("199008"),
});
var dup1840 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713214"),
});
var dup1841 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1605010000"),
});
var dup1842 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199015"),
});
var dup1843 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602103"),
});
var dup1844 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1401030000"),
});
var dup1845 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307003"),
});
var dup1846 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("307003:01"),
});
var dup1847 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400027"),
});
var dup1848 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721012"),
});
var dup1849 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202005"),
});
var dup1850 = match({
dissect: {
tokenizer: "Auto Update failed:%{p0}",
field: "nwparser.payload",
},
});
var dup1851 = match({
dissect: {
tokenizer: ", version:%{version}, reason:%{result}",
field: "nwparser.p1",
},
});
var dup1852 = set_field({
dest: "nwparser.msg_id1",
value: constant("612002"),
});
var dup1853 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713119"),
});
var dup1854 = match({
dissect: {
tokenizer: ", %{event_description}, %{fld1}",
field: "nwparser.p1",
},
});
var dup1855 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603020000"),
});
var dup1856 = set_field({
dest: "nwparser.msg_id1",
value: constant("713232"),
});
var dup1857 = match({
dissect: {
tokenizer: ", IP = %{saddr}, MODE_CFG: %{action}",
field: "nwparser.p1",
},
});
var dup1858 = set_field({
dest: "nwparser.msg_id1",
value: constant("715053"),
});
var dup1859 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715053:01"),
});
var dup1860 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746014"),
});
var dup1861 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717045"),
});
var dup1862 = match({
dissect: {
tokenizer: "Authentication succeeded for user %{p0}",
field: "nwparser.payload",
},
});
var dup1863 = set_field({
dest: "nwparser.msg_id1",
value: constant("109005"),
});
var dup1864 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713092"),
});
var dup1865 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717055"),
});
var dup1866 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710004"),
});
var dup1867 = match({
dissect: {
tokenizer: "%{result}; Connection for %{protocol} src %{sinterface}:%{saddr}/%{p0}",
field: "nwparser.payload",
},
});
var dup1868 = linear_select([
match({
dissect: {
tokenizer: "%{sport}(%{domain}\\%{username}) dst %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{sport} dst %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1869 = set_field({
dest: "nwparser.msg_id1",
value: constant("305013"),
});
var dup1870 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305013:01"),
});
var dup1871 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305013:02"),
});
var dup1872 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("319004"),
});
var dup1873 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("321004"),
});
var dup1874 = match({
dissect: {
tokenizer: " %{service} Connection for %{p2}",
field: "nwparser.p1",
},
});
var dup1875 = set_field({
dest: "nwparser.msg_id1",
value: constant("405102"),
});
var dup1876 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("450001"),
});
var dup1877 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("702303"),
});
var dup1878 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199017"),
});
var dup1879 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105006"),
});
var dup1880 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322002"),
});
var dup1881 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.device.hostname=\"%{hostname}\"",
field: "nwparser.p1",
},
});
var dup1882 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:01"),
});
var dup1883 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.device.MAC[\"%{macaddr}\"]=\"%{fld2}\"",
field: "nwparser.p1",
},
});
var dup1884 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:02"),
});
var dup1885 = match({
dissect: {
tokenizer: ", Addr %{hostip}: Session Attribute endpoint.os.version=\"%{version}\"",
field: "nwparser.p1",
},
});
var dup1886 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003:03"),
});
var dup1887 = match({
dissect: {
tokenizer: ", Addr %{hostip}: %{result}",
field: "nwparser.p1",
},
});
var dup1888 = set_field({
dest: "nwparser.msg_id1",
value: constant("734003"),
});
var dup1889 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735011"),
});
var dup1890 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103002:01"),
});
var dup1891 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("103002"),
});
var dup1892 = match({
dissect: {
tokenizer: " %{interface} experienced a hardware transmit hang. %{result}.",
field: "nwparser.p0",
},
});
var dup1893 = set_field({
dest: "nwparser.msg_id1",
value: constant("411005"),
});
var dup1894 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415004"),
});
var dup1895 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415004:01"),
});
var dup1896 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415009"),
});
var dup1897 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709008"),
});
var dup1898 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718010"),
});
var dup1899 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("331001"),
});
var dup1900 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210002"),
});
var dup1901 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400044"),
});
var dup1902 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709005"),
});
var dup1903 = match({
dissect: {
tokenizer: ", IP %{saddr} has been created.",
field: "nwparser.p1",
},
});
var dup1904 = set_field({
dest: "nwparser.msg_id1",
value: constant("721016"),
});
var dup1905 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105005"),
});
var dup1906 = match({
dissect: {
tokenizer: "Authorization permitted for user %{p0}",
field: "nwparser.payload",
},
});
var dup1907 = set_field({
dest: "nwparser.msg_id1",
value: constant("109007"),
});
var dup1908 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("208005"),
});
var dup1909 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400011"),
});
var dup1910 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409001"),
});
var dup1911 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("612001"),
});
var dup1912 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713147"),
});
var dup1913 = match({
dissect: {
tokenizer: "SMTP: Bad Checksum %{network_service} %{p0}",
field: "nwparser.payload",
},
});
var dup1914 = linear_select([
match({
dissect: {
tokenizer: " Request %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " Response %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1915 = match({
dissect: {
tokenizer: " from %{sinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1916 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1917 = match({
dissect: {
tokenizer: " to %{dinterface}:%{p4}",
field: "nwparser.p3",
},
});
var dup1918 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup1919 = match({
dissect: {
tokenizer: ";%{info}",
field: "nwparser.p5",
},
});
var dup1920 = set_field({
dest: "nwparser.msg_id1",
value: constant("108004:01"),
});
var dup1921 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("108004"),
});
var dup1922 = match({
dissect: {
tokenizer: "ESMTP Classification: %{action} for %{network_service} %{p0}",
field: "nwparser.payload",
},
});
var dup1923 = set_field({
dest: "nwparser.msg_id1",
value: constant("108004:02"),
});
var dup1924 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720006"),
});
var dup1925 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("734004"),
});
var dup1926 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746002"),
});
var dup1927 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("434004"),
});
var dup1928 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("315001"),
});
var dup1929 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305001"),
});
var dup1930 = match({
dissect: {
tokenizer: "Authorization %{p0}",
field: "nwparser.payload",
},
});
var dup1931 = match({
dissect: {
tokenizer: ": Cmd: %{action} Cmdtype: %{fld1}",
field: "nwparser.p1",
},
});
var dup1932 = set_field({
dest: "nwparser.msg_id1",
value: constant("610101"),
});
var dup1933 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105042"),
});
var dup1934 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409007"),
});
var dup1935 = match({
dissect: {
tokenizer: "(%{context}) Testing %{p0}",
field: "nwparser.payload",
},
});
var dup1936 = match({
dissect: {
tokenizer: " %{interface}",
field: "nwparser.p1",
},
});
var dup1937 = set_field({
dest: "nwparser.msg_id1",
value: constant("105008"),
});
var dup1938 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001020205"),
});
var dup1939 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400051"),
});
var dup1940 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("419001"),
});
var dup1941 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("746001"),
});
var dup1942 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("336010"),
});
var dup1943 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("317002"),
});
var dup1944 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709004"),
});
var dup1945 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("747016"),
});
var dup1946 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212004"),
});
var dup1947 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403506"),
});
var dup1948 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("505005"),
});
var dup1949 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713225"),
});
var dup1950 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717027"),
});
var dup1951 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("322004"),
});
var dup1952 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400005"),
});
var dup1953 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400006"),
});
var dup1954 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("606004"),
});
var dup1955 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717008"),
});
var dup1956 = match({
dissect: {
tokenizer: "Device completed SSL handshake with %{p0}",
field: "nwparser.payload",
},
});
var dup1957 = linear_select([
match({
dissect: {
tokenizer: " server %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " client %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1958 = match({
dissect: {
tokenizer: " %{interface}:%{p2}",
field: "nwparser.p1",
},
});
var dup1959 = linear_select([
match({
dissect: {
tokenizer: "%{fld1}_%{fld2}_%{saddr}/%{sport} to %{daddr}/%{dport} for %{version} session %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{daddr}/%{dport} for %{version} session %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{hostip}/%{network_port}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1960 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050100"),
});
var dup1961 = set_field({
dest: "nwparser.msg_id1",
value: constant("725002"),
});
var dup1962 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("212003"),
});
var dup1963 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("409012"),
});
var dup1964 = match({
dissect: {
tokenizer: " dropped blacklisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p1",
},
});
var dup1965 = set_field({
dest: "nwparser.msg_id1",
value: constant("338005"),
});
var dup1966 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("710003"),
});
var dup1967 = set_field({
dest: "nwparser.msg_id1",
value: constant("713199"),
});
var dup1968 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("716052"),
});
var dup1969 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717046"),
});
var dup1970 = match({
dissect: {
tokenizer: "SSL session with %{p0}",
field: "nwparser.payload",
},
});
var dup1971 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{hostip}/%{network_port} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup1972 = linear_select([
match({
dissect: {
tokenizer: "terminated.%{p4}",
field: "nwparser.p3",
},
}),
match({
dissect: {
tokenizer: "terminated%{p4}",
field: "nwparser.p3",
},
}),
]);
var dup1973 = set_field({
dest: "nwparser.msg_id1",
value: constant("725007"),
});
var dup1974 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("444100"),
});
var dup1975 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("338307"),
});
var dup1976 = match({
dissect: {
tokenizer: "Shun %{p0}",
field: "nwparser.payload",
},
});
var dup1977 = linear_select([
match({
dissect: {
tokenizer: " deleted: %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " delete: %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup1978 = match({
dissect: {
tokenizer: " %{hostip}",
field: "nwparser.p1",
},
});
var dup1979 = set_field({
dest: "nwparser.msg_id1",
value: constant("401003"),
});
var dup1980 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} from %{saddr}/%{smacaddr} on interface inside with existing ARP entry %{fld1}/%{fld2} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1981 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030300"),
});
var dup1982 = set_field({
dest: "nwparser.msg_id1",
value: constant("405001"),
});
var dup1983 = match({
dissect: {
tokenizer: "%{service}: An %{agent} SA (SPI= %{fld1}) between %{saddr} and %{daddr} %{p0}",
field: "nwparser.payload",
},
});
var dup1984 = set_field({
dest: "nwparser.msg_id1",
value: constant("702307"),
});
var dup1985 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713124"),
});
var dup1986 = match({
dissect: {
tokenizer: ", IP = %{saddr}, construct_cfg_set: %{action}",
field: "nwparser.p1",
},
});
var dup1987 = set_field({
dest: "nwparser.msg_id1",
value: constant("715020"),
});
var dup1988 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715066"),
});
var dup1989 = match({
dissect: {
tokenizer: " locked out on %{result}",
field: "nwparser.p1",
},
});
var dup1990 = set_field({
dest: "nwparser.msg_id1",
value: constant("113006"),
});
var dup1991 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713145"),
});
var dup1992 = linear_select([
match({
dissect: {
tokenizer: " IP = %{saddr} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{space} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup1993 = match({
dissect: {
tokenizer: " IKE_DECODE %{p1}",
field: "nwparser.p0",
},
});
var dup1994 = linear_select([
match({
dissect: {
tokenizer: " SENDING %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " RECEIVED %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " RESENDING %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup1995 = match({
dissect: {
tokenizer: " Message%{}",
field: "nwparser.p2",
},
});
var dup1996 = set_field({
dest: "nwparser.msg_id1",
value: constant("713236"),
});
var dup1997 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403110"),
});
var dup1998 = match({
dissect: {
tokenizer: "AAA %{p0}",
field: "nwparser.payload",
},
});
var dup1999 = match({
dissect: {
tokenizer: " server not accessible : server = %{hostip} : user = %{p2}",
field: "nwparser.p1",
},
});
var dup2000 = set_field({
dest: "nwparser.msg_id1",
value: constant("113014"),
});
var dup2001 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("610002"),
});
var dup2002 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106017"),
});
var dup2003 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1001030000"),
});
var dup2004 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106017:01"),
});
var dup2005 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500001"),
});
var dup2006 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752008"),
});
var dup2007 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400037"),
});
var dup2008 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106013:01"),
});
var dup2009 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106013"),
});
var dup2010 = match({
dissect: {
tokenizer: " from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} using %{protocol}",
field: "nwparser.p1",
},
});
var dup2011 = set_field({
dest: "nwparser.msg_id1",
value: constant("109025"),
});
var dup2012 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("320001"),
});
var dup2013 = match({
dissect: {
tokenizer: " add failed: unable to allocate resources for %{p1}",
field: "nwparser.p0",
},
});
var dup2014 = linear_select([
match({
dissect: {
tokenizer: " %{saddr} %{daddr} %{sport} %{dport} %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: " %{hostip} %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup2015 = set_field({
dest: "nwparser.msg_id1",
value: constant("401005"),
});
var dup2016 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("406001"),
});
var dup2017 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018"),
});
var dup2018 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:01"),
});
var dup2019 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:02"),
});
var dup2020 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:03"),
});
var dup2021 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:04"),
});
var dup2022 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199018:05"),
});
var dup2023 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105002"),
});
var dup2024 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201013"),
});
var dup2025 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720039"),
});
var dup2026 = match({
dissect: {
tokenizer: "[%{protocol}] Unable to %{p0}",
field: "nwparser.payload",
},
});
var dup2027 = linear_select([
match({
dissect: {
tokenizer: " decipher %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " decypher %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2028 = match({
dissect: {
tokenizer: " response message Server = %{hostip}, User = %{p2}",
field: "nwparser.p1",
},
});
var dup2029 = set_field({
dest: "nwparser.msg_id1",
value: constant("109027"),
});
var dup2030 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400034"),
});
var dup2031 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("318004"),
});
var dup2032 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group} IP %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " IP %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2033 = match({
dissect: {
tokenizer: " = %{saddr} Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete",
field: "nwparser.p0",
},
});
var dup2034 = set_field({
dest: "nwparser.msg_id1",
value: constant("713219"),
});
var dup2035 = set_field({
dest: "nwparser.msg_id1",
value: constant("715055"),
});
var dup2036 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209001"),
});
var dup2037 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("311003"),
});
var dup2038 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain}",
field: "nwparser.p1",
},
});
var dup2039 = set_field({
dest: "nwparser.msg_id1",
value: constant("338102"),
});
var dup2040 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717016"),
});
var dup2041 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752011"),
});
var dup2042 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("324003"),
});
var dup2043 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403102"),
});
var dup2044 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715061"),
});
var dup2045 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752002"),
});
var dup2046 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201009"),
});
var dup2047 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400050"),
});
var dup2048 = match({
dissect: {
tokenizer: " \u003e First %{p4}",
field: "nwparser.p3",
},
});
var dup2049 = match({
dissect: {
tokenizer: " connection established for SVC session.%{}",
field: "nwparser.p5",
},
});
var dup2050 = set_field({
dest: "nwparser.msg_id1",
value: constant("722033"),
});
var dup2051 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199016"),
});
var dup2052 = match({
dissect: {
tokenizer: "Dropping invalid echo %{p0}",
field: "nwparser.payload",
},
});
var dup2053 = match({
dissect: {
tokenizer: " from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}, %{p2}",
field: "nwparser.p1",
},
});
var dup2054 = linear_select([
match({
dissect: {
tokenizer: " destination %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " source %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2055 = match({
dissect: {
tokenizer: " address %{fld1} should not match dynamic port translation, real %{fld2}:%{stransaddr}/%{stransport}, mapped %{fld3}:%{dtransaddr}/%{dtransport}",
field: "nwparser.p3",
},
});
var dup2056 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803010000"),
});
var dup2057 = set_field({
dest: "nwparser.msg_id1",
value: constant("106028"),
});
var dup2058 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106028:01"),
});
var dup2059 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2060 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{result}\u003e (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{result} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "(%{result}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p4}",
field: "nwparser.p2",
},
}),
]);
var dup2061 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:03"),
});
var dup2062 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}(%{ddomain}\\%{c_username}) duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2063 = linear_select([
match({
dissect: {
tokenizer: "(%{result}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2064 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:02"),
});
var dup2065 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr}/%{sport}(%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2066 = match({
dissect: {
tokenizer: " %{dinterface}:%{daddr}/%{dport}(%{fld20}) duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2067 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{info}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2068 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:04"),
});
var dup2069 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport}(%{fld3}) to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2070 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{info}%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2071 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:05"),
});
var dup2072 = linear_select([
match({
dissect: {
tokenizer: "%{saddr}/%{sport}(%{domain}\\%{fld3}) to %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{saddr}/%{sport} to %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2073 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p2}",
field: "nwparser.p1",
},
});
var dup2074 = linear_select([
match({
dissect: {
tokenizer: "%{info} (%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{info} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2075 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014"),
});
var dup2076 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport} duration %{duration} bytes %{bytes} %{p0}",
field: "nwparser.payload",
},
});
var dup2077 = linear_select([
match({
dissect: {
tokenizer: " (%{result}) %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{result} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2078 = set_field({
dest: "nwparser.msg_id1",
value: constant("302014:01"),
});
var dup2079 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("421004"),
});
var dup2080 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action}: %{info}",
field: "nwparser.p1",
},
});
var dup2081 = set_field({
dest: "nwparser.msg_id1",
value: constant("715009"),
});
var dup2082 = match({
dissect: {
tokenizer: ", %{action}: %{info}",
field: "nwparser.p0",
},
});
var dup2083 = set_field({
dest: "nwparser.msg_id1",
value: constant("715009:01"),
});
var dup2084 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e %{network_service} access DENIED to specified location: %{info}",
field: "nwparser.p1",
},
});
var dup2085 = set_field({
dest: "nwparser.msg_id1",
value: constant("716004"),
});
var dup2086 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717003"),
});
var dup2087 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("120011"),
});
var dup2088 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105043"),
});
var dup2089 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("313005"),
});
var dup2090 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("721010"),
});
var dup2091 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1613050200"),
});
var dup2092 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725006:01"),
});
var dup2093 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("725006"),
});
var dup2094 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735012"),
});
var dup2095 = match({
dissect: {
tokenizer: "(%{fld1}) %{p0}",
field: "nwparser.payload",
},
});
var dup2096 = linear_select([
match({
dissect: {
tokenizer: "S%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "s%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2097 = match({
dissect: {
tokenizer: "tandby unit failed to sync due to a locked %{fld2} config. Lock held by %{p2}",
field: "nwparser.p1",
},
});
var dup2098 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601020000"),
});
var dup2099 = set_field({
dest: "nwparser.msg_id1",
value: constant("105021"),
});
var dup2100 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720029"),
});
var dup2101 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720045"),
});
var dup2102 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} (%{saddr})%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2103 = set_field({
dest: "nwparser.msg_id1",
value: constant("604103"),
});
var dup2104 = set_field({
dest: "nwparser.msg_id1",
value: constant("702211:01"),
});
var dup2105 = set_field({
dest: "nwparser.msg_id1",
value: constant("702211"),
});
var dup2106 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713193"),
});
var dup2107 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720068"),
});
var dup2108 = match({
dissect: {
tokenizer: "Device supports the following %{fld1} %{p0}",
field: "nwparser.payload",
},
});
var dup2109 = linear_select([
match({
dissect: {
tokenizer: "cipher(s).%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "cipher(s)%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2110 = set_field({
dest: "nwparser.msg_id1",
value: constant("725010"),
});
var dup2111 = match({
dissect: {
tokenizer: "Device selects trust-point %{network_service} for client %{interface}:%{p0}",
field: "nwparser.payload",
},
});
var dup2112 = linear_select([
match({
dissect: {
tokenizer: " %{fld1}_%{fld2}_%{saddr}/%{sport} to %{daddr}/%{dport} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr}/%{sport} to %{daddr}/%{dport} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2113 = set_field({
dest: "nwparser.msg_id1",
value: constant("725016"),
});
var dup2114 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415005"),
});
var dup2115 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403101"),
});
var dup2116 = linear_select([
match({
dissect: {
tokenizer: " disconnected %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " disconnect %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2117 = set_field({
dest: "nwparser.msg_id1",
value: constant("602203:01"),
});
var dup2118 = set_field({
dest: "nwparser.msg_id1",
value: constant("602203"),
});
var dup2119 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400016"),
});
var dup2120 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("413002"),
});
var dup2121 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415010"),
});
var dup2122 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713221"),
});
var dup2123 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("735005"),
});
var dup2124 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("771002"),
});
var dup2125 = linear_select([
match({
dissect: {
tokenizer: "PAT%{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: "NAT%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2126 = match({
dissect: {
tokenizer: " pool exhausted. Unable to create %{protocol} connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.p0",
},
});
var dup2127 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803020000"),
});
var dup2128 = set_field({
dest: "nwparser.msg_id1",
value: constant("202010"),
});
var dup2129 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201010"),
});
var dup2130 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1601020000"),
});
var dup2131 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302019"),
});
var dup2132 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602201"),
});
var dup2133 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("602201:01"),
});
var dup2134 = set_field({
dest: "nwparser.msg_id1",
value: constant("602303"),
});
var dup2135 = match({
dissect: {
tokenizer: " IP \u003c\u003c%{saddr}\u003e SVC Message: %{info}/NOTICE: %{p2}",
field: "nwparser.p1",
},
});
var dup2136 = linear_select([
match({
dissect: {
tokenizer: "%{event_description}(%{fld1}) %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2137 = set_field({
dest: "nwparser.msg_id1",
value: constant("722012"),
});
var dup2138 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("202001"),
});
var dup2139 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{day}d %{hour}h:%{min}m:%{second}s, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2140 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019:01"),
});
var dup2141 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{hour}h:%{min}m:%{second}s, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2142 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019:02"),
});
var dup2143 = match({
dissect: {
tokenizer: ", IP = %{saddr}, %{action} Session Type: %{network_service}, Duration: %{duration}, Bytes xmt: %{sbytes}, Bytes rcv: %{rbytes}, Reason: %{result}",
field: "nwparser.p1",
},
});
var dup2144 = set_field({
dest: "nwparser.msg_id1",
value: constant("113019"),
});
var dup2145 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("507002"),
});
var dup2146 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720038"),
});
var dup2147 = match({
dissect: {
tokenizer: "User \"%{username}\" chose to %{p0}",
field: "nwparser.payload",
},
});
var dup2148 = linear_select([
match({
dissect: {
tokenizer: " disable %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " postpone %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2149 = match({
dissect: {
tokenizer: " call-home anonymous reporting at the prompt.%{}",
field: "nwparser.p1",
},
});
var dup2150 = set_field({
dest: "nwparser.msg_id1",
value: constant("120012"),
});
var dup2151 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("304009"),
});
var dup2152 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403505"),
});
var dup2153 = linear_select([
match({
dissect: {
tokenizer: " udp %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " tcp %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2154 = match({
dissect: {
tokenizer: " flow from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} terminated by %{service}, reason - %{result}",
field: "nwparser.p0",
},
});
var dup2155 = set_field({
dest: "nwparser.msg_id1",
value: constant("507003"),
});
var dup2156 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}",
field: "nwparser.p1",
},
});
var dup2157 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903"),
});
var dup2158 = linear_select([
match({
dissect: {
tokenizer: " Group = %{group} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = '%{username}' %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Username = %{username} %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2159 = match({
dissect: {
tokenizer: ", IP = %{saddr} , %{action}",
field: "nwparser.p0",
},
});
var dup2160 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903:01"),
});
var dup2161 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713903:02"),
});
var dup2162 = linear_select([
match({
dissect: {
tokenizer: "%{event_description} on Port %{network_port} from %{saddr}:%{sport} %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{event_description}%{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2163 = set_field({
dest: "nwparser.msg_id1",
value: constant("713903:03"),
});
var dup2164 = set_field({
dest: "nwparser.msg_id1",
value: constant("715027"),
});
var dup2165 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("199005"),
});
var dup2166 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109009"),
});
var dup2167 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("305007"),
});
var dup2168 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403500"),
});
var dup2169 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("405103"),
});
var dup2170 = match({
dissect: {
tokenizer: "%{service} RAS message AdmissionConfirm received from %{saddr}/%{sport} to %{daddr}/%{dport} %{p0}",
field: "nwparser.payload",
},
});
var dup2171 = linear_select([
match({
dissect: {
tokenizer: " without an %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " withoutan %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2172 = match({
dissect: {
tokenizer: "%{info}",
field: "nwparser.p1",
},
});
var dup2173 = set_field({
dest: "nwparser.msg_id1",
value: constant("405105"),
});
var dup2174 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420002:01"),
});
var dup2175 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("420002"),
});
var dup2176 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611302"),
});
var dup2177 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109003"),
});
var dup2178 = match({
dissect: {
tokenizer: "Auth from %{p0}",
field: "nwparser.payload",
},
});
var dup2179 = linear_select([
match({
dissect: {
tokenizer: " %{saddr}/%{sport} %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " %{saddr} %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2180 = linear_select([
match({
dissect: {
tokenizer: " %{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{daddr} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2181 = match({
dissect: {
tokenizer: " failed %{p4}",
field: "nwparser.p3",
},
});
var dup2182 = linear_select([
match({
dissect: {
tokenizer: " (all servers failed) %{p5}",
field: "nwparser.p4",
},
}),
match({
dissect: {
tokenizer: " (server %{hostip} failed) %{p5}",
field: "nwparser.p4",
},
}),
]);
var dup2183 = set_field({
dest: "nwparser.msg_id1",
value: constant("109003:01"),
});
var dup2184 = match({
dissect: {
tokenizer: "%{protocol} access permitted from %{saddr}/%{sport} to %{p0}",
field: "nwparser.payload",
},
});
var dup2185 = linear_select([
match({
dissect: {
tokenizer: "%{dinterface}:%{fld1}:%{daddr}/%{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2186 = set_field({
dest: "nwparser.msg_id1",
value: constant("710002"),
});
var dup2187 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713202"),
});
var dup2188 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("769004"),
});
var dup2189 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("106101"),
});
var dup2190 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("325002"),
});
var dup2191 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400042"),
});
var dup2192 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611313"),
});
var dup2193 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("614002"),
});
var dup2194 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("715035"),
});
var dup2195 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1901000000"),
});
var dup2196 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_02"),
});
var dup2197 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_01"),
});
var dup2198 = match({
dissect: {
tokenizer: " has parsing error; ACE %{info}",
field: "nwparser.p1",
},
});
var dup2199 = set_field({
dest: "nwparser.msg_id1",
value: constant("109019"),
});
var dup2200 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400002"),
});
var dup2201 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400007"),
});
var dup2202 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("402118"),
});
var dup2203 = match({
dissect: {
tokenizer: "Pre-allocate CTIQBE %{p0}",
field: "nwparser.payload",
},
});
var dup2204 = linear_select([
match({
dissect: {
tokenizer: " RTP %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: " RTCP %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2205 = match({
dissect: {
tokenizer: " secondary channel for %{sinterface}:%{p2}",
field: "nwparser.p1",
},
});
var dup2206 = match({
dissect: {
tokenizer: " from %{fld1}",
field: "nwparser.p5",
},
});
var dup2207 = set_field({
dest: "nwparser.msg_id1",
value: constant("620001:01"),
});
var dup2208 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("620001"),
});
var dup2209 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("717028"),
});
var dup2210 = match({
dissect: {
tokenizer: " Transmitting large packet %{bytes} (%{info})",
field: "nwparser.p3",
},
});
var dup2211 = set_field({
dest: "nwparser.msg_id1",
value: constant("722036"),
});
var dup2212 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730010"),
});
var dup2213 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("209004"),
});
var dup2214 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("611306"),
});
var dup2215 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709003"),
});
var dup2216 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720037"),
});
var dup2217 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("752010"),
});
var dup2218 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("605002"),
});
var dup2219 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110002"),
});
var dup2220 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("110002:01"),
});
var dup2221 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("501101"),
});
var dup2222 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("501101:01"),
});
var dup2223 = match({
dissect: {
tokenizer: "Group %{p0}",
field: "nwparser.payload",
},
});
var dup2224 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{group}\u003e User %{p1}",
field: "nwparser.p0",
},
}),
match({
dissect: {
tokenizer: "%{group} User %{p1}",
field: "nwparser.p0",
},
}),
]);
var dup2225 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{username}\u003e IP %{p2}",
field: "nwparser.p1",
},
}),
match({
dissect: {
tokenizer: "%{username} IP %{p2}",
field: "nwparser.p1",
},
}),
]);
var dup2226 = linear_select([
match({
dissect: {
tokenizer: "\u003c\u003c%{saddr}\u003e SVC Message: %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{saddr} SVC Message: %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2227 = set_field({
dest: "nwparser.msg_id1",
value: constant("722010"),
});
var dup2228 = linear_select([
match({
dissect: {
tokenizer: " %{hostip} is attacking. %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " %{hostip} is targeted. %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2229 = set_field({
dest: "nwparser.eventcategory",
value: constant("1103000000"),
});
var dup2230 = set_field({
dest: "nwparser.msg_id1",
value: constant("733101"),
});
var dup2231 = match({
dissect: {
tokenizer: ", Addr %{hostip}, %{result}",
field: "nwparser.p1",
},
});
var dup2232 = set_field({
dest: "nwparser.msg_id1",
value: constant("734001"),
});
var dup2233 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("105007"),
});
var dup2234 = match({
dissect: {
tokenizer: " greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), destination %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup2235 = set_field({
dest: "nwparser.msg_id1",
value: constant("338202"),
});
var dup2236 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("500004"),
});
var dup2237 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718044"),
});
var dup2238 = match({
dissect: {
tokenizer: " has config error; ACE %{p2}",
field: "nwparser.p1",
},
});
var dup2239 = linear_select([
match({
dissect: {
tokenizer: " : '%{info}' %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: " %{space} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2240 = set_field({
dest: "nwparser.msg_id1",
value: constant("109020"),
});
var dup2241 = match({
dissect: {
tokenizer: "@%{daddr} %{action} %{saddr}:%{url}",
field: "nwparser.p0",
},
});
var dup2242 = set_field({
dest: "nwparser.msg_id1",
value: constant("303002"),
});
var dup2243 = match({
dissect: {
tokenizer: "FTP connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, user %{p0}",
field: "nwparser.payload",
},
});
var dup2244 = match({
dissect: {
tokenizer: " %{action} file %{filename}",
field: "nwparser.p1",
},
});
var dup2245 = set_field({
dest: "nwparser.msg_id1",
value: constant("303002:02"),
});
var dup2246 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303002:01"),
});
var dup2247 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400010"),
});
var dup2248 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400032"),
});
var dup2249 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("718059"),
});
var dup2250 = set_field({
dest: "nwparser.msg_id1",
value: constant("111005"),
});
var dup2251 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("709001"),
});
var dup2252 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("210010"),
});
var dup2253 = linear_select([
match({
dissect: {
tokenizer: " Pre-allocate %{p0}",
field: "nwparser.payload",
},
}),
match({
dissect: {
tokenizer: " Preallocate %{p0}",
field: "nwparser.payload",
},
}),
]);
var dup2254 = match({
dissect: {
tokenizer: " %{network_service} Call Signalling Connection for faddr %{saddr}/%{sport} to laddr %{daddr}",
field: "nwparser.p0",
},
});
var dup2255 = set_field({
dest: "nwparser.msg_id1",
value: constant("302012"),
});
var dup2256 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400013"),
});
var dup2257 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720005"),
});
var dup2258 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("720055"),
});
var dup2259 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("776251"),
});
var dup2260 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("112001"),
});
var dup2261 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403103"),
});
var dup2262 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("713227"),
});
var dup2263 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201007"),
});
var dup2264 = match({
dissect: {
tokenizer: "Reload scheduled for %{fld1} by %{p0}",
field: "nwparser.payload",
},
});
var dup2265 = match({
dissect: {
tokenizer: " at %{fld2}. Reload reason: %{result}",
field: "nwparser.p1",
},
});
var dup2266 = set_field({
dest: "nwparser.msg_id1",
value: constant("199007"),
});
var dup2267 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("302008"),
});
var dup2268 = match({
dissect: {
tokenizer: " %{action} whitelisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{hostip} resolved from %{listnum} list:%{info}",
field: "nwparser.p1",
},
});
var dup2269 = set_field({
dest: "nwparser.msg_id1",
value: constant("338103"),
});
var dup2270 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("608001:01"),
});
var dup2271 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("608001"),
});
var dup2272 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730001"),
});
var dup2273 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("730002"),
});
var dup2274 = set_field({
dest: "nwparser.nwparser.eventcategory",
value: constant("1301010000"),
});
var dup2275 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("109017"),
});
var dup2276 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("201011"),
});
var dup2277 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("303003"),
});
var dup2278 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("614001"),
});
var dup2279 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("111003"),
});
var dup2280 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("400026"),
});
var dup2281 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("403504"),
});
var dup2282 = set_field({
dest: "nwparser.nwparser.msg_id1",
value: constant("415012"),
});
var dup2283 = match({
dissect: {
tokenizer: " greylisted %{protocol} traffic from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport}), source %{fld1} resolved from %{fld2} list:%{web_domain} threat-level: %{severity}, category: %{result}",
field: "nwparser.p3",
},
});
var dup2284 = set_field({
dest: "nwparser.msg_id1",
value: constant("338201"),
});
var dup2285 = call({
dest: "nwparser.",
fn: SYSVAL,
args: [
field("$MSGID"),
field("$ID1"),
],
});
var dup2286 = call({
dest: "nwparser.level",
fn: HDR,
args: [
field("level"),
],
});
var dup2287 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dN,dU,dO],
});
var dup2288 = set_field({
dest: "nwparser.msg",
value: field("$MSG"),
});
var dup2289 = call({
dest: "nwparser.id",
fn: HDR,
args: [
field("messageid"),
],
});
var dup2290 = set_field({
dest: "nwparser.ec_theme",
value: constant("Configuration"),
});
var dup2291 = set_field({
dest: "nwparser.ec_subject",
value: constant("Configuration"),
});
var dup2292 = set_field({
dest: "nwparser.ec_activity",
value: constant("Modify"),
});
var dup2293 = set_field({
dest: "nwparser.disposition",
value: constant("failed"),
});
var dup2294 = set_field({
dest: "nwparser.disposition",
value: constant("Failed"),
});
var dup2295 = set_field({
dest: "nwparser.ec_activity",
value: constant("Disable"),
});
var dup2296 = set_field({
dest: "nwparser.ec_activity",
value: constant("Enable"),
});
var dup2297 = set_field({
dest: "nwparser.event_description",
value: constant("Monitoring on interface"),
});
var dup2298 = set_field({
dest: "nwparser.event_description",
value: constant("Testing Interface"),
});
var dup2299 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Error"),
});
var dup2300 = set_field({
dest: "nwparser.ec_activity",
value: constant("Deny"),
});
var dup2301 = set_field({
dest: "nwparser.ec_theme",
value: constant("Communication"),
});
var dup2302 = set_field({
dest: "nwparser.ec_subject",
value: constant("NetworkComm"),
});
var dup2303 = call({
dest: "nwparser.inout",
fn: DIRCHK,
args: [
field("saddr"),
],
});
var dup2304 = set_field({
dest: "nwparser.event_description",
value: constant("connection denied"),
});
var dup2305 = set_field({
dest: "nwparser.event_description",
value: constant("Translation denied"),
});
var dup2306 = set_field({
dest: "nwparser.protocol",
value: constant("icmp"),
});
var dup2307 = set_field({
dest: "nwparser.event_description",
value: constant("connection dropped"),
});
var dup2308 = set_field({
dest: "nwparser.protocol",
value: constant("ICMP"),
});
var dup2309 = set_field({
dest: "nwparser.ec_theme",
value: constant("TEV"),
});
var dup2310 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-list"),
});
var dup2311 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-group"),
});
var dup2312 = date_times({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmts: [
[dB,dF,dW,dN,dU,dO],
[dB,dF,dN,dU,dO],
],
});
var dup2313 = set_field({
dest: "nwparser.ec_theme",
value: constant("ALM"),
});
var dup2314 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Failure"),
});
var dup2315 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Hitcount"),
});
var dup2316 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Success"),
});
var dup2317 = set_field({
dest: "nwparser.event_description",
value: constant("permitted"),
});
var dup2318 = match({
dissect: {
tokenizer: "%{dclass_counter1} %{info}%{info}%{info}%{info}",
field: "nwparser.p5",
},
});
var dup2319 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("HitCount"),
});
var dup2320 = set_field({
dest: "nwparser.ec_theme",
value: constant("Authentication"),
});
var dup2321 = set_field({
dest: "nwparser.ec_subject",
value: constant("User"),
});
var dup2322 = set_field({
dest: "nwparser.event_description",
value: constant("authentication failed"),
});
var dup2323 = set_field({
dest: "nwparser.result",
value: constant("all servers failed"),
});
var dup2324 = set_field({
dest: "nwparser.ec_activity",
value: constant("Permit"),
});
var dup2325 = set_field({
dest: "nwparser.ec_theme",
value: constant("AccessControl"),
});
var dup2326 = set_field({
dest: "nwparser.result",
value: constant("Authorization denied"),
});
var dup2327 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Unknown"),
});
var dup2328 = set_field({
dest: "nwparser.event_description",
value: constant("Authorization denied"),
});
var dup2329 = set_field({
dest: "nwparser.event_description",
value: constant("Authentication Failed"),
});
var dup2330 = set_field({
dest: "nwparser.result",
value: constant("Interactive challenge processing not supported"),
});
var dup2331 = constant("Routing failed to locate next-hop");
var dup2332 = set_field({
dest: "nwparser.ec_activity",
value: constant("Read"),
});
var dup2333 = set_field({
dest: "nwparser.ec_activity",
value: constant("Delete"),
});
var dup2334 = set_field({
dest: "nwparser.ec_activity",
value: constant("Stop"),
});
var dup2335 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logon"),
});
var dup2336 = set_field({
dest: "nwparser.event_description",
value: constant("User executed command"),
});
var dup2337 = set_field({
dest: "nwparser.event_description",
value: constant("user authentication rejected"),
});
var dup2338 = set_field({
dest: "nwparser.result",
value: constant("retrieved default group policy"),
});
var dup2339 = call({
dest: "nwparser.bytes",
fn: CALC,
args: [
field("sbytes"),
constant("+"),
field("rbytes"),
],
});
var dup2340 = set_field({
dest: "nwparser.event_type",
value: constant("VPN"),
});
var dup2341 = set_field({
dest: "nwparser.event_description",
value: constant("Embryonic limit exceeded"),
});
var dup2342 = set_field({
dest: "nwparser.event_description",
value: constant("Embyonic connection limit exceeded"),
});
var dup2343 = set_field({
dest: "nwparser.ec_theme",
value: constant("Encryption"),
});
var dup2344 = set_field({
dest: "nwparser.ec_subject",
value: constant("CryptoKey"),
});
var dup2345 = set_field({
dest: "nwparser.protocol",
value: constant("UDP"),
});
var dup2346 = set_field({
dest: "nwparser.direction",
value: constant("inbound"),
});
var dup2347 = set_field({
dest: "nwparser.direction",
value: constant("outbound"),
});
var dup2348 = set_field({
dest: "nwparser.event_description",
value: constant("teardown connection"),
});
var dup2349 = set_field({
dest: "nwparser.protocol",
value: constant("TCP"),
});
var dup2350 = set_field({
dest: "nwparser.event_description",
value: constant("build connection"),
});
var dup2351 = set_field({
dest: "nwparser.event_description",
value: constant("Connection pre-allocated"),
});
var dup2352 = set_field({
dest: "nwparser.event_description",
value: constant("Teardown connection"),
});
var dup2353 = set_field({
dest: "nwparser.event_description",
value: constant("Rebuilt connection"),
});
var dup2354 = match({
dissect: {
tokenizer: "%{sport} (%{stransaddr}/%{stransport}))",
field: "nwparser.p3",
},
});
var dup2355 = call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N:%U:%O"),
field("duration"),
],
});
var dup2356 = match({
dissect: {
tokenizer: " '%{username}' %{p7}",
field: "nwparser.p6",
},
});
var dup2357 = linear_select([
match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{username} %{p3}",
field: "nwparser.p2",
},
}),
match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p3}",
field: "nwparser.p2",
},
}),
]);
var dup2358 = set_field({
dest: "nwparser.event_description",
value: constant("Built connection"),
});
var dup2359 = call({
dest: "nwparser.protocol",
fn: action2Proto,
args: [
field("action"),
],
});
var dup2360 = call({
dest: "nwparser.urldomain",
fn: URL,
args: [
field("$DOMAIN"),
field("url"),
],
});
var dup2361 = call({
dest: "nwparser.urlroot",
fn: URL,
args: [
field("$ROOT"),
field("url"),
],
});
var dup2362 = call({
dest: "nwparser.urlpage",
fn: URL,
args: [
field("$PAGE"),
field("url"),
],
});
var dup2363 = call({
dest: "nwparser.urlquery",
fn: URL,
args: [
field("$QUERY"),
field("url"),
],
});
var dup2364 = set_field({
dest: "nwparser.event_description",
value: constant("Accessed"),
});
var dup2365 = set_field({
dest: "nwparser.protocol",
value: constant("HTTP"),
});
var dup2366 = set_field({
dest: "nwparser.event_description",
value: constant("teardown translation"),
});
var dup2367 = set_field({
dest: "nwparser.event_description",
value: constant("No translation group found"),
});
var dup2368 = set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed"),
});
var dup2369 = set_field({
dest: "nwparser.event_description",
value: constant("Built translation"),
});
var dup2370 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport}%{dport}",
field: "nwparser.p1",
},
});
var dup2371 = set_field({
dest: "nwparser.result",
value: constant("due to NAT reverse path failure"),
});
var dup2372 = set_field({
dest: "nwparser.dport",
value: constant("23"),
});
var dup2373 = set_field({
dest: "nwparser.sport",
value: constant("0"),
});
var dup2374 = set_field({
dest: "nwparser.event_description",
value: constant("Denied login session"),
});
var dup2375 = set_field({
dest: "nwparser.event_description",
value: constant("login session failure"),
});
var dup2376 = set_field({
dest: "nwparser.event_description",
value: constant("session limit exceeded"),
});
var dup2377 = set_field({
dest: "nwparser.event_description",
value: constant("Invalid destination"),
});
var dup2378 = set_field({
dest: "nwparser.event_description",
value: constant("Login session failed"),
});
var dup2379 = set_field({
dest: "nwparser.event_description",
value: constant("Web Cache acquired"),
});
var dup2380 = set_field({
dest: "nwparser.ec_activity",
value: constant("Create"),
});
var dup2381 = lookup({
dest: "nwparser.src_zone",
map: map_srcDirName,
key: field("inout"),
});
var dup2382 = lookup({
dest: "nwparser.dst_zone",
map: map_dstDirName,
key: field("inout"),
});
var dup2383 = call({
dest: "nwparser.sigcat",
fn: SYSVAL,
args: [
field("$CATEGORY"),
],
});
var dup2384 = set_field({
dest: "nwparser.event_description",
value: constant("invalid IPSEC packet"),
});
var dup2385 = set_field({
dest: "nwparser.service",
value: constant("IPSEC"),
});
var dup2386 = set_field({
dest: "nwparser.result",
value: constant("hardware accelerator error"),
});
var dup2387 = set_field({
dest: "nwparser.event_description",
value: constant("Unable to create new connection"),
});
var dup2388 = set_field({
dest: "nwparser.event_description",
value: constant("FTP connection terminated"),
});
var dup2389 = set_field({
dest: "nwparser.result",
value: constant("for through connections"),
});
var dup2390 = set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP packet - length exceeded"),
});
var dup2391 = set_field({
dest: "nwparser.context",
value: constant("Content type not found"),
});
var dup2392 = set_field({
dest: "nwparser.event_description",
value: constant("icmp packet denied"),
});
var dup2393 = set_field({
dest: "nwparser.result",
value: constant("to/from mangement-only network"),
});
var dup2394 = set_field({
dest: "nwparser.event_description",
value: constant("packet denied"),
});
var dup2395 = set_field({
dest: "nwparser.event_description",
value: constant("IPS request to drop packet"),
});
var dup2396 = set_field({
dest: "nwparser.ec_theme",
value: constant("UserGroup"),
});
var dup2397 = match({
dissect: {
tokenizer: "%{application}\", %{info}%{info}",
field: "nwparser.p0",
},
});
var dup2398 = set_field({
dest: "nwparser.event_description",
value: constant("Received an ICMP Destination Unreachable"),
});
var dup2399 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session connected"),
});
var dup2400 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session disconnected"),
});
var dup2401 = constant("Login denied");
var dup2402 = set_field({
dest: "nwparser.result",
value: constant("User authentication succeeded"),
});
var dup2403 = set_field({
dest: "nwparser.event_description",
value: constant("User Authentication failed"),
});
var dup2404 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logoff"),
});
var dup2405 = set_field({
dest: "nwparser.event_description",
value: constant("NAT configured"),
});
var dup2406 = set_field({
dest: "nwparser.event_description",
value: constant("NAT exemption configured"),
});
var dup2407 = set_field({
dest: "nwparser.event_description",
value: constant("Policy installed"),
});
var dup2408 = set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocate connection"),
});
var dup2409 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete received"),
});
var dup2410 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete sent"),
});
var dup2411 = set_field({
dest: "nwparser.event_description",
value: constant("DPD timed out"),
});
var dup2412 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 retransmission"),
});
var dup2413 = set_field({
dest: "nwparser.event_description",
value: constant("malformed payload received"),
});
var dup2414 = set_field({
dest: "nwparser.event_description",
value: constant("duplicate packet detected"),
});
var dup2415 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange started"),
});
var dup2416 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange completed"),
});
var dup2417 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 initiating rekey"),
});
var dup2418 = set_field({
dest: "nwparser.event_description",
value: constant("request discarded"),
});
var dup2419 = set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator New/Rekeying Phase"),
});
var dup2420 = set_field({
dest: "nwparser.result",
value: constant("Tunnel Rejected"),
});
var dup2421 = set_field({
dest: "nwparser.ec_subject",
value: constant("Message"),
});
var dup2422 = set_field({
dest: "nwparser.ec_activity",
value: constant("Receive"),
});
var dup2423 = set_field({
dest: "nwparser.event_description",
value: constant("Rekeying duration changed"),
});
var dup2424 = set_field({
dest: "nwparser.event_description",
value: constant("IKE lost contact with remote peer deleting connection"),
});
var dup2425 = set_field({
dest: "nwparser.event_description",
value: constant("Connection Redirected via Load Balancing"),
});
var dup2426 = set_field({
dest: "nwparser.event_description",
value: constant("deleting static route for address"),
});
var dup2427 = set_field({
dest: "nwparser.event_description",
value: constant("Remote peer has failed user authentication"),
});
var dup2428 = constant("Tunnel Rejected");
var dup2429 = set_field({
dest: "nwparser.event_description",
value: constant("Client allowed"),
});
var dup2430 = set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check"),
});
var dup2431 = set_field({
dest: "nwparser.event_description",
value: constant("Session is being torn down"),
});
var dup2432 = set_field({
dest: "nwparser.event_description",
value: constant("IKEGetUserAttributes"),
});
var dup2433 = set_field({
dest: "nwparser.ec_subject",
value: constant("Certificate"),
});
var dup2434 = set_field({
dest: "nwparser.event_description",
value: constant("SVC connection established"),
});
var dup2435 = set_field({
dest: "nwparser.event_description",
value: constant("SVC Session Termination"),
});
var dup2436 = set_field({
dest: "nwparser.event_description",
value: constant("Session terminated"),
});
var dup2437 = set_field({
dest: "nwparser.event_description",
value: constant("assigned to session"),
});
var dup2438 = set_field({
dest: "nwparser.event_description",
value: constant("Starting SSL handshake"),
});
var dup2439 = set_field({
dest: "nwparser.event_description",
value: constant("SSL server requesting certificate for authentication"),
});
var dup2440 = set_field({
dest: "nwparser.event_description",
value: constant("Device failed SSL handshake"),
});
var dup2441 = set_field({
dest: "nwparser.event_description",
value: constant("Device proposes cipher(s)"),
});
var dup2442 = set_field({
dest: "nwparser.event_description",
value: constant("Device chooses cipher for the SSL session"),
});
var dup2443 = set_field({
dest: "nwparser.result",
value: constant("DHCP configured"),
});
var dup2444 = set_field({
dest: "nwparser.result",
value: constant("Local pool request succeeded "),
});
var dup2445 = set_field({
dest: "nwparser.event_description",
value: constant("Address assignment failed"),
});
var dup2446 = set_field({
dest: "nwparser.result",
value: constant("Freeing local pool address"),
});
var dup2447 = set_field({
dest: "nwparser.result",
value: constant("Unable to get address from group-policy or tunnel-group"),
});
var dup2448 = set_field({
dest: "nwparser.result",
value: constant("Succeeded"),
});
var dup2449 = constant("Failed");
var dup2450 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dH,dT,dS],
});
var dup2451 = set_field({
dest: "nwparser.event_description",
value: constant("Denied IPv6-ICMP"),
});
var dup2452 = set_field({
dest: "nwparser.id",
value: field("p_msgid"),
});
var dup2453 = set_field({
dest: "nwparser.msg_id",
value: field("p_msgid"),
});
var dup2454 = set_field({
dest: "nwparser.vid",
value: field("p_msgid"),
});
var dup2455 = constant("INSIDE");
var dup2456 = constant("OUTSIDE");
var hdr1 = match({
dissect: {
tokenizer: "%ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr2 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{hostip} : %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr3 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{hhost}: %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr4 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{p0}",
field: "message",
},
});
var msg1 = match({
dissect: {
tokenizer: "%{hhour}:%{hmin}:%{hsec}: %ASA%{p1}",
field: "nwparser.p0",
},
});
var msg2 = match({
dissect: {
tokenizer: "%{hhour}:%{hmin}:%{hsec} %ASA%{p1}",
field: "nwparser.p0",
},
});
var select1 = linear_select([
msg1,
msg2,
]);
var msg3 = match({
dissect: {
tokenizer: "-%{level}-%{messageid}: %{payload}",
field: "nwparser.p1",
},
});
var all1 = all_match({
processors: [
hdr4,
select1,
msg3,
],
});
var hdr5 = match({
dissect: {
tokenizer: "%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{hostip} %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr6 = match({
dissect: {
tokenizer: "%{paddr} %ASA-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr7 = match({
dissect: {
tokenizer: ":%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{timezone}: %ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr8 = match({
dissect: {
tokenizer: "%{month} %{day} %{hhour}:%{hmin}:%{hsec} %{timezone}: %ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr9 = match({
dissect: {
tokenizer: "%ASA-%{hfld1}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr10 = match({
dissect: {
tokenizer: "%ASA-%{level}-%{messageid} %{payload}",
field: "message",
},
});
var hdr11 = match({
dissect: {
tokenizer: "%FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr12 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %{paddr} : %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr13 = match({
dissect: {
tokenizer: "%{month} %{day} %{year} %{hhour}:%{hmin}:%{hsec} %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr14 = match({
dissect: {
tokenizer: "%{paddr} %FWSM-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr15 = match({
dissect: {
tokenizer: ":%ASA-%{group}-%{level}-%{messageid}: %{payload}",
field: "message",
},
});
var hdr16 = match({
dissect: {
tokenizer: "%ASA-%{payload}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var hdr17 = match({
dissect: {
tokenizer: "%{fld}%ASA-%{payload}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var select2 = linear_select([
hdr1,
hdr2,
hdr3,
all1,
hdr5,
hdr6,
hdr7,
hdr8,
hdr9,
hdr10,
hdr11,
hdr12,
hdr13,
hdr14,
hdr15,
hdr16,
hdr17,
]);
var msg4 = match({
dissect: {
tokenizer: "%{fld1}: packet missing %{fld2}, destadr=%{daddr}, actual prot=%{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2,
]),
});
var all2 = all_match({
processors: [
dup3,
dup4,
dup5,
],
on_success: processor_chain([
dup6,
dup7,
]),
});
var all3 = all_match({
processors: [
dup8,
dup4,
dup9,
],
on_success: processor_chain([
dup10,
dup11,
]),
});
var all4 = all_match({
processors: [
dup12,
dup4,
dup13,
],
on_success: processor_chain([
dup14,
dup15,
]),
});
var msg5 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup17,
]),
});
var msg6 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, NAT-Discovery payloads missing. Aborting NAT-Traversal.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup19,
]),
});
var msg7 = match({
dissect: {
tokenizer: "Reloaded at %{event_time_string} by failover parser thread. Reload reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup21,
]),
});
var all5 = all_match({
processors: [
dup22,
dup4,
dup23,
dup24,
],
on_success: processor_chain([
dup25,
dup26,
]),
});
var select3 = linear_select([
msg7,
all5,
]);
var msg8 = match({
dissect: {
tokenizer: "%{sigid} Content size %{priority} out of range - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup28,
]),
});
var msg9 = match({
dissect: {
tokenizer: "OBSOLETE DESCRIPTOR - INDEX %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup30,
]),
});
var all6 = all_match({
processors: [
dup31,
dup32,
],
on_success: processor_chain([
dup33,
dup34,
]),
});
var msg10 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup35,
]),
});
var msg11 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect parent session started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup36,
]),
});
var msg12 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup37,
]),
});
var msg13 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup38,
]),
});
var msg14 = match({
dissect: {
tokenizer: "Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup39,
]),
});
var select4 = linear_select([
msg12,
msg13,
msg14,
]);
var msg15 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup40,
]),
});
var msg16 = match({
dissect: {
tokenizer: "IKE Initiator sending 1st QM pkt: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup42,
]),
});
var select5 = linear_select([
msg15,
msg16,
]);
var msg17 = match({
dissect: {
tokenizer: "No route to %{daddr} from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup44,
]),
});
var msg18 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Group:%{group} IPv4 Address=%{stransaddr} IPv6 address=%{hostip_v6} assigned to session",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup46,
]),
});
var msg19 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup48,
]),
});
var msg20 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup50,
]),
});
var msg21 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup51,
]),
});
var msg22 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received DH key with bad length: received length=%{observed_val} expected length=%{expected_val}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup52,
]),
});
var all7 = all_match({
processors: [
dup53,
dup54,
],
on_success: processor_chain([
dup55,
dup56,
]),
});
var msg23 = match({
dissect: {
tokenizer: "Sent KEEPALIVE response to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup57,
]),
});
var msg24 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup59,
]),
});
var msg25 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup60,
]),
});
var msg26 = match({
dissect: {
tokenizer: "%{service} requested to drop %{protocol} packet from %{sinterface}:%{saddr}/%{sport} %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup62,
]),
});
var all8 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup67,
],
on_success: processor_chain([
dup68,
dup69,
]),
});
var all9 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
dup78,
dup79,
dup80,
],
on_success: processor_chain([
dup81,
dup82,
]),
});
var all10 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
],
on_success: processor_chain([
dup81,
dup83,
]),
});
var select6 = linear_select([
all9,
all10,
]);
var all11 = all_match({
processors: [
dup84,
dup4,
],
on_success: processor_chain([
dup85,
dup86,
]),
});
var all12 = all_match({
processors: [
dup87,
dup88,
],
on_success: processor_chain([
dup89,
dup90,
]),
});
var all13 = all_match({
processors: [
dup91,
dup92,
],
on_success: processor_chain([
dup93,
dup94,
]),
});
var msg27 = match({
dissect: {
tokenizer: "Dynamic filter updater server dynamically changed from %{change_old} to %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup95,
]),
});
var msg28 = match({
dissect: {
tokenizer: "IKE port %{network_port} for IPSec UDP already reserved on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup96,
]),
});
var all14 = all_match({
processors: [
dup12,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup98,
]),
});
var all15 = all_match({
processors: [
dup99,
dup100,
dup101,
],
on_success: processor_chain([
dup14,
dup102,
]),
});
var msg29 = match({
dissect: {
tokenizer: "INFO: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup103,
]),
});
var all16 = all_match({
processors: [
dup104,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup105,
]),
});
var select7 = linear_select([
msg28,
all14,
all15,
msg29,
all16,
]);
var msg30 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup107,
]),
});
var all17 = all_match({
processors: [
dup108,
dup4,
dup109,
],
on_success: processor_chain([
dup110,
dup111,
]),
});
var msg31 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup112,
]),
});
var all18 = all_match({
processors: [
dup113,
dup4,
dup114,
],
on_success: processor_chain([
dup115,
dup116,
]),
});
var msg32 = match({
dissect: {
tokenizer: "Revoked certificate issued to user: %{username} with serial number %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup117,
]),
});
var msg33 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup118,
]),
});
var msg34 = match({
dissect: {
tokenizer: "Built %{context} translation from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup119,
]),
});
var msg35 = match({
dissect: {
tokenizer: "Web Cache %{saddr}/%{shost} lost",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup120,
]),
});
var msg36 = match({
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: %{stransaddr} Split Tunnel Networks:",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup122,
]),
});
var msg37 = match({
dissect: {
tokenizer: "%{fld1} card in slot %{fld2} which is different from my %{fld3}",
field: "nwparser.p1",
},
});
var all19 = all_match({
processors: [
dup123,
dup124,
msg37,
],
on_success: processor_chain([
dup125,
dup126,
]),
});
var all20 = all_match({
processors: [
dup127,
dup64,
dup128,
],
on_success: processor_chain([
dup14,
dup129,
]),
});
var msg38 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup130,
]),
});
var msg39 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup132,
]),
});
var msg40 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup133,
]),
});
var msg41 = match({
dissect: {
tokenizer: "%{application}: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup134,
]),
});
var msg42 = match({
dissect: {
tokenizer: "NAC policy added: name: \u003c\u003c%{policyname}\u003e Type: \u003c\u003c %{info} \u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup135,
dup136,
]),
});
var msg43 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup138,
]),
});
var all21 = all_match({
processors: [
dup139,
dup140,
],
on_success: processor_chain([
dup141,
dup142,
]),
});
var msg44 = match({
dissect: {
tokenizer: "%{hostip} changed from area %{fld1} to area %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup143,
]),
});
var all22 = all_match({
processors: [
dup144,
dup145,
dup146,
dup147,
dup148,
dup149,
],
on_success: processor_chain([
dup33,
dup150,
]),
});
var all23 = all_match({
processors: [
dup151,
dup152,
dup153,
],
on_success: processor_chain([
dup33,
dup154,
]),
});
var select8 = linear_select([
all22,
all23,
]);
var msg45 = match({
dissect: {
tokenizer: "Create group policy [%{policyname}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup155,
]),
});
var all24 = all_match({
processors: [
dup156,
dup157,
],
on_success: processor_chain([
dup14,
dup158,
]),
});
var all25 = all_match({
processors: [
dup70,
dup159,
dup160,
dup161,
],
on_success: processor_chain([
dup85,
dup162,
]),
});
var msg46 = match({
dissect: {
tokenizer: "GTPv0 packet parsing error from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, TID: %{fld1}, Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup163,
]),
});
var msg47 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup164,
]),
});
var msg48 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received remote Proxy Host FQDN in ID Payload: Host Name: %{hostname} Address %{hostip}, Protocol %{protocol}, Port %{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup165,
]),
});
var msg49 = match({
dissect: {
tokenizer: "Permitted manager connection from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup167,
]),
});
var msg50 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup169,
]),
});
var msg51 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup171,
]),
});
var msg52 = match({
dissect: {
tokenizer: "Threat-detection removes host %{hostip} from shun list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup172,
]),
});
var all26 = all_match({
processors: [
dup173,
dup174,
dup175,
dup176,
],
on_success: processor_chain([
dup177,
dup178,
]),
});
var all27 = all_match({
processors: [
dup179,
dup180,
dup181,
],
on_success: processor_chain([
dup177,
dup182,
]),
});
var select9 = linear_select([
all26,
all27,
]);
var msg53 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup184,
]),
});
var all28 = all_match({
processors: [
dup185,
dup186,
],
on_success: processor_chain([
dup141,
dup187,
]),
});
var all29 = all_match({
processors: [
dup188,
dup186,
],
on_success: processor_chain([
dup141,
dup189,
]),
});
var select10 = linear_select([
all28,
all29,
]);
var all30 = all_match({
processors: [
dup190,
dup191,
dup192,
],
on_success: processor_chain([
dup193,
dup194,
]),
});
var msg54 = match({
dissect: {
tokenizer: "Removing v1 PDP Context with TID %{fld1} from GGSN %{fld2} and SGSN %{fld3}, Reason: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup195,
]),
});
var select11 = linear_select([
all30,
msg54,
]);
var msg55 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup196,
]),
});
var msg56 = match({
dissect: {
tokenizer: "%{process}: Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup197,
]),
});
var msg57 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup198,
]),
});
var select12 = linear_select([
msg56,
msg57,
]);
var msg58 = match({
dissect: {
tokenizer: "Bad Checksum in %{network_service} command",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup200,
]),
});
var all31 = all_match({
processors: [
dup201,
dup202,
dup203,
],
on_success: processor_chain([
dup204,
dup205,
]),
});
var select13 = linear_select([
msg58,
all31,
]);
var msg59 = match({
dissect: {
tokenizer: "Detected %{network_service} size violation from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup206,
]),
});
var all32 = all_match({
processors: [
dup207,
dup208,
dup209,
],
on_success: processor_chain([
dup68,
dup210,
]),
});
var msg60 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup211,
]),
});
var msg61 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup212,
]),
});
var all33 = all_match({
processors: [
dup12,
dup4,
dup213,
dup214,
],
on_success: processor_chain([
dup215,
dup216,
]),
});
var all34 = all_match({
processors: [
dup217,
dup218,
],
on_success: processor_chain([
dup215,
dup219,
]),
});
var select14 = linear_select([
all33,
all34,
]);
var msg62 = match({
dissect: {
tokenizer: "Validating certificate chain containing %{fld1} certificate(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup221,
]),
});
var msg63 = match({
dissect: {
tokenizer: "Group %{group} User %{username} IP %{saddr} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup223,
]),
});
var all35 = all_match({
processors: [
dup63,
dup64,
dup65,
dup224,
dup225,
],
on_success: processor_chain([
dup93,
dup226,
]),
});
var msg64 = match({
dissect: {
tokenizer: "FTP port command different address: %{saddr}(%{fld1}) to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup227,
dup228,
]),
});
var msg65 = match({
dissect: {
tokenizer: "Unsupported CTIQBE version: %{fld1}: from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup229,
]),
});
var msg66 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup230,
]),
});
var select15 = linear_select([
msg65,
msg66,
]);
var msg67 = match({
dissect: {
tokenizer: "Tunnel Manager has failed to establish an L2L SA. %{result}. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup231,
]),
});
var msg68 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup233,
]),
});
var all36 = all_match({
processors: [
dup234,
dup4,
dup5,
],
on_success: processor_chain([
dup235,
dup236,
]),
});
var msg69 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup237,
]),
});
var all37 = all_match({
processors: [
dup238,
dup239,
dup240,
],
on_success: processor_chain([
dup14,
dup241,
]),
});
var msg70 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup242,
]),
});
var msg71 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup244,
]),
});
var msg72 = match({
dissect: {
tokenizer: "%{sigid} HTTP Tunnel detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup245,
]),
});
var msg73 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup246,
]),
});
var msg74 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup247,
]),
});
var msg75 = match({
dissect: {
tokenizer: "Out of connections! %{fld1}/%{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup248,
]),
});
var all38 = all_match({
processors: [
dup249,
dup250,
dup251,
],
on_success: processor_chain([
dup33,
dup252,
]),
});
var msg76 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup254,
]),
});
var msg77 = match({
dissect: {
tokenizer: "%{result}. License server is not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup255,
]),
});
var msg78 = match({
dissect: {
tokenizer: "Authorization denied from %{saddr}/%{sport} to %{daddr}/%{dport} (%{result}) on interface %{interface} using %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
dup257,
]),
});
var msg79 = match({
dissect: {
tokenizer: "Deny %{protocol} spoof from (%{saddr}) to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup259,
]),
});
var msg80 = match({
dissect: {
tokenizer: "Deny %{protocol} spoof from (%{saddr}) to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup260,
]),
});
var select16 = linear_select([
msg79,
msg80,
]);
var msg81 = match({
dissect: {
tokenizer: "Failed to update from dynamic filter updater server %{web_domain}, reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup262,
]),
});
var msg82 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup263,
]),
});
var msg83 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, DHCP configured, no viable servers found for tunnel-group '%{info}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup264,
]),
});
var msg84 = match({
dissect: {
tokenizer: "%{process}: DHCP configured, no viable servers found for tunnel-group '%{info}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup265,
]),
});
var select17 = linear_select([
msg83,
msg84,
]);
var msg85 = match({
dissect: {
tokenizer: "%{process}: Client assigned %{hostip} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup266,
]),
});
var msg86 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Client assigned %{hostip} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup267,
]),
});
var select18 = linear_select([
msg85,
msg86,
]);
var msg87 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup269,
]),
});
var all39 = all_match({
processors: [
dup270,
dup4,
dup271,
dup272,
dup273,
],
on_success: processor_chain([
dup89,
dup274,
]),
});
var all40 = all_match({
processors: [
dup270,
dup4,
dup275,
],
on_success: processor_chain([
dup89,
dup276,
]),
});
var select19 = linear_select([
all39,
all40,
]);
var msg88 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup277,
]),
});
var all41 = all_match({
processors: [
dup278,
dup279,
dup280,
dup281,
dup282,
dup283,
dup284,
],
on_success: processor_chain([
dup285,
dup286,
]),
});
var all42 = all_match({
processors: [
dup287,
dup279,
dup280,
dup281,
dup282,
dup283,
dup284,
],
on_success: processor_chain([
dup288,
dup289,
]),
});
var msg89 = match({
dissect: {
tokenizer: "access-list %{listnum} url %{url} hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup290,
]),
});
var select20 = linear_select([
all41,
all42,
msg89,
]);
var all43 = all_match({
processors: [
dup291,
dup4,
dup292,
dup293,
],
on_success: processor_chain([
dup193,
dup294,
]),
});
var msg90 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup295,
]),
});
var msg91 = match({
dissect: {
tokenizer: "%{action}[%{fld1}] : %{encryption_type}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup296,
]),
});
var msg92 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup297,
]),
});
var msg93 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup298,
]),
});
var select21 = linear_select([
msg92,
msg93,
]);
var msg94 = match({
dissect: {
tokenizer: "Teardown portmap translation for global %{hostip}/%{network_port} local %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup299,
]),
});
var msg95 = match({
dissect: {
tokenizer: "LU xmit thread up%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup300,
]),
});
var msg96 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup301,
]),
});
var msg97 = match({
dissect: {
tokenizer: "Fail to send to %{saddr} port %{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup302,
]),
});
var msg98 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} SA DOWN. Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup303,
]),
});
var all44 = all_match({
processors: [
dup304,
dup305,
dup306,
dup307,
dup308,
dup309,
dup310,
],
on_success: processor_chain([
dup33,
dup311,
]),
});
var all45 = all_match({
processors: [
dup312,
dup305,
dup306,
dup307,
dup308,
dup309,
dup310,
],
on_success: processor_chain([
dup288,
dup313,
]),
});
var select22 = linear_select([
all44,
all45,
]);
var all46 = all_match({
processors: [
dup314,
dup315,
],
on_success: processor_chain([
dup316,
dup317,
]),
});
var all47 = all_match({
processors: [
dup318,
dup319,
],
on_success: processor_chain([
dup14,
dup320,
]),
});
var all48 = all_match({
processors: [
dup321,
dup322,
],
on_success: processor_chain([
dup14,
dup323,
]),
});
var all49 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup325,
]),
});
var select23 = linear_select([
all48,
all49,
]);
var all50 = all_match({
processors: [
dup326,
],
on_success: processor_chain([
dup327,
dup328,
]),
});
var all51 = all_match({
processors: [
dup329,
dup330,
],
on_success: processor_chain([
dup14,
dup331,
]),
});
var all52 = all_match({
processors: [
dup332,
dup333,
],
on_success: processor_chain([
dup334,
dup335,
]),
});
var msg99 = match({
dissect: {
tokenizer: "URL Server %{hostip} not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup337,
]),
});
var msg100 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup339,
]),
});
var msg101 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup340,
]),
});
var msg102 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Responder forcing change of %{ike} rekeying duration from %{fld1} to %{fld2} seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup342,
]),
});
var msg103 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup344,
]),
});
var msg104 = match({
dissect: {
tokenizer: "Invalid destination %{result} destination %{fld1} on %{interface} interface. %{space} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup345,
]),
});
var msg105 = match({
dissect: {
tokenizer: "Invalid destination %{result} on %{interface} interface. %{space} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup346,
]),
});
var select24 = linear_select([
msg104,
msg105,
]);
var msg106 = match({
dissect: {
tokenizer: "No %{fld1} exists to process GTPv0 %{fld2} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, TID: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup347,
]),
});
var msg107 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} of type %{fld1} (seq number %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup348,
]),
});
var msg108 = match({
dissect: {
tokenizer: "Telnet session limit exceeded.%{space}Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup350,
]),
});
var msg109 = match({
dissect: {
tokenizer: "Failed to download dynamic filter data file from updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup351,
]),
});
var all53 = all_match({
processors: [
dup99,
dup352,
],
on_success: processor_chain([
dup33,
dup353,
]),
});
var msg110 = match({
dissect: {
tokenizer: "Deleted Master peer, IP %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup354,
]),
});
var msg111 = match({
dissect: {
tokenizer: "User from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} using %{protocol} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup355,
]),
});
var msg112 = match({
dissect: {
tokenizer: "User from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup356,
]),
});
var select25 = linear_select([
msg111,
msg112,
]);
var msg113 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup358,
]),
});
var all54 = all_match({
processors: [
dup359,
dup64,
dup65,
dup360,
dup361,
],
on_success: processor_chain([
dup285,
dup362,
]),
});
var all55 = all_match({
processors: [
dup363,
dup364,
dup365,
],
on_success: processor_chain([
dup55,
dup366,
]),
});
var msg114 = match({
dissect: {
tokenizer: "RCMD backconnection failed for %{hostip}/%{network_port}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup367,
]),
});
var msg115 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup368,
]),
});
var msg116 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup370,
]),
});
var all56 = all_match({
processors: [
dup371,
dup372,
dup373,
],
on_success: processor_chain([
dup288,
dup374,
]),
});
var msg117 = match({
dissect: {
tokenizer: "Resource %{fld1} limit of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup375,
]),
});
var msg118 = match({
dissect: {
tokenizer: "Resource %{fld1} limit of %{fld2} reached for context %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup376,
]),
});
var select26 = linear_select([
msg117,
msg118,
]);
var msg119 = match({
dissect: {
tokenizer: "Unable to create GTP connection for response from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup377,
]),
});
var msg120 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup379,
]),
});
var all57 = all_match({
processors: [
dup380,
dup381,
dup382,
],
on_success: processor_chain([
dup93,
dup383,
]),
});
var all58 = all_match({
processors: [
dup384,
dup385,
dup386,
dup387,
dup388,
],
on_success: processor_chain([
dup93,
dup389,
]),
});
var select27 = linear_select([
all57,
all58,
]);
var msg121 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup390,
]),
});
var msg122 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup391,
]),
});
var select28 = linear_select([
msg121,
msg122,
]);
var msg123 = match({
dissect: {
tokenizer: "Phase %{fld1} failure: Mismatched attribute types for class %{process}: Rcv'd: %{fld2} Cfg'd: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup392,
]),
});
var all59 = all_match({
processors: [
dup393,
dup394,
],
on_success: processor_chain([
dup14,
dup395,
]),
});
var all60 = all_match({
processors: [
dup396,
dup394,
],
on_success: processor_chain([
dup14,
dup397,
]),
});
var select29 = linear_select([
all59,
all60,
]);
var msg124 = match({
dissect: {
tokenizer: "Virtual Sensor %{vsys} was added on the %{product}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup399,
]),
});
var all61 = all_match({
processors: [
dup12,
dup4,
dup400,
],
on_success: processor_chain([
dup33,
dup401,
]),
});
var msg125 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup402,
]),
});
var select30 = linear_select([
all61,
msg125,
]);
var msg126 = match({
dissect: {
tokenizer: "CTS SGT-MAP: Binding %{saddr}/%{sport}-\u003e%{fld1}:%{group} from %{fld2} deleted from binding manager.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup403,
]),
});
var msg127 = match({
dissect: {
tokenizer: "Built local-host %{interface}:%{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup404,
]),
});
var msg128 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup405,
]),
});
var msg129 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup406,
]),
});
var msg130 = match({
dissect: {
tokenizer: "Tunnel Manager failed to dispatch a %{fld1} message. Probable mis-configuration of the crypto map or tunnel-group. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup407,
]),
});
var msg131 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup408,
]),
});
var msg132 = match({
dissect: {
tokenizer: "Security context %{info} was added to the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup409,
]),
});
var msg133 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup410,
]),
});
var select31 = linear_select([
msg132,
msg133,
]);
var all62 = all_match({
processors: [
dup127,
dup64,
dup411,
],
on_success: processor_chain([
dup412,
dup413,
]),
});
var all63 = all_match({
processors: [
dup414,
dup4,
],
on_success: processor_chain([
dup89,
dup415,
]),
});
var all64 = all_match({
processors: [
dup416,
dup417,
],
on_success: processor_chain([
dup89,
dup418,
]),
});
var select32 = linear_select([
all63,
all64,
]);
var msg134 = match({
dissect: {
tokenizer: "Pre-allocate MGCP %{fld1} connection for %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} from %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup419,
]),
});
var msg135 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup420,
]),
});
var select33 = linear_select([
msg134,
msg135,
]);
var all65 = all_match({
processors: [
dup421,
dup422,
],
on_success: processor_chain([
dup68,
dup423,
]),
});
var msg136 = match({
dissect: {
tokenizer: "Denied new tunnel to %{saddr} VPN peer limit (%{fld1}) exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup424,
]),
});
var all66 = all_match({
processors: [
dup425,
dup426,
dup427,
],
on_success: processor_chain([
dup285,
dup428,
]),
});
var select34 = linear_select([
msg136,
all66,
]);
var msg137 = match({
dissect: {
tokenizer: "AAA Marking %{protocol} server %{hostip} in aaa-server group %{fld1} as FAILED",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup429,
]),
});
var msg138 = match({
dissect: {
tokenizer: "Teardown TCP connection %{connectionid} faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport} duration %{duration} bytes %{bytes} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup431,
]),
});
var msg139 = match({
dissect: {
tokenizer: "Teardown TCP connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup432,
]),
});
var select35 = linear_select([
msg138,
msg139,
]);
var all67 = all_match({
processors: [
dup371,
dup433,
dup373,
],
on_success: processor_chain([
dup288,
dup434,
]),
});
var msg140 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Xauth required but selected Proposal does not support xauth, %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup435,
]),
});
var all68 = all_match({
processors: [
dup99,
dup436,
],
on_success: processor_chain([
dup437,
dup438,
]),
});
var msg141 = match({
dissect: {
tokenizer: "Becoming master of Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup439,
]),
});
var msg142 = match({
dissect: {
tokenizer: "RIP pkt failed from %{saddr}: version=%{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup440,
]),
});
var all69 = all_match({
processors: [
dup441,
dup442,
dup443,
dup444,
dup445,
dup446,
dup447,
dup448,
dup449,
dup450,
],
on_success: processor_chain([
dup85,
dup451,
]),
});
var all70 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup454,
],
on_success: processor_chain([
dup33,
dup455,
]),
});
var msg143 = match({
dissect: {
tokenizer: "IPSEC: Received a non-IPSec packet (protocol= %{protocol}) from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup456,
]),
});
var msg144 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup457,
]),
});
var msg145 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} of type %{event_description}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup458,
]),
});
var all71 = all_match({
processors: [
dup459,
dup460,
dup461,
dup462,
dup463,
],
on_success: processor_chain([
dup464,
dup465,
]),
});
var all72 = all_match({
processors: [
dup466,
dup4,
dup467,
dup468,
],
on_success: processor_chain([
dup141,
dup469,
]),
});
var all73 = all_match({
processors: [
dup470,
dup471,
dup472,
],
on_success: processor_chain([
dup473,
dup474,
]),
});
var msg146 = match({
dissect: {
tokenizer: "Parsing downloaded ACL: ERROR: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup475,
dup476,
]),
});
var select36 = linear_select([
all73,
msg146,
]);
var msg147 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup477,
]),
});
var all74 = all_match({
processors: [
dup478,
dup479,
],
on_success: processor_chain([
dup33,
dup480,
]),
});
var msg148 = match({
dissect: {
tokenizer: "Name lookup failed for hostname %{hostname} during PKI operation.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup481,
]),
});
var msg149 = match({
dissect: {
tokenizer: "Received KEEPALIVE request from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup482,
]),
});
var msg150 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Tunnel terminated: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup484,
]),
});
var msg151 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} SA UP. Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup485,
]),
});
var msg152 = match({
dissect: {
tokenizer: "IKE Receiver: Error reading from socket.%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup487,
]),
});
var msg153 = match({
dissect: {
tokenizer: "%{fld1}: external LSA %{hostip} %{fld}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup488,
]),
});
var msg154 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup490,
]),
});
var msg155 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup491,
]),
});
var msg156 = match({
dissect: {
tokenizer: "IP = %{saddr}, Keep-alives configured %{fld1} but peer does not support keep-alives (type = %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup492,
]),
});
var msg157 = match({
dissect: {
tokenizer: "Checking CRL from trustpoint: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup493,
]),
});
var all75 = all_match({
processors: [
dup494,
dup495,
dup496,
],
on_success: processor_chain([
dup55,
dup497,
]),
});
var all76 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup500,
dup501,
dup502,
],
on_success: processor_chain([
dup55,
dup503,
]),
});
var msg158 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup504,
]),
});
var msg159 = match({
dissect: {
tokenizer: "%{protocol} request discarded from %{saddr} to %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup505,
]),
});
var msg160 = match({
dissect: {
tokenizer: "FTP %{action} command unsupported - failed strict inspection, %{result} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup506,
]),
});
var all77 = all_match({
processors: [
dup507,
dup508,
],
on_success: processor_chain([
dup93,
dup509,
]),
});
var all78 = all_match({
processors: [
dup510,
dup511,
],
on_success: processor_chain([
dup93,
dup512,
]),
});
var all79 = all_match({
processors: [
dup513,
dup514,
dup515,
],
on_success: processor_chain([
dup93,
dup516,
]),
});
var select37 = linear_select([
all78,
all79,
]);
var msg161 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup517,
]),
});
var all80 = all_match({
processors: [
dup518,
dup519,
dup520,
],
on_success: processor_chain([
dup33,
dup521,
]),
});
var all81 = all_match({
processors: [
dup518,
dup519,
dup522,
],
on_success: processor_chain([
dup33,
dup523,
]),
});
var select38 = linear_select([
all80,
all81,
]);
var all82 = all_match({
processors: [
dup12,
dup4,
dup13,
],
on_success: processor_chain([
dup14,
dup524,
]),
});
var msg162 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup525,
]),
});
var all83 = all_match({
processors: [
dup12,
dup4,
dup526,
dup527,
],
on_success: processor_chain([
dup528,
dup529,
]),
});
var all84 = all_match({
processors: [
dup127,
dup64,
dup530,
],
on_success: processor_chain([
dup285,
dup531,
]),
});
var msg163 = match({
dissect: {
tokenizer: "%{application}: Add IP-User mapping %{saddr} - %{domain}\\%{username} Succeeded - VPN user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup532,
dup533,
]),
});
var msg164 = match({
dissect: {
tokenizer: "%{application}: Add IP-User mapping %{saddr} - %{domain}\\%{username} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup532,
dup534,
]),
});
var select39 = linear_select([
msg163,
msg164,
]);
var all85 = all_match({
processors: [
dup535,
dup536,
],
on_success: processor_chain([
dup537,
dup538,
]),
});
var all86 = all_match({
processors: [
dup539,
dup540,
dup541,
],
on_success: processor_chain([
dup125,
dup542,
]),
});
var msg165 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup543,
]),
});
var msg166 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup544,
]),
});
var msg167 = match({
dissect: {
tokenizer: "(%{context}) Mate operational mode %{fld1} is not compatible with my mode %{fld2}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup545,
]),
});
var msg168 = match({
dissect: {
tokenizer: "%{process}: Error freeing address %{saddr}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup546,
]),
});
var msg169 = match({
dissect: {
tokenizer: "Auth from %{saddr}/%{sport} to %{daddr}/%{dport} failed (%{result}) on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup547,
]),
});
var msg170 = match({
dissect: {
tokenizer: "Terminating manager session from %{saddr} on interface %{interface}.%{space}Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup548,
]),
});
var all87 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup549,
],
on_success: processor_chain([
dup33,
dup550,
]),
});
var msg171 = match({
dissect: {
tokenizer: "(%{context}) Monitoring on interface %{interface} waiting",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup551,
]),
});
var all88 = all_match({
processors: [
dup127,
dup64,
dup552,
],
on_success: processor_chain([
dup68,
dup553,
]),
});
var msg172 = match({
dissect: {
tokenizer: "%{process}: Address assignment failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup554,
]),
});
var msg173 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Address assignment failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup555,
]),
});
var select40 = linear_select([
msg172,
msg173,
]);
var all89 = all_match({
processors: [
dup556,
dup557,
dup558,
],
on_success: processor_chain([
dup437,
dup559,
]),
});
var msg174 = match({
dissect: {
tokenizer: "Shared license backup server role change to %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup560,
]),
});
var msg175 = match({
dissect: {
tokenizer: "Unable to create tunnel from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup561,
]),
});
var all90 = all_match({
processors: [
dup562,
dup563,
dup564,
],
on_success: processor_chain([
dup25,
dup565,
]),
});
var msg176 = match({
dissect: {
tokenizer: "Denied ICMP type=%{icmptype}, code=%{icmpcode} from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup567,
]),
});
var msg177 = match({
dissect: {
tokenizer: "Java content modified src %{saddr} dest %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup568,
]),
});
var all91 = all_match({
processors: [
dup569,
dup570,
dup571,
dup572,
],
on_success: processor_chain([
dup573,
dup574,
]),
});
var all92 = all_match({
processors: [
dup575,
dup4,
],
on_success: processor_chain([
dup81,
dup576,
]),
});
var msg178 = match({
dissect: {
tokenizer: "Tunnel Manager dispatching a %{info}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup577,
]),
});
var all93 = all_match({
processors: [
dup12,
dup4,
dup578,
],
on_success: processor_chain([
dup579,
dup580,
]),
});
var all94 = all_match({
processors: [
dup99,
dup581,
],
on_success: processor_chain([
dup579,
dup582,
]),
});
var all95 = all_match({
processors: [
dup104,
dup4,
dup578,
],
on_success: processor_chain([
dup579,
dup583,
]),
});
var select41 = linear_select([
all93,
all94,
all95,
]);
var msg179 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup584,
]),
});
var all96 = all_match({
processors: [
dup585,
dup4,
dup586,
],
on_success: processor_chain([
dup587,
dup588,
]),
});
var msg180 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup589,
]),
});
var msg181 = match({
dissect: {
tokenizer: "Teardown translation for global %{hostip} local %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup590,
]),
});
var msg182 = match({
dissect: {
tokenizer: "Teardown translation for %{hostip} %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup591,
]),
});
var select42 = linear_select([
msg181,
msg182,
]);
var msg183 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup592,
]),
});
var msg184 = match({
dissect: {
tokenizer: "Denied ICMP type=%{icmptype}, from laddr %{saddr} on interface %{interface} to %{daddr}: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup593,
]),
});
var msg185 = match({
dissect: {
tokenizer: "Denied %{protocol} type=%{icmptype}, from %{saddr} on interface %{interface} to %{daddr}:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup594,
]),
});
var select43 = linear_select([
msg184,
msg185,
]);
var msg186 = match({
dissect: {
tokenizer: "PPTP control daemon socket io %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup595,
]),
});
var msg187 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup596,
]),
});
var msg188 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup598,
]),
});
var msg189 = match({
dissect: {
tokenizer: "Kerberos error : Clock skew with server %{hostip} greater than 300 seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup599,
]),
});
var msg190 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup600,
]),
});
var msg191 = match({
dissect: {
tokenizer: "LU no xlate for %{saddr}/%{sport} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup601,
]),
});
var all97 = all_match({
processors: [
dup602,
dup603,
],
on_success: processor_chain([
dup604,
dup605,
]),
});
var msg192 = match({
dissect: {
tokenizer: "Received HELLO request from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup606,
]),
});
var msg193 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup607,
]),
});
var msg194 = match({
dissect: {
tokenizer: "Local CA Server event: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup608,
]),
});
var all98 = all_match({
processors: [
dup609,
dup610,
dup611,
dup161,
],
on_success: processor_chain([
dup110,
dup612,
]),
});
var msg195 = match({
dissect: {
tokenizer: "Unexpected error in the timer library: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup613,
]),
});
var all99 = all_match({
processors: [
dup614,
],
on_success: processor_chain([
dup528,
dup615,
]),
});
var msg196 = match({
dissect: {
tokenizer: "Deleted secure tunnel to peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup616,
]),
});
var all100 = all_match({
processors: [
dup617,
],
on_success: processor_chain([
dup125,
dup618,
]),
});
var msg197 = match({
dissect: {
tokenizer: "%{process}: Local pool request succeeded for tunnel-group '%{info}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup619,
]),
});
var msg198 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Local pool request succeeded for tunnel-group '%{info}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup620,
]),
});
var select44 = linear_select([
msg197,
msg198,
]);
var all101 = all_match({
processors: [
dup621,
dup622,
dup623,
],
on_success: processor_chain([
dup141,
dup624,
]),
});
var msg199 = match({
dissect: {
tokenizer: "There are %{fld1} users of %{product} during the past %{fld2} hours",
field: "nwparser.payload",
},
on_success: processor_chain([
dup625,
dup626,
]),
});
var msg200 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup627,
]),
});
var all102 = all_match({
processors: [
dup628,
dup4,
dup629,
],
on_success: processor_chain([
dup473,
dup630,
]),
});
var msg201 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup631,
]),
});
var all103 = all_match({
processors: [
dup249,
dup250,
dup632,
dup633,
dup634,
],
on_success: processor_chain([
dup33,
dup635,
]),
});
var all104 = all_match({
processors: [
dup636,
dup417,
],
on_success: processor_chain([
dup573,
dup637,
]),
});
var all105 = all_match({
processors: [
dup638,
dup417,
],
on_success: processor_chain([
dup573,
dup639,
]),
});
var select45 = linear_select([
all104,
all105,
]);
var msg202 = match({
dissect: {
tokenizer: "Teardown %{protocol} state-bypass connection %{connectionid} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup640,
]),
});
var msg203 = match({
dissect: {
tokenizer: "IP detected an attached application using port %{network_port} while removing context",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup641,
]),
});
var all106 = all_match({
processors: [
dup642,
dup643,
],
on_success: processor_chain([
dup14,
dup644,
]),
});
var msg204 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup645,
]),
});
var msg205 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map = %{fld1}, seq = %{fld2}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup475,
dup646,
]),
});
var msg206 = match({
dissect: {
tokenizer: "Call-Home client %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup647,
]),
});
var all107 = all_match({
processors: [
dup648,
dup208,
dup649,
],
on_success: processor_chain([
dup55,
dup650,
]),
});
var all108 = all_match({
processors: [
dup651,
dup652,
dup653,
],
on_success: processor_chain([
dup10,
dup654,
]),
});
var all109 = all_match({
processors: [
dup651,
dup652,
dup655,
],
on_success: processor_chain([
dup10,
dup656,
]),
});
var select46 = linear_select([
all108,
all109,
]);
var all110 = all_match({
processors: [
dup127,
dup64,
dup657,
],
on_success: processor_chain([
dup10,
dup658,
]),
});
var msg207 = match({
dissect: {
tokenizer: "Phone Proxy: Unable to create secure phone entry for %{sinterface}:%{saddr} with MAC address %{smacaddr}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup659,
]),
});
var msg208 = match({
dissect: {
tokenizer: "Resource %{fld1} rate limit of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup660,
]),
});
var msg209 = match({
dissect: {
tokenizer: "Module in slot %{fld1} experienced a control channel communication failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup661,
]),
});
var msg210 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup662,
dup663,
]),
});
var all111 = all_match({
processors: [
dup664,
dup665,
dup666,
],
on_success: processor_chain([
dup33,
dup667,
]),
});
var msg211 = match({
dissect: {
tokenizer: "user-identity: DNS lookup for %{web_domain} failed, reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup668,
]),
});
var msg212 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup669,
]),
});
var msg213 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup662,
dup670,
]),
});
var all112 = all_match({
processors: [
dup12,
dup4,
dup400,
],
on_success: processor_chain([
dup33,
dup671,
]),
});
var msg214 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup672,
]),
});
var select47 = linear_select([
all112,
msg214,
]);
var all113 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup674,
]),
});
var msg215 = match({
dissect: {
tokenizer: "URL Server %{hostip} not responding, ENTERING ALLOW mode",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup675,
]),
});
var msg216 = match({
dissect: {
tokenizer: "%{info} Error: No Key SPI %{fld1} SRC %{saddr} DEST %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup676,
]),
});
var msg217 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup677,
]),
});
var msg218 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup678,
]),
});
var msg219 = match({
dissect: {
tokenizer: "%{process}: Freeing AAA address %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup679,
]),
});
var msg220 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup680,
dup681,
]),
});
var all114 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup682,
]),
});
var all115 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup683,
]),
});
var msg221 = match({
dissect: {
tokenizer: "UPDATE: ASA image %{fld1} was added to system boot list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup684,
]),
});
var msg222 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup686,
]),
});
var all116 = all_match({
processors: [
dup687,
dup688,
dup689,
dup690,
dup74,
dup691,
dup692,
dup693,
dup694,
dup695,
],
on_success: processor_chain([
dup93,
dup696,
]),
});
var msg223 = match({
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{saddr} (initiator), remote %{daddr}, message-ID %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup697,
]),
});
var msg224 = match({
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{daddr} (responder), remote %{saddr}, message-ID %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup698,
]),
});
var select48 = linear_select([
msg223,
msg224,
]);
var msg225 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup699,
]),
});
var msg226 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup700,
]),
});
var select49 = linear_select([
msg225,
msg226,
]);
var msg227 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup701,
]),
});
var msg228 = match({
dissect: {
tokenizer: "%{protocol} access requested from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup702,
]),
});
var msg229 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup703,
]),
});
var all117 = all_match({
processors: [
dup12,
dup4,
dup704,
],
on_success: processor_chain([
dup33,
dup705,
]),
});
var msg230 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup706,
]),
});
var select50 = linear_select([
all117,
msg230,
]);
var msg231 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Received delete for rekeyed centry %{space} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup707,
]),
});
var msg232 = match({
dissect: {
tokenizer: "Created peer %{space}[%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup708,
]),
});
var msg233 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup709,
]),
});
var all118 = all_match({
processors: [
dup710,
dup711,
dup712,
],
on_success: processor_chain([
dup14,
dup713,
]),
});
var all119 = all_match({
processors: [
dup714,
dup715,
dup716,
],
on_success: processor_chain([
dup68,
dup717,
]),
});
var msg234 = match({
dissect: {
tokenizer: "VPNClient: XAUTH Succeeded: Peer: %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup532,
dup718,
]),
});
var msg235 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup719,
]),
});
var msg236 = match({
dissect: {
tokenizer: "access-list %{listnum} denied %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1} %{fld6}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup720,
]),
});
var all120 = all_match({
processors: [
dup721,
dup722,
dup723,
dup724,
dup725,
],
on_success: processor_chain([
dup288,
dup726,
]),
});
var all121 = all_match({
processors: [
dup721,
dup722,
dup727,
dup728,
dup725,
],
on_success: processor_chain([
dup288,
dup729,
]),
});
var all122 = all_match({
processors: [
dup721,
dup722,
dup730,
dup728,
dup725,
],
on_success: processor_chain([
dup288,
dup731,
]),
});
var select51 = linear_select([
msg236,
all120,
all121,
all122,
]);
var msg237 = match({
dissect: {
tokenizer: "MAC %{interface} moved from %{src_zone} to %{dst_zone}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup732,
]),
});
var msg238 = match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application down \"%{application}\", %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup733,
]),
});
var msg239 = match({
dissect: {
tokenizer: "%{result} session from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup734,
]),
});
var msg240 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{domain}\\%{fld3}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{ddomain}\\%{c_username}) (%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup735,
]),
});
var all123 = all_match({
processors: [
dup736,
dup737,
dup738,
dup739,
],
on_success: processor_chain([
dup288,
dup740,
]),
});
var all124 = all_match({
processors: [
dup741,
dup742,
],
on_success: processor_chain([
dup288,
dup743,
]),
});
var all125 = all_match({
processors: [
dup736,
dup744,
dup745,
],
on_success: processor_chain([
dup288,
dup746,
]),
});
var all126 = all_match({
processors: [
dup747,
dup748,
dup749,
dup750,
dup751,
],
on_success: processor_chain([
dup288,
dup752,
]),
});
var msg241 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup753,
]),
});
var msg242 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface} %{daddr}/%{dport} gaddr %{hostip}/%{network_port} %{sinterface} %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup754,
]),
});
var all127 = all_match({
processors: [
dup755,
dup756,
dup757,
dup750,
dup751,
],
on_success: processor_chain([
dup288,
dup758,
]),
});
var msg243 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{domain}\\%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup759,
]),
});
var msg244 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{fld}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup760,
]),
});
var select52 = linear_select([
msg240,
all123,
all124,
all125,
all126,
msg241,
msg242,
all127,
msg243,
msg244,
]);
var msg245 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup762,
]),
});
var msg246 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, IP address request attempt failed!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup763,
]),
});
var msg247 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup764,
]),
});
var all128 = all_match({
processors: [
dup238,
dup765,
dup766,
],
on_success: processor_chain([
dup767,
dup768,
]),
});
var all129 = all_match({
processors: [
dup769,
dup770,
dup771,
],
on_success: processor_chain([
dup141,
dup772,
]),
});
var msg248 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup773,
]),
});
var select53 = linear_select([
all129,
msg248,
]);
var msg249 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup774,
]),
});
var all130 = all_match({
processors: [
dup139,
dup775,
],
on_success: processor_chain([
dup579,
dup776,
]),
});
var msg250 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup777,
]),
});
var all131 = all_match({
processors: [
dup778,
dup779,
],
on_success: processor_chain([
dup215,
dup780,
]),
});
var msg251 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Invalid address \u003c\u003c%{daddr}\u003e assigned to SVC connection",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup781,
]),
});
var msg252 = match({
dissect: {
tokenizer: "SMTP replaced %{fld1}: out %{saddr} in %{daddr} data: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup782,
]),
});
var msg253 = match({
dissect: {
tokenizer: "H225 message %{fld} received from %{saddr}/%{sport} to %{daddr}/%{dport} before SETUP",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup783,
]),
});
var msg254 = match({
dissect: {
tokenizer: "IPS requested to reset %{protocol} connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup784,
]),
});
var all132 = all_match({
processors: [
dup785,
dup786,
dup655,
],
on_success: processor_chain([
dup55,
dup787,
]),
});
var all133 = all_match({
processors: [
dup785,
dup786,
dup653,
],
on_success: processor_chain([
dup55,
dup788,
]),
});
var select54 = linear_select([
all132,
all133,
]);
var all134 = all_match({
processors: [
dup789,
dup790,
],
on_success: processor_chain([
dup14,
dup791,
]),
});
var msg255 = match({
dissect: {
tokenizer: "Inspected %{im_client} %{info} Session between Client %{im_userid} and %{im_buddyid} Packet flow from %{sinterface}:/%{saddr}/%{sport} to %{dinterface}:/%{daddr}/%{dport} Action: %{action} Matched Class %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup792,
]),
});
var msg256 = match({
dissect: {
tokenizer: "Threat-detection adds host %{hostip} to shun list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup793,
]),
});
var msg257 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup795,
]),
});
var all135 = all_match({
processors: [
dup796,
dup797,
],
on_success: processor_chain([
dup81,
dup798,
]),
});
var msg258 = match({
dissect: {
tokenizer: "%{severity}: Duplex-mismatch on %{service} resulted in transmitter lockup. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup799,
]),
});
var msg259 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} missing aaa server group info",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup800,
]),
});
var all136 = all_match({
processors: [
dup801,
dup802,
dup803,
dup804,
dup805,
dup806,
dup807,
],
on_success: processor_chain([
dup808,
dup809,
]),
});
var all137 = all_match({
processors: [
dup801,
dup802,
dup810,
dup811,
dup805,
dup812,
dup807,
],
on_success: processor_chain([
dup808,
dup813,
]),
});
var msg260 = match({
dissect: {
tokenizer: "Dropped UDP DNS reply from %{saddr}/%{sport} to %{daddr}/%{dport}; compression pointer length %{bytes} bytes exceeds packet length limit of %{fld2} bytes",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup814,
]),
});
var all138 = all_match({
processors: [
dup815,
dup816,
dup817,
],
on_success: processor_chain([
dup808,
dup818,
]),
});
var select55 = linear_select([
all136,
all137,
msg260,
all138,
]);
var all139 = all_match({
processors: [
dup819,
dup820,
],
on_success: processor_chain([
dup14,
dup821,
]),
});
var msg261 = match({
dissect: {
tokenizer: "DHCP client interface %{interface}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup822,
]),
});
var all140 = all_match({
processors: [
dup823,
dup824,
dup655,
],
on_success: processor_chain([
dup33,
dup825,
]),
});
var all141 = all_match({
processors: [
dup823,
dup824,
dup653,
],
on_success: processor_chain([
dup33,
dup826,
]),
});
var select56 = linear_select([
all140,
all141,
]);
var msg262 = match({
dissect: {
tokenizer: "Deny %{protocol} (no connection) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup827,
]),
});
var msg263 = match({
dissect: {
tokenizer: "Deny %{protocol} (no connection) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup828,
]),
});
var select57 = linear_select([
msg262,
msg263,
]);
var all142 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup55,
dup830,
]),
});
var msg264 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received unknown transaction mode attribute: %{change_attribute}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup831,
]),
});
var select58 = linear_select([
all142,
msg264,
]);
var msg265 = match({
dissect: {
tokenizer: "(%{context}) Monitoring on interface %{interface} normal",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup832,
]),
});
var msg266 = match({
dissect: {
tokenizer: "Denied HTTP configuration attempt from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup833,
]),
});
var all143 = all_match({
processors: [
dup834,
dup4,
dup114,
],
on_success: processor_chain([
dup835,
dup836,
]),
});
var msg267 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup837,
]),
});
var msg268 = match({
dissect: {
tokenizer: "GTP connection created for response from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup838,
]),
});
var msg269 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup839,
]),
});
var msg270 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup840,
]),
});
var msg271 = match({
dissect: {
tokenizer: "SVC Global Compression Disabled%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup841,
]),
});
var msg272 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup842,
]),
});
var msg273 = match({
dissect: {
tokenizer: "NAT-T keepalive received from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup843,
]),
});
var msg274 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Processing CONNECTED notify (MsgId %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup844,
]),
});
var msg275 = match({
dissect: {
tokenizer: "Tunnel group search using certificate maps failed for peer certificate: serial number: %{serial_number}, subject name: %{cert_subject} issuer_name: %{dn}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup845,
]),
});
var msg276 = match({
dissect: {
tokenizer: "Terminating TCP-Proxy connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup846,
]),
});
var all144 = all_match({
processors: [
dup466,
dup4,
dup847,
],
on_success: processor_chain([
dup848,
dup849,
]),
});
var msg277 = match({
dissect: {
tokenizer: "Unable to open %{protocol} trap channel (UDP port %{network_port}) on interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup850,
]),
});
var msg278 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup851,
]),
});
var all145 = all_match({
processors: [
dup127,
dup64,
dup852,
],
on_success: processor_chain([
dup177,
dup853,
]),
});
var all146 = all_match({
processors: [
dup854,
dup855,
],
on_success: processor_chain([
dup316,
dup856,
]),
});
var msg279 = match({
dissect: {
tokenizer: "PIX clear config %{fld1} from %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup857,
]),
});
var msg280 = match({
dissect: {
tokenizer: "LU loading standby end%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup859,
]),
});
var msg281 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup860,
]),
});
var msg282 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup862,
]),
});
var msg283 = match({
dissect: {
tokenizer: "Bad %{protocol} hdr length (hdrlen=%{fld1}, pktlen=%{fld2}) from %{saddr}/%{sport} to %{daddr}/%{dport}, flags: %{fld3}, on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup863,
]),
});
var msg284 = match({
dissect: {
tokenizer: "LU look NAT for %{hostip} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup864,
]),
});
var msg285 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} encountered an error (%{context}) while executing the command %{process}(%{info}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup865,
]),
});
var all147 = all_match({
processors: [
dup127,
dup64,
dup866,
],
on_success: processor_chain([
dup867,
dup868,
]),
});
var msg286 = match({
dissect: {
tokenizer: "%{process}: %{result}, request succeeded for tunnel-group '%{group}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup869,
]),
});
var msg287 = match({
dissect: {
tokenizer: "No translation group found for %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup870,
]),
});
var msg288 = match({
dissect: {
tokenizer: "No translation group found for icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup871,
]),
});
var msg289 = match({
dissect: {
tokenizer: "No translation group found for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup872,
]),
});
var msg290 = match({
dissect: {
tokenizer: "No translation group found for protocol %{protocol} src %{saddr} dst %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup873,
]),
});
var select59 = linear_select([
msg287,
msg288,
msg289,
msg290,
]);
var msg291 = match({
dissect: {
tokenizer: "%{sigid} Maximum of 10 unanswered HTTP requests exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup874,
]),
});
var msg292 = match({
dissect: {
tokenizer: "Built IP protocol %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} (%{stransaddr}) to %{dinterface}:%{daddr} (%{dtransaddr})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup875,
]),
});
var all148 = all_match({
processors: [
dup371,
dup433,
dup876,
],
on_success: processor_chain([
dup288,
dup877,
]),
});
var select60 = linear_select([
msg292,
all148,
]);
var msg293 = match({
dissect: {
tokenizer: "SSH session limit exceeded.%{space}Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup878,
]),
});
var msg294 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, Hardware client security attribute %{change_attribute} was enabled but not requested",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup879,
]),
});
var all149 = all_match({
processors: [
dup238,
dup880,
dup881,
],
on_success: processor_chain([
dup14,
dup882,
]),
});
var msg295 = match({
dissect: {
tokenizer: "Per-client embryonic connection limit exceeded %{fld1} for input packet from %{saddr}/%{sport} to %{dhost}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup883,
]),
});
var all150 = all_match({
processors: [
dup466,
dup4,
dup884,
],
on_success: processor_chain([
dup848,
dup885,
]),
});
var all151 = all_match({
processors: [
dup886,
dup887,
],
on_success: processor_chain([
dup93,
dup888,
]),
});
var msg296 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup889,
]),
});
var select61 = linear_select([
all151,
msg296,
]);
var msg297 = match({
dissect: {
tokenizer: "Dropped UDP SNMP packet from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup890,
]),
});
var msg298 = match({
dissect: {
tokenizer: "VPNClient: XAUTH Failed: Peer: %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup892,
]),
});
var msg299 = match({
dissect: {
tokenizer: "Begin configuration: %{hostip} reading from %{device}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup893,
]),
});
var all152 = all_match({
processors: [
dup894,
dup895,
dup896,
dup897,
],
on_success: processor_chain([
dup898,
dup899,
]),
});
var all153 = all_match({
processors: [
dup518,
dup786,
dup655,
],
on_success: processor_chain([
dup55,
dup900,
]),
});
var all154 = all_match({
processors: [
dup518,
dup786,
dup653,
],
on_success: processor_chain([
dup55,
dup901,
]),
});
var select62 = linear_select([
all153,
all154,
]);
var msg300 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action}. %{space} Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup902,
]),
});
var msg301 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup903,
]),
});
var msg302 = match({
dissect: {
tokenizer: "%{protocol} packet type %{fld1} denied by %{direction} list %{fld2} src %{saddr} dest %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup904,
]),
});
var msg303 = match({
dissect: {
tokenizer: "Teardown IP protocol %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup905,
]),
});
var msg304 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} forwarded bytes %{bytes} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup906,
]),
});
var select63 = linear_select([
msg303,
msg304,
]);
var msg305 = match({
dissect: {
tokenizer: "Web Cache %{saddr}/%{shost} acquired",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup907,
]),
});
var msg306 = match({
dissect: {
tokenizer: "(%{context})%{event_description}(cause: %{result}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup908,
]),
});
var msg307 = match({
dissect: {
tokenizer: "(%{context})%{event_description} - %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup909,
]),
});
var select64 = linear_select([
msg306,
msg307,
]);
var all155 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup910,
],
on_success: processor_chain([
dup33,
dup911,
]),
});
var msg308 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup912,
]),
});
var all156 = all_match({
processors: [
dup913,
dup914,
],
on_success: processor_chain([
dup110,
dup915,
]),
});
var msg309 = match({
dissect: {
tokenizer: "SSL server %{interface}:%{hostip}/%{network_port} requesting our device certificate for authentication.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup916,
]),
});
var select65 = linear_select([
all156,
msg309,
]);
var msg310 = match({
dissect: {
tokenizer: "%{group_object}'",
field: "nwparser.p0",
},
});
var all157 = all_match({
processors: [
dup917,
msg310,
],
on_success: processor_chain([
dup93,
dup918,
]),
});
var msg311 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport}(%{fld51}) to %{dinterface}(%{fld52}):%{daddr}/%{dport} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup919,
]),
});
var msg312 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} duration %{duration}",
field: "nwparser.p1",
},
});
var all158 = all_match({
processors: [
dup920,
dup921,
msg312,
],
on_success: processor_chain([
dup33,
dup922,
]),
});
var msg313 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{duration}",
field: "nwparser.p1",
},
});
var all159 = all_match({
processors: [
dup923,
dup924,
msg313,
],
on_success: processor_chain([
dup33,
dup925,
]),
});
var select66 = linear_select([
msg311,
all158,
all159,
]);
var all160 = all_match({
processors: [
dup926,
dup927,
],
on_success: processor_chain([
dup193,
dup928,
]),
});
var all161 = all_match({
processors: [
dup929,
dup4,
dup930,
],
on_success: processor_chain([
dup81,
dup931,
]),
});
var msg314 = match({
dissect: {
tokenizer: "Built %{protocol} state-bypass connection %{connectionid} from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup932,
]),
});
var msg315 = match({
dissect: {
tokenizer: "Deny MAC address %{daddr}, possible spoof attempt on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup933,
]),
});
var msg316 = match({
dissect: {
tokenizer: "Rec'd packet not an IPSEC packet %{space} (ip) dest_addr= %{daddr}, src_addr= %{saddr}, prot= %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup934,
]),
});
var msg317 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup935,
]),
});
var msg318 = match({
dissect: {
tokenizer: "URL Server %{hostip} timed out URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup936,
]),
});
var msg319 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport}(%{fld51}) to %{dinterface}(%{fld52}):%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup937,
]),
});
var all162 = all_match({
processors: [
dup938,
dup921,
dup939,
],
on_success: processor_chain([
dup33,
dup940,
]),
});
var msg320 = match({
dissect: {
tokenizer: "%{daddr}/%{dport}",
field: "nwparser.p1",
},
});
var all163 = all_match({
processors: [
dup941,
dup924,
msg320,
],
on_success: processor_chain([
dup33,
dup942,
]),
});
var select67 = linear_select([
msg319,
all162,
all163,
]);
var msg321 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description} payload: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup943,
]),
});
var all164 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup944,
],
on_success: processor_chain([
dup285,
dup945,
]),
});
var msg322 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup946,
]),
});
var all165 = all_match({
processors: [
dup947,
dup948,
dup949,
],
on_success: processor_chain([
dup55,
dup950,
]),
});
var all166 = all_match({
processors: [
dup947,
dup948,
dup951,
],
on_success: processor_chain([
dup55,
dup952,
]),
});
var select68 = linear_select([
all165,
all166,
]);
var msg323 = match({
dissect: {
tokenizer: "%{process}: Unable to send %{hostip} to standby: address in use",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup953,
]),
});
var all167 = all_match({
processors: [
dup954,
dup4,
],
on_success: processor_chain([
dup955,
dup956,
]),
});
var msg324 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{hostip}\u003e %{event_description}. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup957,
]),
});
var msg325 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received an un-encrypted AUTH_FAILED notify message, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup958,
]),
});
var msg326 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received encrypted packet with no matching SA, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup959,
]),
});
var msg327 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received an un-encrypted %{obj_type} notify message, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup960,
]),
});
var msg328 = match({
dissect: {
tokenizer: "IP = %{saddr}, No crypto map bound to interface... %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup961,
]),
});
var msg329 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup962,
]),
});
var msg330 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.p0",
},
});
var all168 = all_match({
processors: [
dup963,
msg330,
],
on_success: processor_chain([
dup14,
dup964,
]),
});
var select69 = linear_select([
msg325,
msg326,
msg327,
msg328,
msg329,
all168,
]);
var msg331 = match({
dissect: {
tokenizer: "Stop VPN Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup965,
]),
});
var msg332 = match({
dissect: {
tokenizer: "%{application}: Delete IP-User mapping %{saddr} - %{domain}\\%{username} Succeeded - %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup966,
dup967,
]),
});
var msg333 = match({
dissect: {
tokenizer: "%{application}: Delete IP-User mapping %{saddr} - %{domain}\\%{username} Failed - VPN user logout",
field: "nwparser.payload",
},
on_success: processor_chain([
dup966,
dup968,
]),
});
var select70 = linear_select([
msg332,
msg333,
]);
var msg334 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration} bytes %{bytes} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup969,
]),
});
var msg335 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet %{space} (%{result}) from %{saddr} to %{daddr} with an invalid SPI",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup970,
]),
});
var msg336 = match({
dissect: {
tokenizer: "Shared license added client id %{hostid}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup971,
]),
});
var msg337 = match({
dissect: {
tokenizer: "Shared license expired client id %{hostid}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup972,
]),
});
var select71 = linear_select([
msg336,
msg337,
]);
var all169 = all_match({
processors: [
dup31,
dup973,
],
on_success: processor_chain([
dup33,
dup974,
]),
});
var all170 = all_match({
processors: [
dup12,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup975,
]),
});
var msg338 = match({
dissect: {
tokenizer: "(VPN-%{context}) Sending %{info} to standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup976,
]),
});
var msg339 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup977,
]),
});
var msg340 = match({
dissect: {
tokenizer: "lsid %{fld1} adv %{fld2} type %{fld3} gateway %{fld4} metric %{fld5} network %{fld6} mask %{fld7} protocol %{protocol} attr %{fld8} net-metric %{fld9}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup978,
]),
});
var all171 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup55,
dup979,
]),
});
var all172 = all_match({
processors: [
dup104,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup980,
]),
});
var select72 = linear_select([
all171,
all172,
]);
var msg341 = match({
dissect: {
tokenizer: "Becoming slave of Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup981,
]),
});
var msg342 = match({
dissect: {
tokenizer: "%{process}: Unable to assign AAA provided IP address (%{hostip}) to Client. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup982,
]),
});
var msg343 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map Check by-passed: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup475,
dup983,
]),
});
var msg344 = match({
dissect: {
tokenizer: "Denied %{protocol} login session from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup984,
]),
});
var msg345 = match({
dissect: {
tokenizer: "Denied %{protocol} login session from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup985,
]),
});
var select73 = linear_select([
msg344,
msg345,
]);
var all173 = all_match({
processors: [
dup238,
dup986,
dup987,
],
on_success: processor_chain([
dup14,
dup988,
]),
});
var msg346 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Received a IKE_INIT_SA request",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup989,
]),
});
var msg347 = match({
dissect: {
tokenizer: "%{protocol} request discarded from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup990,
]),
});
var msg348 = match({
dissect: {
tokenizer: "Looking for a tunnel group match based on certificate maps for peer certificate with serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup991,
]),
});
var all174 = all_match({
processors: [
dup992,
dup381,
dup993,
],
on_success: processor_chain([
dup93,
dup994,
]),
});
var msg349 = match({
dissect: {
tokenizer: "Too many embryonic connections on STRING %{hostip} %{fld1}/%{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup995,
]),
});
var select74 = linear_select([
all174,
msg349,
]);
var msg350 = match({
dissect: {
tokenizer: "%{sigid} HTTP Peer-to-Peer detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup996,
]),
});
var all175 = all_match({
processors: [
dup127,
dup64,
dup997,
],
on_success: processor_chain([
dup285,
dup998,
]),
});
var msg351 = match({
dissect: {
tokenizer: "(%{context})%{event_description} (cause: %{result}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup999,
]),
});
var msg352 = match({
dissect: {
tokenizer: "(%{context})%{event_description} - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1000,
]),
});
var select75 = linear_select([
msg351,
msg352,
]);
var msg353 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1001,
]),
});
var all176 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup55,
dup1002,
]),
});
var msg354 = match({
dissect: {
tokenizer: "Built inbound TCP connection %{fld1} for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1003,
]),
});
var msg355 = match({
dissect: {
tokenizer: "Built outbound TCP connection %{fld1} for faddr %{daddr}/%{dport} gaddr %{hostip}/%{network_port} laddr %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1004,
]),
});
var msg356 = match({
dissect: {
tokenizer: "Built TCP connection %{fld1} for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1005,
]),
});
var msg357 = match({
dissect: {
tokenizer: "Built outbound TCP connection %{fld1} for %{dinterface}:%{daddr}/%{dport} (%{hostip}) to %{sinterface}:%{saddr}/%{sport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1006,
]),
});
var msg358 = match({
dissect: {
tokenizer: "Built %{direction} TCP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1007,
]),
});
var select76 = linear_select([
msg354,
msg355,
msg356,
msg357,
msg358,
]);
var msg359 = match({
dissect: {
tokenizer: "Shared license service is active. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1008,
]),
});
var msg360 = match({
dissect: {
tokenizer: "%{protocol} data connection failed for %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1009,
]),
});
var msg361 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1010,
]),
});
var msg362 = match({
dissect: {
tokenizer: "%{application} response received.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1011,
]),
});
var msg363 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1012,
]),
});
var msg364 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1013,
]),
});
var msg365 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1014,
]),
});
var msg366 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1015,
]),
});
var select77 = linear_select([
msg363,
msg364,
msg365,
msg366,
]);
var msg367 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1016,
]),
});
var msg368 = match({
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with no split %{space} tunneling: NAT addr: %{stransaddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1017,
]),
});
var all177 = all_match({
processors: [
dup12,
dup4,
dup1018,
],
on_success: processor_chain([
dup1019,
dup1020,
]),
});
var msg369 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}. %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1021,
]),
});
var select78 = linear_select([
all177,
msg369,
]);
var msg370 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1022,
]),
});
var msg371 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1023,
]),
});
var msg372 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1024,
]),
});
var all178 = all_match({
processors: [
dup1025,
dup1026,
dup939,
],
on_success: processor_chain([
dup285,
dup1027,
]),
});
var msg373 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol} from %{sinterface} %{saddr} (%{sport}) to %{dinterface} %{daddr} (%{dport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1028,
]),
});
var select79 = linear_select([
msg371,
msg372,
all178,
msg373,
]);
var all179 = all_match({
processors: [
dup1029,
dup1030,
dup1031,
dup1032,
],
on_success: processor_chain([
dup285,
dup1033,
]),
});
var msg374 = match({
dissect: {
tokenizer: "%{rule_group}\"",
field: "nwparser.p3",
},
});
var all180 = all_match({
processors: [
dup1034,
dup1035,
dup1036,
dup1037,
msg374,
],
on_success: processor_chain([
dup285,
dup1038,
]),
});
var all181 = all_match({
processors: [
dup1039,
dup1040,
dup1041,
],
on_success: processor_chain([
dup285,
dup1042,
]),
});
var all182 = all_match({
processors: [
dup1043,
dup1044,
],
on_success: processor_chain([
dup285,
dup1045,
]),
});
var select80 = linear_select([
all179,
all180,
all181,
all182,
]);
var msg375 = match({
dissect: {
tokenizer: "Unable to find translation for SRC=%{saddr} DEST=%{daddr} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1046,
]),
});
var msg376 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1047,
]),
});
var msg377 = match({
dissect: {
tokenizer: "%{sigid} HTTP Instant Messenger detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1048,
]),
});
var msg378 = match({
dissect: {
tokenizer: "Embryonic limit exceeded %{sinterface}/%{dinterface} for %{saddr}/%{sport} to (%{hostip}) %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1049,
]),
});
var msg379 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1050,
]),
});
var msg380 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1051,
]),
});
var all183 = all_match({
processors: [
dup1052,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1053,
]),
});
var all184 = all_match({
processors: [
dup1054,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1055,
]),
});
var all185 = all_match({
processors: [
dup1056,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1057,
]),
});
var select81 = linear_select([
all183,
all184,
all185,
]);
var msg381 = match({
dissect: {
tokenizer: "Out of SMTP connections! %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1058,
]),
});
var msg382 = match({
dissect: {
tokenizer: "%{network_service}: Received ESMTP Request from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup1059,
]),
});
var select82 = linear_select([
msg381,
msg382,
]);
var msg383 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, De-queuing KEY-ACQUIRE messages that were left pending",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1060,
]),
});
var msg384 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1062,
]),
});
var msg385 = match({
dissect: {
tokenizer: "Built conduit from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} IP version %{fld1} protocol %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1063,
]),
});
var all186 = all_match({
processors: [
dup12,
dup4,
dup1064,
],
on_success: processor_chain([
dup316,
dup1065,
]),
});
var all187 = all_match({
processors: [
dup127,
dup64,
dup1066,
],
on_success: processor_chain([
dup1067,
dup1068,
]),
});
var msg386 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1069,
]),
});
var msg387 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{hostip}\u003e %{result}. ACL parse error",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1070,
]),
});
var all188 = all_match({
processors: [
dup664,
dup1071,
dup1072,
],
on_success: processor_chain([
dup10,
dup1073,
]),
});
var msg388 = match({
dissect: {
tokenizer: "IKE got SPI from key engine: SPI = %{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1074,
]),
});
var select83 = linear_select([
all188,
msg388,
]);
var msg389 = match({
dissect: {
tokenizer: "Send TOPOLOGY indicator failure to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1075,
]),
});
var msg390 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1076,
]),
});
var msg391 = match({
dissect: {
tokenizer: "Unable to open %{protocol} channel (UDP port %{network_port}) on interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1077,
]),
});
var msg392 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1078,
]),
});
var all189 = all_match({
processors: [
dup1079,
dup1080,
dup1081,
],
on_success: processor_chain([
dup68,
dup1082,
]),
});
var msg393 = match({
dissect: {
tokenizer: "Auto Update failed to contact:%{url}, reason:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1083,
]),
});
var msg394 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Received delete for rekeyed SA %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup1084,
]),
});
var all190 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup1085,
]),
});
var msg395 = match({
dissect: {
tokenizer: "uauth_pickapp: Uauth Unproxy Failed due to the reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1086,
]),
});
var msg396 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1087,
]),
});
var msg397 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1088,
]),
});
var msg398 = match({
dissect: {
tokenizer: "VPNClient: DHCP Policy installed:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1089,
]),
});
var msg399 = match({
dissect: {
tokenizer: "ARP inspection check failed for arp response received from host %{smacaddr} on interface %{interface}.%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1090,
]),
});
var msg400 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1091,
]),
});
var all191 = all_match({
processors: [
dup1092,
dup1093,
dup1094,
],
on_success: processor_chain([
dup808,
dup1095,
]),
});
var msg401 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1096,
]),
});
var msg402 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1097,
]),
});
var select84 = linear_select([
msg401,
msg402,
]);
var msg403 = match({
dissect: {
tokenizer: "NAC is disabled for host - %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1098,
]),
});
var msg404 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1099,
]),
});
var msg405 = match({
dissect: {
tokenizer: "AAA Marking %{protocol} server %{hostip} in aaa-server group %{fld1} as ACTIVE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1100,
]),
});
var all192 = all_match({
processors: [
dup1101,
dup1102,
dup1103,
],
on_success: processor_chain([
dup93,
dup1104,
]),
});
var msg406 = match({
dissect: {
tokenizer: "No interface is configured (with %{interface}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1105,
]),
});
var msg407 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1106,
]),
});
var select85 = linear_select([
all192,
msg406,
msg407,
]);
var all193 = all_match({
processors: [
dup518,
dup1107,
dup1108,
],
on_success: processor_chain([
dup33,
dup1109,
]),
});
var all194 = all_match({
processors: [
dup518,
dup1107,
dup1110,
],
on_success: processor_chain([
dup33,
dup1111,
]),
});
var select86 = linear_select([
all193,
all194,
]);
var msg408 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{hostip}\u003e Error adding dynamic ACL for user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1112,
]),
});
var all195 = all_match({
processors: [
dup1113,
dup1114,
dup1115,
],
on_success: processor_chain([
dup1116,
dup1117,
]),
});
var msg409 = match({
dissect: {
tokenizer: "Built H245 connection for faddr %{saddr} laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1118,
]),
});
var msg410 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1119,
]),
});
var msg411 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not able to reload, reload request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1120,
]),
});
var msg412 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} timed out (%{info})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1121,
dup1122,
]),
});
var msg413 = match({
dissect: {
tokenizer: "VPNClient: Split DNS Policy installed: List of domains:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1123,
]),
});
var msg414 = match({
dissect: {
tokenizer: "Created secure tunnel to peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1124,
]),
});
var all196 = all_match({
processors: [
dup1125,
dup4,
dup1126,
],
on_success: processor_chain([
dup141,
dup1127,
]),
});
var msg415 = match({
dissect: {
tokenizer: "%{event_description}: %{interface} %{protocol} src %{saddr}/%{sport} dest %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1128,
]),
});
var msg416 = match({
dissect: {
tokenizer: "Built UDP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1129,
]),
});
var msg417 = match({
dissect: {
tokenizer: "Built outbound UDP connection %{fld1} for %{dinterface}:%{daddr}/%{dport} (%{hostip}) to %{sinterface}:%{saddr}/%{sport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1130,
]),
});
var msg418 = match({
dissect: {
tokenizer: "Built %{direction} UDP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1131,
]),
});
var select87 = linear_select([
msg416,
msg417,
msg418,
]);
var msg419 = match({
dissect: {
tokenizer: "%{application}: Update import-user %{domain}\\\\%{group} done",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1132,
]),
});
var all197 = all_match({
processors: [
dup1133,
dup1134,
dup1135,
],
on_success: processor_chain([
dup285,
dup1136,
]),
});
var all198 = all_match({
processors: [
dup1133,
dup1134,
dup1137,
],
on_success: processor_chain([
dup285,
dup1138,
]),
});
var select88 = linear_select([
all197,
all198,
]);
var msg420 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup1139,
]),
});
var all199 = all_match({
processors: [
dup1140,
dup1141,
dup1142,
],
on_success: processor_chain([
dup327,
dup1143,
]),
});
var all200 = all_match({
processors: [
dup1140,
dup1141,
dup1144,
],
on_success: processor_chain([
dup327,
dup1145,
]),
});
var select89 = linear_select([
all199,
all200,
]);
var msg421 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Internal Error, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1146,
]),
});
var msg422 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Session terminated: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1147,
]),
});
var msg423 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup1148,
]),
});
var msg424 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1149,
]),
});
var msg425 = match({
dissect: {
tokenizer: "Process dead peer[%{peer}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1150,
]),
});
var msg426 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1151,
]),
});
var msg427 = match({
dissect: {
tokenizer: "ASDM logging session number %{sessionid} from %{hostip} started %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup1152,
]),
});
var msg428 = match({
dissect: {
tokenizer: "%{service} daemon interface %{interface}: Packet denied from %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1153,
]),
});
var msg429 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Received request to rekey an IPsec tunnel; local traffic selector = %{info}; remote traffic selector = %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1154,
]),
});
var msg430 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} %{fld1} Received request to establish an IPsec tunnel; local traffic selector = %{info}; remote traffic selector = %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1155,
]),
});
var select90 = linear_select([
msg429,
msg430,
]);
var msg431 = match({
dissect: {
tokenizer: "IP packet from %{saddr} to %{daddr}, protocol %{protocol} received from interface \"%{interface}\" %{space} deny by access-group \"%{fld1}\"",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1156,
]),
});
var msg432 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not able to shut down, shut down request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1157,
]),
});
var msg433 = match({
dissect: {
tokenizer: "GTP packet with version %{status} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} is not supported",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1158,
]),
});
var all201 = all_match({
processors: [
dup249,
dup250,
dup1159,
],
on_success: processor_chain([
dup33,
dup1160,
]),
});
var all202 = all_match({
processors: [
dup1161,
dup1162,
dup1163,
],
on_success: processor_chain([
dup33,
dup1164,
]),
});
var msg434 = match({
dissect: {
tokenizer: "URL Server %{hostip} request pending URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup1165,
]),
});
var msg435 = match({
dissect: {
tokenizer: "Strict FTP inspection matched Class 25: %{info}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1166,
]),
});
var msg436 = match({
dissect: {
tokenizer: "Security context %{info} was removed from the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1167,
]),
});
var msg437 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1168,
]),
});
var select91 = linear_select([
msg436,
msg437,
]);
var msg438 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1169,
]),
});
var msg439 = match({
dissect: {
tokenizer: "(%{context}) %{event_description} %{fld1}, seq = %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1170,
]),
});
var msg440 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1171,
]),
});
var select92 = linear_select([
msg439,
msg440,
]);
var msg441 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup1172,
]),
});
var msg442 = match({
dissect: {
tokenizer: "Received %{result} from unknown neighbor %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1173,
]),
});
var msg443 = match({
dissect: {
tokenizer: "Process %{fld1}, Nbr %{hostip} on %{interface} from %{fld2} to %{fld3}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1174,
dup1175,
]),
});
var msg444 = match({
dissect: {
tokenizer: "static %{fld1} %{fld2} %{fld3} %{fld4} overlapped with %{fld5} %{fld6}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1176,
]),
});
var msg445 = match({
dissect: {
tokenizer: "%{sigid} HTTP RFC method illegal - %{listnum} '%{protocol}' from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1177,
]),
});
var msg446 = match({
dissect: {
tokenizer: "%{sigid} HTTP - matched %{fld1} in policy-map %{policyname}, header matched - Resetting connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1178,
]),
});
var select93 = linear_select([
msg445,
msg446,
]);
var all203 = all_match({
processors: [
dup1179,
dup1180,
dup1181,
],
on_success: processor_chain([
dup1182,
dup1183,
]),
});
var all204 = all_match({
processors: [
dup1184,
dup1185,
],
on_success: processor_chain([
dup93,
dup1186,
]),
});
var msg447 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1187,
]),
});
var msg448 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1188,
]),
});
var msg449 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup1189,
]),
});
var all205 = all_match({
processors: [
dup1190,
dup4,
dup1191,
],
on_success: processor_chain([
dup110,
dup1192,
]),
});
var msg450 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1193,
]),
});
var msg451 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1194,
]),
});
var msg452 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup1195,
]),
});
var all206 = all_match({
processors: [
dup12,
dup4,
dup1196,
],
on_success: processor_chain([
dup1019,
dup1197,
]),
});
var msg453 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1198,
]),
});
var select94 = linear_select([
all206,
msg453,
]);
var all207 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1199,
]),
});
var msg454 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1200,
]),
});
var select95 = linear_select([
all207,
msg454,
]);
var all208 = all_match({
processors: [
dup1201,
dup1202,
dup1203,
],
on_success: processor_chain([
dup14,
dup1204,
]),
});
var all209 = all_match({
processors: [
dup1205,
dup4,
],
on_success: processor_chain([
dup81,
dup1206,
]),
});
var all210 = all_match({
processors: [
dup12,
dup4,
dup1207,
],
on_success: processor_chain([
dup1019,
dup1208,
]),
});
var msg455 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} refCnt [%{fld1}] and tunnelCnt [%{fld2}] -- deleting SA!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1209,
]),
});
var select96 = linear_select([
all210,
msg455,
]);
var msg456 = match({
dissect: {
tokenizer: "Power Supply %{dclass_counter1}: Failure Detected",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1210,
]),
});
var msg457 = match({
dissect: {
tokenizer: "Local CA Server certificate enrollment related info for user: %{username}. Info: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1211,
]),
});
var msg458 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} - user: %{username} aaa authentication %{disposition}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1212,
]),
});
var msg459 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1213,
]),
});
var all211 = all_match({
processors: [
dup1214,
dup1215,
dup1216,
dup1217,
],
on_success: processor_chain([
dup288,
dup1218,
]),
});
var all212 = all_match({
processors: [
dup1219,
dup1220,
],
on_success: processor_chain([
dup288,
dup1221,
]),
});
var all213 = all_match({
processors: [
dup1222,
dup1223,
],
on_success: processor_chain([
dup288,
dup1224,
]),
});
var all214 = all_match({
processors: [
dup1225,
dup1226,
],
on_success: processor_chain([
dup288,
dup1227,
]),
});
var all215 = all_match({
processors: [
dup1228,
dup1229,
dup1230,
dup1231,
],
on_success: processor_chain([
dup288,
dup1232,
]),
});
var msg460 = match({
dissect: {
tokenizer: "Built ICMP connection for faddr %{saddr} gaddr %{hostip} laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1233,
]),
});
var select97 = linear_select([
all211,
all212,
all213,
all214,
all215,
msg460,
]);
var msg461 = match({
dissect: {
tokenizer: "RIP hdr failed from %{saddr}: cmd=%{fld1}, version=%{fld2} domain=%{fld3} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1234,
]),
});
var msg462 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup1235,
]),
});
var all216 = all_match({
processors: [
dup518,
dup519,
dup1236,
],
on_success: processor_chain([
dup33,
dup1237,
]),
});
var all217 = all_match({
processors: [
dup518,
dup519,
dup1238,
],
on_success: processor_chain([
dup33,
dup1239,
]),
});
var select98 = linear_select([
all216,
all217,
]);
var msg463 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1240,
]),
});
var msg464 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1241,
]),
});
var msg465 = match({
dissect: {
tokenizer: "CRYPTO: Received an ESP packet (SPI = %{dst_spi}, sequence number= %{fld2}) from %{saddr} (user= %{username}) to %{daddr} with incorrect IPsec padding. (padding: %{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1242,
]),
});
var msg466 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1243,
]),
});
var msg467 = match({
dissect: {
tokenizer: "State machine return code: %{result}, %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1244,
]),
});
var all218 = all_match({
processors: [
dup1245,
dup1246,
dup1247,
],
on_success: processor_chain([
dup579,
dup1248,
]),
});
var msg468 = match({
dissect: {
tokenizer: "%{icmptype} code %{icmpcode}",
field: "nwparser.p2",
},
});
var all219 = all_match({
processors: [
dup1249,
dup1246,
dup1250,
msg468,
],
on_success: processor_chain([
dup579,
dup1251,
]),
});
var all220 = all_match({
processors: [
dup1252,
dup1246,
dup1247,
],
on_success: processor_chain([
dup579,
dup1253,
]),
});
var select99 = linear_select([
all218,
all219,
all220,
]);
var msg469 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{domain}\\%{fld3}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{fld4}) (%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1254,
]),
});
var all221 = all_match({
processors: [
dup736,
dup737,
dup1255,
dup1256,
],
on_success: processor_chain([
dup288,
dup1257,
]),
});
var all222 = all_match({
processors: [
dup741,
dup742,
],
on_success: processor_chain([
dup288,
dup1258,
]),
});
var all223 = all_match({
processors: [
dup1259,
dup1260,
dup757,
dup750,
dup751,
],
on_success: processor_chain([
dup288,
dup1261,
]),
});
var msg470 = match({
dissect: {
tokenizer: "Built %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1262,
]),
});
var select100 = linear_select([
msg469,
all221,
all222,
all223,
msg470,
]);
var all224 = all_match({
processors: [
dup1263,
dup1080,
dup1264,
dup161,
dup1265,
],
on_success: processor_chain([
dup10,
dup1266,
]),
});
var msg471 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1267,
]),
});
var all225 = all_match({
processors: [
dup1268,
dup1044,
],
on_success: processor_chain([
dup285,
dup1269,
]),
});
var msg472 = match({
dissect: {
tokenizer: "%{service} translation creation failed for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1270,
]),
});
var msg473 = match({
dissect: {
tokenizer: "%{service} translation creation failed for %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1271,
]),
});
var msg474 = match({
dissect: {
tokenizer: "%{service} translation creation failed for icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1272,
]),
});
var select101 = linear_select([
msg472,
msg473,
msg474,
]);
var all226 = all_match({
processors: [
dup249,
dup250,
dup1273,
],
on_success: processor_chain([
dup33,
dup1274,
]),
});
var msg475 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1276,
]),
});
var msg476 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup1277,
]),
});
var msg477 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup1278,
]),
});
var msg478 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1279,
]),
});
var msg479 = match({
dissect: {
tokenizer: "Dropping %{protocol} request from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} because: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1280,
]),
});
var msg480 = match({
dissect: {
tokenizer: "Denied IPv6-ICMP type=%{icmptype}, code=%{icmpcode} from %{saddr} on interface %{interface} (where %{fld3} was an IPv6 source address).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1281,
]),
});
var msg481 = match({
dissect: {
tokenizer: "Denied IPv6-ICMP type=%{icmptype}, code=%{icmpcode} from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1282,
]),
});
var select102 = linear_select([
msg480,
msg481,
]);
var all227 = all_match({
processors: [
dup12,
dup4,
dup1283,
],
on_success: processor_chain([
dup85,
dup1284,
]),
});
var msg482 = match({
dissect: {
tokenizer: "Could not build portmap translation for %{saddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1285,
]),
});
var msg483 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1286,
]),
});
var msg484 = match({
dissect: {
tokenizer: "%{protocol} detected an attached application using local port %{sport} and destination port %{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1287,
]),
});
var msg485 = match({
dissect: {
tokenizer: "GTP Tunnel created from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1288,
]),
});
var msg486 = match({
dissect: {
tokenizer: "failed to sync master key for password encryption, reason=%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1289,
]),
});
var all228 = all_match({
processors: [
dup1290,
dup4,
],
on_success: processor_chain([
dup85,
dup1291,
]),
});
var msg487 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1292,
]),
});
var msg488 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} encountered an error (%{info})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1121,
dup1293,
]),
});
var msg489 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1294,
]),
});
var msg490 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1295,
]),
});
var msg491 = match({
dissect: {
tokenizer: "IKE Initiator unable to find policy: Intf %{interface}, Src: %{saddr}, Dst: %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1296,
]),
});
var msg492 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1297,
]),
});
var msg493 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1298,
]),
});
var msg494 = match({
dissect: {
tokenizer: "Discard IP fragment set with more than %{fld1} elements: %{space} src = %{saddr}, dest = %{daddr}, proto = %{protocol}, id = %{policy_id}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1299,
]),
});
var msg495 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1300,
]),
});
var all229 = all_match({
processors: [
dup1301,
dup1302,
dup1303,
],
on_success: processor_chain([
dup93,
dup1304,
]),
});
var msg496 = match({
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1305,
]),
});
var msg497 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr},%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup1306,
]),
});
var msg498 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1307,
]),
});
var all230 = all_match({
processors: [
dup1308,
dup1309,
dup1310,
],
on_success: processor_chain([
dup285,
dup1311,
]),
});
var all231 = all_match({
processors: [
dup1301,
dup1302,
dup1303,
],
on_success: processor_chain([
dup93,
dup1312,
]),
});
var all232 = all_match({
processors: [
dup321,
dup322,
],
on_success: processor_chain([
dup14,
dup1313,
]),
});
var all233 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup1314,
]),
});
var select103 = linear_select([
all232,
all233,
]);
var msg499 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1315,
]),
});
var all234 = all_match({
processors: [
dup1316,
dup1317,
],
on_success: processor_chain([
dup14,
dup1318,
]),
});
var all235 = all_match({
processors: [
dup1319,
dup4,
dup1320,
],
on_success: processor_chain([
dup767,
dup1321,
]),
});
var msg500 = match({
dissect: {
tokenizer: "user-identity: [FQDN] %{domain} resolved %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1322,
dup1323,
]),
});
var msg501 = match({
dissect: {
tokenizer: "Translation for %{saddr} to %{daddr}/%{dport} denied by %{direction} (destination is denied) %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1324,
]),
});
var msg502 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1325,
dup1326,
]),
});
var all236 = all_match({
processors: [
dup1327,
dup1328,
dup1329,
dup1330,
],
on_success: processor_chain([
dup579,
dup1331,
]),
});
var all237 = all_match({
processors: [
dup1327,
dup1328,
dup1332,
],
on_success: processor_chain([
dup579,
dup1333,
]),
});
var select104 = linear_select([
all236,
all237,
]);
var msg503 = match({
dissect: {
tokenizer: "Shared %{protocol} license availability: %{info}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1334,
]),
});
var all238 = all_match({
processors: [
dup1335,
dup1336,
],
on_success: processor_chain([
dup33,
dup1337,
]),
});
var msg504 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect session resumed connection from IP \u003c\u003c%{hostip}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1338,
]),
});
var all239 = all_match({
processors: [
dup127,
dup64,
dup1339,
],
on_success: processor_chain([
dup68,
dup1340,
]),
});
var msg505 = match({
dissect: {
tokenizer: "SFR requested to drop %{protocol} packet from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1341,
]),
});
var msg506 = match({
dissect: {
tokenizer: "Manager session limit exceeded. Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1342,
]),
});
var msg507 = match({
dissect: {
tokenizer: "Failed to save logging buffer using file name %{filename} to FTP server %{hostip} on interface %{interface}: [%{result}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1343,
]),
});
var all240 = all_match({
processors: [
dup1344,
dup64,
dup1345,
dup1346,
dup1347,
],
on_success: processor_chain([
dup573,
dup1348,
]),
});
var all241 = all_match({
processors: [
dup1349,
dup64,
dup65,
dup1346,
dup1350,
],
on_success: processor_chain([
dup573,
dup1351,
]),
});
var select105 = linear_select([
all240,
all241,
]);
var all242 = all_match({
processors: [
dup127,
dup64,
dup1352,
dup1353,
dup1354,
],
on_success: processor_chain([
dup33,
dup1355,
]),
});
var msg508 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1356,
]),
});
var msg509 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1357,
]),
});
var msg510 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1358,
]),
});
var msg511 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1359,
]),
});
var msg512 = match({
dissect: {
tokenizer: "Teardown %{context} translation from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1360,
]),
});
var msg513 = match({
dissect: {
tokenizer: "Teardown %{context} translation from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1361,
]),
});
var select106 = linear_select([
msg512,
msg513,
]);
var msg514 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} missing client %{hostip} option",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1362,
]),
});
var msg515 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1363,
]),
});
var msg516 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1364,
]),
});
var msg517 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}: %{duration} seconds.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup1365,
]),
});
var msg518 = match({
dissect: {
tokenizer: "%{direction} thread is awake (context=%{context}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1366,
]),
});
var msg519 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} forwarded bytes %{bytes} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1367,
]),
});
var msg520 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} - user: %{username} aaa authentication started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1368,
]),
});
var all243 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup14,
dup1369,
]),
});
var all244 = all_match({
processors: [
dup1370,
dup1371,
],
on_success: processor_chain([
dup68,
dup1372,
]),
});
var msg521 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1373,
]),
});
var msg522 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1374,
]),
});
var msg523 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1375,
]),
});
var msg524 = match({
dissect: {
tokenizer: "IKE Initiator sending 3rd QM pkt: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1376,
]),
});
var select107 = linear_select([
msg523,
msg524,
]);
var msg525 = match({
dissect: {
tokenizer: "Router %{hostip_v6} on %{interface} has conflicting ND (Neighbor Discovery) settings",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup1377,
]),
});
var msg526 = match({
dissect: {
tokenizer: "HTTP daemon interface %{interface}: connection denied from %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1378,
]),
});
var msg527 = match({
dissect: {
tokenizer: "SSL lib error. Function: %{info} Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1379,
]),
});
var all245 = all_match({
processors: [
dup1380,
dup4,
],
on_success: processor_chain([
dup334,
dup1381,
]),
});
var all246 = all_match({
processors: [
dup1382,
dup4,
],
on_success: processor_chain([
dup334,
dup1383,
]),
});
var select108 = linear_select([
all245,
all246,
]);
var msg528 = match({
dissect: {
tokenizer: "%{process}: Freeing local pool address %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1384,
]),
});
var msg529 = match({
dissect: {
tokenizer: "%{process}: Session=%{sessionid}, Freeing local pool address %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1385,
]),
});
var select109 = linear_select([
msg528,
msg529,
]);
var msg530 = match({
dissect: {
tokenizer: "TCP flow from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} is skipped because %{application} has failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1386,
]),
});
var msg531 = match({
dissect: {
tokenizer: "%{direction} %{protocol} connection denied from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1387,
]),
});
var msg532 = match({
dissect: {
tokenizer: "%{direction} %{protocol} connection denied from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1388,
]),
});
var select110 = linear_select([
msg531,
msg532,
]);
var msg533 = match({
dissect: {
tokenizer: "Translation for %{hostip} denied by %{direction} (source is denied) %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1389,
]),
});
var msg534 = match({
dissect: {
tokenizer: "Translation for %{hostip} denied by %{direction} %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1390,
]),
});
var select111 = linear_select([
msg533,
msg534,
]);
var msg535 = match({
dissect: {
tokenizer: "Deny IP teardrop fragment (size = %{fld1}, offset = %{fld2}) from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup1391,
]),
});
var msg536 = match({
dissect: {
tokenizer: "Teardown GRE connection %{connectionid} from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup1392,
]),
});
var all247 = all_match({
processors: [
dup1393,
dup540,
dup1394,
],
on_success: processor_chain([
dup125,
dup1395,
]),
});
var msg537 = match({
dissect: {
tokenizer: "VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup1396,
]),
});
var msg538 = match({
dissect: {
tokenizer: "Certificate was successfully validated. %{result} serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1397,
dup1398,
]),
});
var msg539 = match({
dissect: {
tokenizer: "Call-Home Module started%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1399,
]),
});
var all248 = all_match({
processors: [
dup1400,
dup1401,
dup1402,
],
on_success: processor_chain([
dup14,
dup1403,
]),
});
var msg540 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1404,
]),
});
var all249 = all_match({
processors: [
dup1405,
dup1406,
dup1407,
],
on_success: processor_chain([
dup33,
dup1408,
]),
});
var msg541 = match({
dissect: {
tokenizer: "IKEv1 was unsuccessful at setting up a tunnel. Map Tag = %{info}. Map Sequence Number = %{dclass_counter1}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1409,
]),
});
var msg542 = match({
dissect: {
tokenizer: "%{node} was unsuccessful at setting up a tunnel. Map Tag = %{info}. Map Sequence Number = %{dclass_counter1}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1410,
]),
});
var select112 = linear_select([
msg541,
msg542,
]);
var msg543 = match({
dissect: {
tokenizer: "Connection denied src %{saddr} dest %{daddr} due to JAVA Applet on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1411,
]),
});
var msg544 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1412,
]),
});
var msg545 = match({
dissect: {
tokenizer: "Pre-allocate SIP %{fld1} secondary channel for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1413,
]),
});
var all250 = all_match({
processors: [
dup664,
dup1071,
dup1072,
],
on_success: processor_chain([
dup10,
dup1414,
]),
});
var msg546 = match({
dissect: {
tokenizer: "IKE got a KEY_ADD msg for SA: SPI = %{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1415,
dup1416,
]),
});
var select113 = linear_select([
all250,
msg546,
]);
var msg547 = match({
dissect: {
tokenizer: "Device chooses cipher : %{fld1} for the SSL session with client %{interface}:%{hostip}/%{network_port}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1417,
]),
});
var msg548 = match({
dissect: {
tokenizer: "Device chooses cipher %{fld1} for the SSL session with client %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1418,
]),
});
var select114 = linear_select([
msg547,
msg548,
]);
var msg549 = match({
dissect: {
tokenizer: "%{severity}, category: %{result}",
field: "nwparser.p5",
},
});
var all251 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup1419,
dup1420,
msg549,
],
on_success: processor_chain([
dup33,
dup1421,
]),
});
var all252 = all_match({
processors: [
dup1422,
dup1423,
],
on_success: processor_chain([
dup285,
dup1424,
]),
});
var all253 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup1425,
],
on_success: processor_chain([
dup68,
dup1426,
]),
});
var msg550 = match({
dissect: {
tokenizer: "Translation built for gaddr %{hostip} to laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1427,
]),
});
var msg551 = match({
dissect: {
tokenizer: "Deny %{protocol} reverse path check from %{saddr} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1428,
]),
});
var msg552 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1429,
]),
});
var msg553 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1430,
]),
});
var all254 = all_match({
processors: [
dup12,
dup4,
dup1431,
],
on_success: processor_chain([
dup1432,
dup1433,
]),
});
var msg554 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup1434,
]),
});
var all255 = all_match({
processors: [
dup1435,
dup4,
dup1436,
],
on_success: processor_chain([
dup110,
dup1437,
]),
});
var msg555 = match({
dissect: {
tokenizer: "Phone Proxy SRTP: Media session not found for %{hostip}/%{network_port} for packet from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1438,
]),
});
var msg556 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1439,
]),
});
var msg557 = match({
dissect: {
tokenizer: "IPFRAG: First Frag have not been seen %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup1440,
]),
});
var msg558 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} requires mschap for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1441,
]),
});
var msg559 = match({
dissect: {
tokenizer: "%{saddr}, %{action} [%{fld1}]",
field: "nwparser.p0",
},
});
var all256 = all_match({
processors: [
dup1442,
msg559,
],
on_success: processor_chain([
dup55,
dup1443,
]),
});
var msg560 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received %{protocol} Aggressive Mode message %{fld1} with unknown tunnel group name '%{group}'.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1444,
]),
});
var msg561 = match({
dissect: {
tokenizer: "Could not build translation for %{saddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1445,
]),
});
var msg562 = match({
dissect: {
tokenizer: "%{sigid} HTTP Transfer encoding violation detected - %{listnum} %{protocol} Transfer encoding not allowed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1446,
]),
});
var all257 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup1447,
dup501,
dup1448,
],
on_success: processor_chain([
dup68,
dup1449,
]),
});
var msg563 = match({
dissect: {
tokenizer: "[%{obj_name}] %{action}. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1450,
]),
});
var all258 = all_match({
processors: [
dup1451,
dup1452,
dup1453,
],
on_success: processor_chain([
dup285,
dup1454,
]),
});
var all259 = all_match({
processors: [
dup12,
dup4,
dup1455,
],
on_success: processor_chain([
dup33,
dup1456,
]),
});
var msg564 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Remote Peer configured for crypto map: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1457,
]),
});
var select115 = linear_select([
all259,
msg564,
]);
var msg565 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1458,
]),
});
var msg566 = match({
dissect: {
tokenizer: "%{action} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} with different initial sequence number",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1459,
]),
});
var msg567 = match({
dissect: {
tokenizer: "Cleared TCP urgent flag from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1460,
]),
});
var msg568 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1461,
]),
});
var all260 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1462,
]),
});
var msg569 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1463,
]),
});
var msg570 = match({
dissect: {
tokenizer: "SSL client %{interface}:%{hostip}/%{network_port} proposes the following %{fld1} cipher(s).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1464,
]),
});
var msg571 = match({
dissect: {
tokenizer: "SSL client %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport} proposes the following %{fld1} cipher(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1465,
]),
});
var select116 = linear_select([
msg570,
msg571,
]);
var msg572 = match({
dissect: {
tokenizer: "Deny %{direction} protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1466,
]),
});
var msg573 = match({
dissect: {
tokenizer: "Deny %{direction} icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1467,
]),
});
var msg574 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1468,
]),
});
var msg575 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1469,
]),
});
var select117 = linear_select([
msg572,
msg573,
msg574,
msg575,
]);
var msg576 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1470,
]),
});
var all261 = all_match({
processors: [
dup1471,
dup1472,
dup1473,
],
on_success: processor_chain([
dup33,
dup1474,
]),
});
var all262 = all_match({
processors: [
dup1471,
dup1472,
dup1475,
],
on_success: processor_chain([
dup33,
dup1476,
]),
});
var select118 = linear_select([
all261,
all262,
]);
var msg577 = match({
dissect: {
tokenizer: "Identified client certificate within certificate chain. serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1477,
]),
});
var all263 = all_match({
processors: [
dup1478,
dup1479,
],
on_success: processor_chain([
dup14,
dup1480,
]),
});
var all264 = all_match({
processors: [
dup238,
dup1481,
dup1482,
],
on_success: processor_chain([
dup14,
dup1483,
]),
});
var all265 = all_match({
processors: [
dup1484,
dup4,
],
on_success: processor_chain([
dup141,
dup1485,
]),
});
var msg578 = match({
dissect: {
tokenizer: "Acknowledge for arp update for IP address %{daddr} not received (%{count}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1486,
]),
});
var msg579 = match({
dissect: {
tokenizer: "The subject name of the peer cert is not allowed for connection%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1487,
]),
});
var select119 = linear_select([
msg578,
msg579,
]);
var msg580 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1488,
]),
});
var all266 = all_match({
processors: [
dup127,
dup64,
dup866,
],
on_success: processor_chain([
dup867,
dup1489,
]),
});
var msg581 = match({
dissect: {
tokenizer: "access-list %{listnum} %{action} %{protocol} for user '%{username}' %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1490,
]),
});
var msg582 = match({
dissect: {
tokenizer: "access-list %{listnum} %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1491,
]),
});
var select120 = linear_select([
msg581,
msg582,
]);
var msg583 = match({
dissect: {
tokenizer: "System CPU utilization reached %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1493,
]),
});
var all267 = all_match({
processors: [
dup648,
dup208,
dup1494,
],
on_success: processor_chain([
dup55,
dup1495,
]),
});
var msg584 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1496,
]),
});
var msg585 = match({
dissect: {
tokenizer: "%{saddr} attempted to ping %{daddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1497,
]),
});
var msg586 = match({
dissect: {
tokenizer: "RIP auth failed from %{saddr}: version=%{fld1}, type=%{fld2}, mode=%{fld3}, sequence=%{fld4} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1498,
]),
});
var select121 = linear_select([
msg585,
msg586,
]);
var all268 = all_match({
processors: [
dup1499,
dup1500,
dup1501,
],
on_success: processor_chain([
dup528,
dup1502,
]),
});
var msg587 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1503,
]),
});
var msg588 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1504,
]),
});
var msg589 = match({
dissect: {
tokenizer: "Resource %{fld1} log level of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1505,
]),
});
var all269 = all_match({
processors: [
dup249,
dup250,
dup1506,
],
on_success: processor_chain([
dup33,
dup1507,
]),
});
var msg590 = match({
dissect: {
tokenizer: "Module in slot%{fld1}is not able to shut down. %{space} Module Error: %{fld2} %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1508,
]),
});
var all270 = all_match({
processors: [
dup1509,
dup4,
],
on_success: processor_chain([
dup89,
dup1510,
]),
});
var all271 = all_match({
processors: [
dup1511,
dup1512,
],
on_success: processor_chain([
dup89,
dup1513,
]),
});
var select122 = linear_select([
all270,
all271,
]);
var msg591 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1514,
]),
});
var all272 = all_match({
processors: [
dup1515,
dup1516,
dup1517,
],
on_success: processor_chain([
dup33,
dup1518,
]),
});
var all273 = all_match({
processors: [
dup1515,
dup1516,
dup1519,
],
on_success: processor_chain([
dup33,
dup1520,
]),
});
var select123 = linear_select([
all272,
all273,
]);
var all274 = all_match({
processors: [
dup1521,
dup1522,
dup1523,
],
on_success: processor_chain([
dup14,
dup1524,
]),
});
var msg592 = match({
dissect: {
tokenizer: "Failed to save logging buffer to flash:/syslog directory using filename: %{filename}: [%{result}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1525,
]),
});
var msg593 = match({
dissect: {
tokenizer: "%{sigid} HTTP Extension method illegal - %{listnum} '%{protocol}' from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1526,
]),
});
var all275 = all_match({
processors: [
dup1527,
dup352,
],
on_success: processor_chain([
dup33,
dup1528,
]),
});
var all276 = all_match({
processors: [
dup1529,
dup1530,
],
on_success: processor_chain([
dup14,
dup1531,
]),
});
var select124 = linear_select([
all275,
all276,
]);
var msg594 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1532,
]),
});
var msg595 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1533,
]),
});
var all277 = all_match({
processors: [
dup1534,
dup1535,
dup1536,
],
on_success: processor_chain([
dup68,
dup1537,
]),
});
var msg596 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1538,
]),
});
var all278 = all_match({
processors: [
dup12,
dup4,
dup1539,
],
on_success: processor_chain([
dup1540,
dup1541,
]),
});
var msg597 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup680,
dup1542,
]),
});
var all279 = all_match({
processors: [
dup664,
dup665,
dup666,
],
on_success: processor_chain([
dup33,
dup1543,
]),
});
var all280 = all_match({
processors: [
dup1544,
dup64,
dup65,
dup360,
dup1545,
],
on_success: processor_chain([
dup285,
dup1546,
]),
});
var all281 = all_match({
processors: [
dup648,
dup208,
dup1547,
],
on_success: processor_chain([
dup55,
dup1548,
]),
});
var all282 = all_match({
processors: [
dup99,
dup1549,
],
on_success: processor_chain([
dup55,
dup1550,
]),
});
var msg598 = match({
dissect: {
tokenizer: "(%{context})%{event_description} (reason code = %{resultcode}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup1551,
]),
});
var msg599 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1552,
]),
});
var msg600 = match({
dissect: {
tokenizer: "Deny traffic for local-host %{interface}:%{hostip}, license limit of %{fld1} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup1553,
]),
});
var all283 = all_match({
processors: [
dup1554,
dup1555,
dup1556,
],
on_success: processor_chain([
dup1557,
dup1558,
]),
});
var all284 = all_match({
processors: [
dup1559,
dup1560,
dup1561,
],
on_success: processor_chain([
dup33,
dup1562,
]),
});
var msg601 = match({
dissect: {
tokenizer: "Device proposes %{fld1} cipher(s) to server %{interface}:%{hostip}/%{network_port}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1563,
]),
});
var select125 = linear_select([
all284,
msg601,
]);
var msg602 = match({
dissect: {
tokenizer: "Call-Home %{info} message to %{web_host} delivered",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1564,
]),
});
var msg603 = match({
dissect: {
tokenizer: "Received KEEPALIVE response from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1565,
]),
});
var all285 = all_match({
processors: [
dup1566,
dup1567,
dup1568,
],
on_success: processor_chain([
dup767,
dup1569,
]),
});
var msg604 = match({
dissect: {
tokenizer: "%{sigid} HTTP URL Length exceeded. Received %{priority} byte URL - %{listnum} URI length exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1570,
]),
});
var msg605 = match({
dissect: {
tokenizer: "VPNClient: Head end : %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1571,
]),
});
var msg606 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Tunnel Rejected: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1572,
]),
});
var msg607 = match({
dissect: {
tokenizer: "GSN ip_addr tunnel limit %{fld1} exceeded, PDP Context TID %{fld2} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1573,
]),
});
var msg608 = match({
dissect: {
tokenizer: "LU SMNAME error = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1574,
]),
});
var msg609 = match({
dissect: {
tokenizer: "Access denied URL %{url} SRC %{saddr} DEST %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1575,
]),
});
var msg610 = match({
dissect: {
tokenizer: "Access denied URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1576,
]),
});
var select126 = linear_select([
msg609,
msg610,
]);
var all286 = all_match({
processors: [
dup1577,
dup603,
],
on_success: processor_chain([
dup1540,
dup1578,
]),
});
var all287 = all_match({
processors: [
dup1471,
dup824,
dup655,
],
on_success: processor_chain([
dup33,
dup1579,
]),
});
var all288 = all_match({
processors: [
dup1471,
dup824,
dup653,
],
on_success: processor_chain([
dup33,
dup1580,
]),
});
var select127 = linear_select([
all287,
all288,
]);
var msg611 = match({
dissect: {
tokenizer: "Power Supply Unit Redundancy Lost%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1581,
]),
});
var msg612 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1582,
]),
});
var all289 = all_match({
processors: [
dup1583,
dup322,
],
on_success: processor_chain([
dup14,
dup1584,
]),
});
var all290 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup1585,
]),
});
var select128 = linear_select([
all289,
all290,
]);
var msg613 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1586,
]),
});
var msg614 = match({
dissect: {
tokenizer: "Shared license backup server %{hostip} is not available",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1587,
]),
});
var all291 = all_match({
processors: [
dup664,
dup1588,
dup1589,
dup1590,
dup1591,
dup1592,
],
on_success: processor_chain([
dup93,
dup1593,
]),
});
var all292 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1594,
],
on_success: processor_chain([
dup68,
dup1595,
]),
});
var all293 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1596,
dup1597,
dup1598,
dup1599,
dup1600,
],
on_success: processor_chain([
dup288,
dup1601,
]),
});
var all294 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1602,
],
on_success: processor_chain([
dup288,
dup1603,
]),
});
var select129 = linear_select([
all293,
all294,
]);
var msg615 = match({
dissect: {
tokenizer: "Rejected %{fld1} Hostscan data from IP \u003c\u003c%{saddr}\u003e. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1604,
]),
});
var all295 = all_match({
processors: [
dup1605,
dup1606,
dup1607,
],
on_success: processor_chain([
dup473,
dup1608,
]),
});
var all296 = all_match({
processors: [
dup1609,
dup1610,
dup1611,
dup1612,
],
on_success: processor_chain([
dup579,
dup1613,
]),
});
var all297 = all_match({
processors: [
dup1614,
dup1615,
],
on_success: processor_chain([
dup579,
dup1616,
]),
});
var all298 = all_match({
processors: [
dup1617,
dup1615,
],
on_success: processor_chain([
dup579,
dup1618,
]),
});
var all299 = all_match({
processors: [
dup1609,
dup1619,
dup1620,
dup1621,
dup1622,
dup1623,
],
on_success: processor_chain([
dup579,
dup1624,
]),
});
var all300 = all_match({
processors: [
dup1609,
dup1619,
dup1620,
dup1625,
dup1626,
dup1627,
],
on_success: processor_chain([
dup579,
dup1628,
]),
});
var msg616 = match({
dissect: {
tokenizer: "%{duration} bytes %{bytes}",
field: "nwparser.p3",
},
});
var all301 = all_match({
processors: [
dup1609,
dup1629,
dup1620,
dup1630,
msg616,
],
on_success: processor_chain([
dup579,
dup1631,
]),
});
var msg617 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1632,
]),
});
var msg618 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1633,
]),
});
var select130 = linear_select([
all296,
all297,
all298,
all299,
all300,
all301,
msg617,
msg618,
]);
var all302 = all_match({
processors: [
dup1634,
dup1635,
dup1636,
dup1637,
dup1638,
dup446,
dup1639,
dup1640,
dup1641,
],
on_success: processor_chain([
dup33,
dup1642,
]),
});
var msg619 = match({
dissect: {
tokenizer: "The license on this ASA does not support dynamic filter updater feature.%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup1643,
]),
});
var msg620 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect session lost connection. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1644,
]),
});
var all303 = all_match({
processors: [
dup1645,
dup4,
dup1646,
],
on_success: processor_chain([
dup110,
dup1647,
]),
});
var msg621 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1648,
]),
});
var all304 = all_match({
processors: [
dup1649,
dup4,
dup1650,
],
on_success: processor_chain([
dup334,
dup1651,
]),
});
var msg622 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1652,
]),
});
var msg623 = match({
dissect: {
tokenizer: "IKE Initiator starting QM: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1653,
]),
});
var select131 = linear_select([
msg622,
msg623,
]);
var msg624 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1654,
]),
});
var msg625 = match({
dissect: {
tokenizer: "URL Server %{hostip} request failed URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup1655,
]),
});
var msg626 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1656,
]),
});
var msg627 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP %{saddr}, Rule: %{fld1} Client: %{fld2} - allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1657,
]),
});
var msg628 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP %{saddr}, Rule: %{fld1} OS : %{fld3} Client: %{fld2} - NOT allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1658,
]),
});
var select132 = linear_select([
msg627,
msg628,
]);
var msg629 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1659,
]),
});
var all305 = all_match({
processors: [
dup1660,
dup4,
],
on_success: processor_chain([
dup141,
dup1661,
]),
});
var all306 = all_match({
processors: [
dup1662,
dup4,
],
on_success: processor_chain([
dup141,
dup1663,
]),
});
var select133 = linear_select([
all305,
all306,
]);
var msg630 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Mismatch: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1664,
]),
});
var msg631 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1665,
]),
});
var all307 = all_match({
processors: [
dup494,
dup495,
dup496,
],
on_success: processor_chain([
dup93,
dup1666,
]),
});
var msg632 = match({
dissect: {
tokenizer: "%{process}: Client requested address %{hostip}, request succeeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1667,
]),
});
var msg633 = match({
dissect: {
tokenizer: "%{process}: AAA assigned address %{hostip} succeeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1668,
]),
});
var select134 = linear_select([
msg632,
msg633,
]);
var msg634 = match({
dissect: {
tokenizer: "Free unallocated global IP address.%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1669,
]),
});
var all308 = all_match({
processors: [
dup324,
dup1670,
],
on_success: processor_chain([
dup33,
dup1671,
]),
});
var all309 = all_match({
processors: [
dup393,
dup1672,
],
on_success: processor_chain([
dup14,
dup1673,
]),
});
var all310 = all_match({
processors: [
dup396,
dup1674,
],
on_success: processor_chain([
dup14,
dup1675,
]),
});
var all311 = all_match({
processors: [
dup1676,
dup1677,
],
on_success: processor_chain([
dup14,
dup1678,
]),
});
var msg635 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1679,
]),
});
var select135 = linear_select([
all309,
all310,
all311,
msg635,
]);
var msg636 = match({
dissect: {
tokenizer: "Fragment database limit of %{fld1} exceeded: %{space} src = %{saddr}, %{space} dest = %{daddr}, proto = %{protocol}, id = %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1680,
]),
});
var msg637 = match({
dissect: {
tokenizer: "Denied manager connection from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1681,
]),
});
var msg638 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1682,
]),
});
var msg639 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1683,
]),
});
var msg640 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup1684,
]),
});
var msg641 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup1685,
]),
});
var msg642 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1686,
]),
});
var all312 = all_match({
processors: [
dup421,
dup1687,
dup1688,
dup1689,
dup1690,
dup1691,
],
on_success: processor_chain([
dup10,
dup1692,
]),
});
var msg643 = match({
dissect: {
tokenizer: "%{saddr}, %{event_description}",
field: "nwparser.p0",
},
});
var all313 = all_match({
processors: [
dup1693,
msg643,
],
on_success: processor_chain([
dup33,
dup1694,
]),
});
var all314 = all_match({
processors: [
dup1695,
dup1696,
],
on_success: processor_chain([
dup14,
dup1697,
]),
});
var msg644 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1698,
]),
});
var msg645 = match({
dissect: {
tokenizer: "%{service} error, slot = %{fld1}, device = %{fld2}, address = %{fld3}, byte count = %{bytes}. Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1699,
]),
});
var msg646 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1700,
]),
});
var msg647 = match({
dissect: {
tokenizer: "GTPv version %{fld1} from %{sinterface}:%{saddr}/%{sport} not accepted by %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1701,
]),
});
var msg648 = match({
dissect: {
tokenizer: "IP = %{daddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1702,
]),
});
var msg649 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1703,
]),
});
var msg650 = match({
dissect: {
tokenizer: "Sent TOPOLOGY indicator to %{space} [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1704,
]),
});
var msg651 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1705,
]),
});
var msg652 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1706,
]),
});
var msg653 = match({
dissect: {
tokenizer: "Tunnel Manager dispatching a %{fld3} message to IKEv1. Map Tag = %{fld1}. Map Sequence Number = %{fld2}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1707,
]),
});
var msg654 = match({
dissect: {
tokenizer: "Local CA Server internal error detected: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1708,
]),
});
var msg655 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1709,
]),
});
var all315 = all_match({
processors: [
dup1710,
dup1711,
dup1712,
],
on_success: processor_chain([
dup285,
dup1713,
]),
});
var msg656 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport} due to DNS %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1714,
]),
});
var msg657 = match({
dissect: {
tokenizer: "LU create static xlate %{hostip} ifc %{interface} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1715,
]),
});
var msg658 = match({
dissect: {
tokenizer: "ike_DelOldCentryAndCreateNew(): %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1716,
]),
});
var all316 = all_match({
processors: [
dup1527,
dup1717,
],
on_success: processor_chain([
dup93,
dup1718,
]),
});
var msg659 = match({
dissect: {
tokenizer: "Unable to contruct xauth message, no message%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1719,
]),
});
var select136 = linear_select([
msg658,
all316,
msg659,
]);
var all317 = all_match({
processors: [
dup12,
dup4,
dup1720,
],
on_success: processor_chain([
dup33,
dup1721,
]),
});
var msg660 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKEGetUserAttributes: %{change_attribute} = %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1722,
]),
});
var select137 = linear_select([
all317,
msg660,
]);
var msg661 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1723,
]),
});
var msg662 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1724,
]),
});
var msg663 = match({
dissect: {
tokenizer: "Send OOS indicator failure to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1725,
]),
});
var msg664 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1726,
]),
});
var all318 = all_match({
processors: [
dup1727,
dup1728,
dup1729,
dup1730,
dup1731,
dup1732,
],
on_success: processor_chain([
dup33,
dup1733,
]),
});
var all319 = all_match({
processors: [
dup1727,
dup1728,
dup1729,
dup1734,
dup1731,
dup446,
dup1735,
],
on_success: processor_chain([
dup33,
dup1736,
]),
});
var select138 = linear_select([
all318,
all319,
]);
var msg665 = match({
dissect: {
tokenizer: "Denied invalid %{protocol} code %{icmpcode}, for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3}), ICMP id %{fld4}, ICMP type %{icmptype}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1737,
]),
});
var all320 = all_match({
processors: [
dup249,
dup250,
dup1738,
],
on_success: processor_chain([
dup33,
dup1739,
]),
});
var msg666 = match({
dissect: {
tokenizer: "Embryonic limit %{fld1}/%{fld2} for through connections exceeded. %{saddr}/%{sport} to %{daddr} (%{fld3})/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1740,
]),
});
var msg667 = match({
dissect: {
tokenizer: "Embryonic limit for through connections exceeded %{fld1}. %{saddr}/%{sport} to %{daddr} (%{fld2})/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1741,
]),
});
var select139 = linear_select([
msg666,
msg667,
]);
var all321 = all_match({
processors: [
dup1742,
],
on_success: processor_chain([
dup1743,
dup1744,
]),
});
var msg668 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1745,
]),
});
var msg669 = match({
dissect: {
tokenizer: "IP address collision detected between host %{hostip} at %{smacaddr} and interface %{dinterface}, %{dmacaddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1746,
dup1747,
]),
});
var msg670 = match({
dissect: {
tokenizer: "[%{protocol}] %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup1748,
]),
});
var msg671 = match({
dissect: {
tokenizer: "Failed to authenticate with dynamic filter updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1749,
]),
});
var msg672 = match({
dissect: {
tokenizer: "Virtual Sensor %{vsys} was deleted from the %{product}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1750,
]),
});
var msg673 = match({
dissect: {
tokenizer: "Group = %{host}, IP = %{daddr}, Unknown identification type, Phase %{fld1}, Type %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1751,
dup1752,
]),
});
var all322 = all_match({
processors: [
dup1753,
dup1754,
],
on_success: processor_chain([
dup33,
dup1755,
]),
});
var msg674 = match({
dissect: {
tokenizer: "SSL Server %{interface}:%{hostip}/%{network_port} choose cipher : %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1756,
]),
});
var all323 = all_match({
processors: [
dup249,
dup250,
dup1757,
],
on_success: processor_chain([
dup33,
dup1758,
]),
});
var msg675 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1759,
]),
});
var msg676 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1760,
]),
});
var msg677 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1761,
]),
});
var msg678 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Initiator sending Initial Contact",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1762,
]),
});
var msg679 = match({
dissect: {
tokenizer: "Received HELLO response from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1763,
]),
});
var msg680 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1764,
]),
});
var msg681 = match({
dissect: {
tokenizer: "LU loading standby start%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1765,
]),
});
var msg682 = match({
dissect: {
tokenizer: "Built inbound GRE connection %{connectionid} from %{sinterface}:%{saddr} (%{stransaddr}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1766,
]),
});
var msg683 = match({
dissect: {
tokenizer: "Built outbound GRE connection %{connectionid} from %{dinterface}:%{daddr} (%{dtransaddr}) to %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1767,
]),
});
var select140 = linear_select([
msg682,
msg683,
]);
var msg684 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} payload type: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1768,
]),
});
var msg685 = match({
dissect: {
tokenizer: "access-list %{listnum} permit url %{url} hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1769,
]),
});
var msg686 = match({
dissect: {
tokenizer: "Teardown UDP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1770,
]),
});
var msg687 = match({
dissect: {
tokenizer: "Teardown UDP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1771,
]),
});
var select141 = linear_select([
msg686,
msg687,
]);
var msg688 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1772,
]),
});
var msg689 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Negotiation aborted due to ERROR: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1773,
]),
});
var msg690 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} %{severity} Configuration Payload request for attribute %{obj_name} could not be processed. Error: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1774,
]),
});
var all324 = all_match({
processors: [
dup1775,
dup1776,
dup452,
dup1777,
dup74,
dup1778,
],
on_success: processor_chain([
dup110,
dup1779,
]),
});
var all325 = all_match({
processors: [
dup1775,
dup610,
dup1780,
],
on_success: processor_chain([
dup110,
dup1781,
]),
});
var select142 = linear_select([
all324,
all325,
]);
var all326 = all_match({
processors: [
dup1782,
dup1783,
dup1784,
dup1785,
dup1786,
],
on_success: processor_chain([
dup93,
dup1787,
]),
});
var all327 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1788,
]),
});
var msg691 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1789,
]),
});
var all328 = all_match({
processors: [
dup1790,
dup4,
dup930,
],
on_success: processor_chain([
dup1791,
dup1792,
]),
});
var all329 = all_match({
processors: [
dup714,
dup1793,
dup1794,
dup1795,
dup1796,
dup1778,
],
on_success: processor_chain([
dup10,
dup1797,
]),
});
var all330 = all_match({
processors: [
dup12,
dup4,
dup1798,
],
on_success: processor_chain([
dup1799,
dup1800,
]),
});
var all331 = all_match({
processors: [
dup12,
dup4,
dup1801,
],
on_success: processor_chain([
dup81,
dup1802,
]),
});
var msg692 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Remote peer has failed user authentication - %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1803,
]),
});
var select143 = linear_select([
all331,
msg692,
]);
var all332 = all_match({
processors: [
dup12,
dup4,
dup1804,
],
on_success: processor_chain([
dup14,
dup1805,
]),
});
var msg693 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Client Type: %{product} Client Application Version: %{version}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1806,
]),
});
var select144 = linear_select([
all332,
msg693,
]);
var all333 = all_match({
processors: [
dup1807,
dup4,
dup1808,
dup1809,
dup1786,
],
on_success: processor_chain([
dup579,
dup1810,
]),
});
var msg694 = match({
dissect: {
tokenizer: "Deny %{protocol} connection spoof from %{saddr} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1811,
]),
});
var msg695 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1812,
]),
});
var msg696 = match({
dissect: {
tokenizer: "Successfully downloaded dynamic filter data file from updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1813,
]),
});
var msg697 = match({
dissect: {
tokenizer: "Rec'd packet not an PPTP packet. (%{service}) dest_addr=%{daddr}, src_addr=%{saddr}, data: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup1814,
]),
});
var msg698 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Tunnel Rejected: %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1815,
]),
});
var msg699 = match({
dissect: {
tokenizer: "(%{context}) Testing on interface %{interface} %{disposition}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1816,
]),
});
var msg700 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1817,
]),
});
var msg701 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} requires RADIUS for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1818,
]),
});
var msg702 = match({
dissect: {
tokenizer: "Begin configuration: %{hostip} writing to %{device}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1819,
]),
});
var msg703 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map = %{fld1}, seq = %{fld2}, no ACL configured",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1820,
]),
});
var msg704 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1821,
]),
});
var msg705 = match({
dissect: {
tokenizer: "%{fld1}: rec'd IPSEC packet has invalid spi for destaddr=%{daddr}, prot=%{protocol}, spi=%{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1822,
]),
});
var msg706 = match({
dissect: {
tokenizer: "%{product}: Received an ICMP Destination Unreachable from %{saddr},%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1823,
]),
});
var all334 = all_match({
processors: [
dup1824,
dup352,
],
on_success: processor_chain([
dup55,
dup1825,
]),
});
var msg707 = match({
dissect: {
tokenizer: "%{saddr}, %{action} (P2 struct %{fld11}, mess id %{fld12})!",
field: "nwparser.p0",
},
});
var all335 = all_match({
processors: [
dup1826,
msg707,
],
on_success: processor_chain([
dup55,
dup1827,
]),
});
var msg708 = match({
dissect: {
tokenizer: "%{saddr} , %{action}",
field: "nwparser.p0",
},
});
var all336 = all_match({
processors: [
dup1826,
msg708,
],
on_success: processor_chain([
dup55,
dup1828,
]),
});
var select145 = linear_select([
all334,
all335,
all336,
]);
var msg709 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1829,
]),
});
var msg710 = match({
dissect: {
tokenizer: "Power Supply %{dclass_counter1}: OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1830,
]),
});
var msg711 = match({
dissect: {
tokenizer: "Local:%{saddr}:%{sport} Remote:%{daddr}:%{dport} Username:%{username} Configured attribute not supported for IKEv2. Attribute: %{obj_name}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1831,
]),
});
var msg712 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1832,
]),
});
var all337 = all_match({
processors: [
dup1833,
dup322,
],
on_success: processor_chain([
dup93,
dup1834,
]),
});
var msg713 = match({
dissect: {
tokenizer: "Start VPN Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1835,
]),
});
var all338 = all_match({
processors: [
dup1836,
dup4,
dup1837,
],
on_success: processor_chain([
dup1838,
dup1839,
]),
});
var msg714 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1840,
]),
});
var msg715 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{saddr} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1841,
dup1842,
]),
});
var msg716 = match({
dissect: {
tokenizer: "%{product}: Received an ICMP Destination Unreachable from %{saddr} with %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1843,
]),
});
var msg717 = match({
dissect: {
tokenizer: "telnet login session failed from %{saddr} (%{result}) on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1844,
dup1845,
]),
});
var msg718 = match({
dissect: {
tokenizer: "telnet login session failed from %{saddr} (%{result})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1844,
dup1846,
]),
});
var select146 = linear_select([
msg717,
msg718,
]);
var msg719 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1847,
]),
});
var msg720 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) Enable APCF XML file path %{filename} on the standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1848,
]),
});
var msg721 = match({
dissect: {
tokenizer: "Non-embryonic in embryonic list %{saddr}/%{sport} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1849,
]),
});
var all339 = all_match({
processors: [
dup1850,
dup4,
dup1851,
],
on_success: processor_chain([
dup93,
dup1852,
]),
});
var msg722 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1853,
]),
});
var all340 = all_match({
processors: [
dup664,
dup665,
dup1854,
],
on_success: processor_chain([
dup1855,
dup1856,
]),
});
var all341 = all_match({
processors: [
dup12,
dup4,
dup1857,
],
on_success: processor_chain([
dup33,
dup1858,
]),
});
var msg723 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, MODE_CFG: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1859,
]),
});
var select147 = linear_select([
all341,
msg723,
]);
var msg724 = match({
dissect: {
tokenizer: "user-identity: [FQDN] %{domain} address %{hostip} obsolete",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1860,
]),
});
var msg725 = match({
dissect: {
tokenizer: "Local CA Server CRL info: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup1861,
]),
});
var all342 = all_match({
processors: [
dup1862,
dup4,
dup930,
],
on_success: processor_chain([
dup85,
dup1863,
]),
});
var msg726 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1864,
]),
});
var msg727 = match({
dissect: {
tokenizer: "The \u003c\u003c%{fld1}\u003e certificate in the trustpoint \u003c\u003c%{cert_hostname}\u003e has expired. Expiration \u003c\u003c%{fld2}\u003e Subject Name \u003c\u003c%{cert_subject}\u003e Issuer Name \u003c\u003c%{dn}\u003e Serial Number \u003c\u003c%{serial_number}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1865,
]),
});
var msg728 = match({
dissect: {
tokenizer: "%{protocol} connection limit exceeded from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1866,
]),
});
var msg729 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} denied due to NAT reverse path failure",
field: "nwparser.p1",
},
});
var all343 = all_match({
processors: [
dup1867,
dup1868,
msg729,
],
on_success: processor_chain([
dup412,
dup1869,
]),
});
var msg730 = match({
dissect: {
tokenizer: "%{result}; Connection for %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1870,
]),
});
var msg731 = match({
dissect: {
tokenizer: "%{result}; Connection for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1871,
]),
});
var select148 = linear_select([
all343,
msg730,
msg731,
]);
var msg732 = match({
dissect: {
tokenizer: "Route update for IP address %{daddr} to %{fld1} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1872,
]),
});
var msg733 = match({
dissect: {
tokenizer: "Resource %{fld1} rate log level of %{fld2} %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1873,
]),
});
var all344 = all_match({
processors: [
dup687,
dup688,
dup1874,
dup690,
dup74,
dup691,
dup692,
dup693,
dup694,
dup695,
],
on_success: processor_chain([
dup93,
dup1875,
]),
});
var msg734 = match({
dissect: {
tokenizer: "Deny traffic for protocol %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}, licensed host limit of %{fld1} exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup1876,
]),
});
var msg735 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1877,
]),
});
var msg736 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{fld6}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1841,
dup1878,
]),
});
var msg737 = match({
dissect: {
tokenizer: "(%{context}) Link status 'Up' on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1879,
]),
});
var msg738 = match({
dissect: {
tokenizer: "ARP inspection check failed for arp request received from host %{smacaddr} on interface %{interface}.%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1880,
]),
});
var all345 = all_match({
processors: [
dup1807,
dup4,
dup1881,
],
on_success: processor_chain([
dup33,
dup1882,
]),
});
var all346 = all_match({
processors: [
dup1807,
dup4,
dup1883,
],
on_success: processor_chain([
dup33,
dup1884,
]),
});
var all347 = all_match({
processors: [
dup1807,
dup4,
dup1885,
],
on_success: processor_chain([
dup33,
dup1886,
]),
});
var all348 = all_match({
processors: [
dup1807,
dup4,
dup1887,
],
on_success: processor_chain([
dup33,
dup1888,
]),
});
var select149 = linear_select([
all345,
all346,
all347,
all348,
]);
var msg739 = match({
dissect: {
tokenizer: "Power Supply %{dclass_counter1}: Fan OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1889,
]),
});
var msg740 = match({
dissect: {
tokenizer: "(%{context}) %{event_description} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1890,
]),
});
var msg741 = match({
dissect: {
tokenizer: "(%{context})%{event_description} OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1891,
]),
});
var select150 = linear_select([
msg740,
msg741,
]);
var all349 = all_match({
processors: [
dup1301,
dup1892,
],
on_success: processor_chain([
dup93,
dup1893,
]),
});
var msg742 = match({
dissect: {
tokenizer: "%{sigid} Content type not found - %{listnum} Content Verification Failed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1894,
]),
});
var msg743 = match({
dissect: {
tokenizer: "%{sigid} Content type not found - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1895,
]),
});
var select151 = linear_select([
msg742,
msg743,
]);
var msg744 = match({
dissect: {
tokenizer: "%{sigid} HTTP Header length exceeded. Received %{priority} byte Header - %{listnum} header length exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1896,
]),
});
var msg745 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1897,
]),
});
var msg746 = match({
dissect: {
tokenizer: "Sent HELLO response to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1898,
]),
});
var msg747 = match({
dissect: {
tokenizer: "Dynamic DNS Update for '%{domain}' \u003c\u003c=\u003e %{hostip} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup1899,
]),
});
var msg748 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1900,
]),
});
var msg749 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1901,
]),
});
var msg750 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1902,
]),
});
var all350 = all_match({
processors: [
dup1319,
dup4,
dup1903,
],
on_success: processor_chain([
dup10,
dup1904,
]),
});
var msg751 = match({
dissect: {
tokenizer: "(%{context}) Lost Failover communications with mate on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup1905,
]),
});
var all351 = all_match({
processors: [
dup1906,
dup4,
dup930,
],
on_success: processor_chain([
dup85,
dup1907,
]),
});
var msg752 = match({
dissect: {
tokenizer: "(FUNCTION:%{fld1}) pix clear %{fld2} return %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1908,
]),
});
var msg753 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1909,
]),
});
var msg754 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1910,
]),
});
var msg755 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup1911,
]),
});
var msg756 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{result}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1912,
]),
});
var all352 = all_match({
processors: [
dup1913,
dup1914,
dup1915,
dup1916,
dup1917,
dup1918,
dup1919,
],
on_success: processor_chain([
dup204,
dup1920,
]),
});
var msg757 = match({
dissect: {
tokenizer: "Bad Checksum in %{network_service} response",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup1921,
]),
});
var all353 = all_match({
processors: [
dup1922,
dup1914,
dup1915,
dup1916,
dup1917,
dup1918,
dup1919,
],
on_success: processor_chain([
dup204,
dup1923,
]),
});
var select152 = linear_select([
all352,
msg757,
all353,
]);
var msg758 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1924,
]),
});
var msg759 = match({
dissect: {
tokenizer: "DAP: Processing error: Code %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1925,
]),
});
var msg760 = match({
dissect: {
tokenizer: "%{application}: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1926,
]),
});
var msg761 = match({
dissect: {
tokenizer: "SFR requested ASA to bypass further packet redirection and process %{protocol} flow from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} locally",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1927,
]),
});
var msg762 = match({
dissect: {
tokenizer: "Denied SSH session from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1928,
]),
});
var msg763 = match({
dissect: {
tokenizer: "Portmapped translation built for gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1929,
]),
});
var all354 = all_match({
processors: [
dup1930,
dup570,
dup1931,
],
on_success: processor_chain([
dup89,
dup1932,
]),
});
var msg764 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1933,
]),
});
var msg765 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1934,
]),
});
var all355 = all_match({
processors: [
dup1935,
dup895,
dup1936,
],
on_success: processor_chain([
dup14,
dup1937,
]),
});
var msg766 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1938,
dup1939,
]),
});
var msg767 = match({
dissect: {
tokenizer: "%{action} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1940,
]),
});
var msg768 = match({
dissect: {
tokenizer: "%{application}: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1941,
]),
});
var msg769 = match({
dissect: {
tokenizer: "%{group}: %{fld1} Neighbor %{saddr} (%{interface}) is %{event_state}: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1942,
]),
});
var msg770 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1943,
]),
});
var msg771 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1944,
]),
});
var msg772 = match({
dissect: {
tokenizer: "Clustering: Found a split cluster with both %{fld1} and %{fld2} as master units. Master role retained by %{fld3}, %{fld4} will leave then join as a slave",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1945,
]),
});
var msg773 = match({
dissect: {
tokenizer: "Unable to send an %{protocol} response to IP Address %{daddr} Port %{dport} interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1946,
]),
});
var msg774 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1947,
]),
});
var msg775 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup1948,
]),
});
var msg776 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map %{fld1}, seq = %{fld2} is a successful match",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1949,
]),
});
var msg777 = match({
dissect: {
tokenizer: "Certificate chain failed validation. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1950,
]),
});
var msg778 = match({
dissect: {
tokenizer: "No management IP address configured for transparent firewall. %{result} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1951,
]),
});
var msg779 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1952,
]),
});
var msg780 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1953,
]),
});
var msg781 = match({
dissect: {
tokenizer: "ASDM logging session number %{sessionid} from %{hostip} ended",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1954,
]),
});
var msg782 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1955,
]),
});
var all356 = all_match({
processors: [
dup1956,
dup1957,
dup1958,
dup1959,
],
on_success: processor_chain([
dup1960,
dup1961,
]),
});
var msg783 = match({
dissect: {
tokenizer: "Unable to receive an %{protocol} request on interface %{interface}, error code = %{resultcode}, will try again.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1962,
]),
});
var msg784 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1963,
]),
});
var all357 = all_match({
processors: [
dup249,
dup250,
dup1964,
],
on_success: processor_chain([
dup33,
dup1965,
]),
});
var msg785 = match({
dissect: {
tokenizer: "%{protocol} access denied by ACL from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1966,
]),
});
var all358 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup1019,
dup1967,
]),
});
var msg786 = match({
dissect: {
tokenizer: "Group %{fld0} User %{username} IP %{saddr} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1968,
]),
});
var msg787 = match({
dissect: {
tokenizer: "Local CA Server CRL error: %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1969,
]),
});
var all359 = all_match({
processors: [
dup1970,
dup1957,
dup1958,
dup1971,
dup1972,
],
on_success: processor_chain([
dup68,
dup1973,
]),
});
var msg788 = match({
dissect: {
tokenizer: "Shared license register request failed, Reason:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1974,
]),
});
var msg789 = match({
dissect: {
tokenizer: "Failed to decrypt downloaded dynamic filter database file%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup1975,
]),
});
var all360 = all_match({
processors: [
dup1976,
dup1977,
dup1978,
],
on_success: processor_chain([
dup437,
dup1979,
]),
});
var all361 = all_match({
processors: [
dup1980,
],
on_success: processor_chain([
dup1981,
dup1982,
]),
});
var all362 = all_match({
processors: [
dup1983,
dup208,
dup209,
],
on_success: processor_chain([
dup14,
dup1984,
]),
});
var msg790 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received DPD sequence number %{fld1} in R_U_THERE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1985,
]),
});
var all363 = all_match({
processors: [
dup12,
dup4,
dup1986,
],
on_success: processor_chain([
dup33,
dup1987,
]),
});
var msg791 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup1988,
]),
});
var all364 = all_match({
processors: [
dup466,
dup4,
dup1989,
],
on_success: processor_chain([
dup81,
dup1990,
]),
});
var msg792 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, Detected Hardware Client in network extension mode, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1991,
]),
});
var all365 = all_match({
processors: [
dup1992,
dup1993,
dup1994,
dup1995,
],
on_success: processor_chain([
dup33,
dup1996,
]),
});
var msg793 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup1997,
]),
});
var all366 = all_match({
processors: [
dup1998,
dup71,
dup1999,
dup161,
],
on_success: processor_chain([
dup334,
dup2000,
]),
});
var msg794 = match({
dissect: {
tokenizer: "%{service} daemon interface %{interface}: Authentication failed for packet from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup2001,
]),
});
var msg795 = match({
dissect: {
tokenizer: "Deny IP due to Land Attack from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2002,
]),
});
var msg796 = match({
dissect: {
tokenizer: "Packet contains ActiveX content and has been modified src %{saddr} dest to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2003,
dup2004,
]),
});
var select153 = linear_select([
msg795,
msg796,
]);
var msg797 = match({
dissect: {
tokenizer: "ActiveX content modified src %{saddr} dest %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup2005,
]),
});
var msg798 = match({
dissect: {
tokenizer: "Duplicate entry already in Tunnel Manager%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2006,
]),
});
var msg799 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup2007,
]),
});
var msg800 = match({
dissect: {
tokenizer: "Dropping echo request from %{saddr} to PAT address %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2008,
]),
});
var msg801 = match({
dissect: {
tokenizer: "Dropping echo request from %{saddr} to address %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2009,
]),
});
var select154 = linear_select([
msg800,
msg801,
]);
var all367 = all_match({
processors: [
dup1056,
dup4,
dup2010,
],
on_success: processor_chain([
dup285,
dup2011,
]),
});
var msg802 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup2012,
]),
});
var all368 = all_match({
processors: [
dup1422,
dup2013,
dup2014,
],
on_success: processor_chain([
dup1855,
dup2015,
]),
});
var msg803 = match({
dissect: {
tokenizer: "FTP port command low port: %{saddr}/%{sport} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup227,
dup2016,
]),
});
var msg804 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{saddr} AP:%{access_point}: *%{event_time_string}: %DOT11-6-ASSOC: Interface %{interface}, Station %{macaddr} REAP Associated KEY_MGMT[%{fld6}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2017,
]),
});
var msg805 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{saddr} AP:%{access_point}: *%{event_time_string}: %DOT11-6-DISASSOC: Interface %{interface}, Deauthenticating Station %{macaddr} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2018,
]),
});
var msg806 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{agent}[%{process_id}]: pam_unix(%{service}): session opened for user %{username} by (uid=%{uid})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup2019,
]),
});
var msg807 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{agent}[%{process_id}]: pam_unix(%{service}): session closed for user %{username}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup2020,
]),
});
var msg808 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{agent}[%{process_id}]: (%{username}) CMD (%{action})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1841,
dup2021,
]),
});
var msg809 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1841,
dup2022,
]),
});
var select155 = linear_select([
msg804,
msg805,
msg806,
msg807,
msg808,
msg809,
]);
var msg810 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup2023,
]),
});
var msg811 = match({
dissect: {
tokenizer: "Per-client connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2024,
]),
});
var msg812 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup2025,
]),
});
var all369 = all_match({
processors: [
dup2026,
dup2027,
dup2028,
dup161,
],
on_success: processor_chain([
dup334,
dup2029,
]),
});
var msg813 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup2030,
]),
});
var msg814 = match({
dissect: {
tokenizer: "area %{fld1} lsid %{fld2} mask %{fld3} adv %{fld4} type %{fld5}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2031,
]),
});
var all370 = all_match({
processors: [
dup2032,
dup2033,
],
on_success: processor_chain([
dup33,
dup2034,
]),
});
var all371 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup2035,
]),
});
var msg815 = match({
dissect: {
tokenizer: "IPFRAG: Unable to allocate frag record for %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2036,
]),
});
var msg816 = match({
dissect: {
tokenizer: "LU recv thread up%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2037,
]),
});
var all372 = all_match({
processors: [
dup249,
dup250,
dup2038,
],
on_success: processor_chain([
dup33,
dup2039,
]),
});
var msg817 = match({
dissect: {
tokenizer: "%{action} Issuer: %{dn}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2040,
]),
});
var msg818 = match({
dissect: {
tokenizer: "%{fld2} Doesn't have a transform set specified",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2041,
]),
});
var msg819 = match({
dissect: {
tokenizer: "No matching request to process GTPv %{fld2} %{fld3} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2042,
]),
});
var msg820 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} rcvd pkt with invalid protocol: %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2043,
]),
});
var msg821 = match({
dissect: {
tokenizer: "Group = %{group} IP = %{saddr}, %{action}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2044,
]),
});
var msg822 = match({
dissect: {
tokenizer: "Tunnel Manager Removed entry. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2045,
]),
});
var msg823 = match({
dissect: {
tokenizer: "TCP connection limit of %{dclass_counter1} for host %{hostip} on %{interface} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2046,
]),
});
var msg824 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup2047,
]),
});
var all373 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup2048,
dup499,
dup2049,
],
on_success: processor_chain([
dup10,
dup2050,
]),
});
var msg825 = match({
dissect: {
tokenizer: "%{fld1} %{fld2} %{fld3}:%{fld4}:%{fld5} %{fld6}: [%{fld7}] %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1841,
dup2051,
]),
});
var all374 = all_match({
processors: [
dup2052,
dup802,
dup2053,
dup2054,
dup2055,
],
on_success: processor_chain([
dup2056,
dup2057,
]),
});
var msg826 = match({
dissect: {
tokenizer: "Deny %{protocol} (Connection marked for Deletion) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{network_service} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2058,
]),
});
var select156 = linear_select([
all374,
msg826,
]);
var all375 = all_match({
processors: [
dup1609,
dup1610,
dup2059,
dup2060,
],
on_success: processor_chain([
dup579,
dup2061,
]),
});
var all376 = all_match({
processors: [
dup2062,
dup2063,
],
on_success: processor_chain([
dup579,
dup2064,
]),
});
var all377 = all_match({
processors: [
dup1609,
dup2065,
dup2066,
dup2067,
],
on_success: processor_chain([
dup579,
dup2068,
]),
});
var all378 = all_match({
processors: [
dup2069,
dup2070,
],
on_success: processor_chain([
dup579,
dup2071,
]),
});
var all379 = all_match({
processors: [
dup1609,
dup2072,
dup2073,
dup2074,
],
on_success: processor_chain([
dup579,
dup2075,
]),
});
var all380 = all_match({
processors: [
dup2076,
dup2077,
],
on_success: processor_chain([
dup579,
dup2078,
]),
});
var select157 = linear_select([
all375,
all376,
all377,
all378,
all379,
all380,
]);
var msg827 = match({
dissect: {
tokenizer: "Failed to inject TCP packet from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2079,
]),
});
var all381 = all_match({
processors: [
dup12,
dup4,
dup2080,
],
on_success: processor_chain([
dup68,
dup2081,
]),
});
var all382 = all_match({
processors: [
dup99,
dup2082,
],
on_success: processor_chain([
dup68,
dup2083,
]),
});
var select158 = linear_select([
all381,
all382,
]);
var all383 = all_match({
processors: [
dup127,
dup64,
dup2084,
],
on_success: processor_chain([
dup285,
dup2085,
]),
});
var msg828 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup2086,
]),
});
var msg829 = match({
dissect: {
tokenizer: "To ensure Smart Call Home can properly communicate with Cisco, use the command \"%{action}\" to configure at least one DNS server.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2087,
]),
});
var msg830 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup2088,
]),
});
var msg831 = match({
dissect: {
tokenizer: "No matching connection for ICMP error message: icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) on %{interface} interface. Original IP payload:%{info}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2089,
]),
});
var msg832 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2090,
]),
});
var msg833 = match({
dissect: {
tokenizer: "Device failed SSL handshake with client %{interface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2091,
dup2092,
]),
});
var msg834 = match({
dissect: {
tokenizer: "Device failed SSL handshake with %{interface}:%{hostip}/%{network_port}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2091,
dup2093,
]),
});
var select159 = linear_select([
msg833,
msg834,
]);
var msg835 = match({
dissect: {
tokenizer: "Power Supply %{dclass_counter1}: Fan Failure Detected",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2094,
]),
});
var all384 = all_match({
processors: [
dup2095,
dup2096,
dup2097,
dup161,
],
on_success: processor_chain([
dup2098,
dup2099,
]),
});
var msg836 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2100,
]),
});
var msg837 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2101,
]),
});
var all385 = all_match({
processors: [
dup2102,
],
on_success: processor_chain([
dup1540,
dup2103,
]),
});
var all386 = all_match({
processors: [
dup823,
dup1472,
dup1473,
],
on_success: processor_chain([
dup33,
dup2104,
]),
});
var all387 = all_match({
processors: [
dup823,
dup1472,
dup1475,
],
on_success: processor_chain([
dup33,
dup2105,
]),
});
var select160 = linear_select([
all386,
all387,
]);
var msg838 = match({
dissect: {
tokenizer: "Received packet with missing payload, Expected payload: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup2106,
]),
});
var msg839 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2107,
]),
});
var all388 = all_match({
processors: [
dup2108,
dup2109,
],
on_success: processor_chain([
dup14,
dup2110,
]),
});
var all389 = all_match({
processors: [
dup2111,
dup2112,
],
on_success: processor_chain([
dup14,
dup2113,
]),
});
var msg840 = match({
dissect: {
tokenizer: "%{sigid} Content type does not match specified type - %{listnum} Content Verification Failed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2114,
]),
});
var msg841 = match({
dissect: {
tokenizer: "PPTP session state not established, but received an XGRE packet, tunnel_id=%{fld1}, session_id=%{sessionid}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2115,
]),
});
var all390 = all_match({
processors: [
dup651,
dup2116,
dup653,
],
on_success: processor_chain([
dup68,
dup2117,
]),
});
var all391 = all_match({
processors: [
dup651,
dup2116,
dup655,
],
on_success: processor_chain([
dup68,
dup2118,
]),
});
var select161 = linear_select([
all390,
all391,
]);
var msg842 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2119,
]),
});
var msg843 = match({
dissect: {
tokenizer: "Module in slot%{fld1}is not able to reload.%{space}Module Error:%{fld2} %{data}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2120,
]),
});
var msg844 = match({
dissect: {
tokenizer: "%{sigid} HTTP protocol violation detected - %{listnum} HTTP Protocol not detected from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2121,
]),
});
var msg845 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2122,
]),
});
var msg846 = match({
dissect: {
tokenizer: "Power Supply Unit Redundancy OK%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2123,
]),
});
var msg847 = match({
dissect: {
tokenizer: "CLOCK: %{fld1}, source: %{fld2}, IP: %{saddr}, before: %{change_old}, after: %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup2124,
]),
});
var all392 = all_match({
processors: [
dup2125,
dup2126,
],
on_success: processor_chain([
dup2127,
dup2128,
]),
});
var msg848 = match({
dissect: {
tokenizer: "Embryonic connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2129,
]),
});
var msg849 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2130,
dup2131,
]),
});
var msg850 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{daddr}/%{dport} (responder), remote %{saddr}/%{sport}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup2132,
]),
});
var msg851 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{saddr}/%{sport} (initiator), remote %{daddr}/%{dport}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup2133,
]),
});
var select162 = linear_select([
msg850,
msg851,
]);
var all393 = all_match({
processors: [
dup207,
dup208,
dup209,
],
on_success: processor_chain([
dup10,
dup2134,
]),
});
var all394 = all_match({
processors: [
dup127,
dup64,
dup2135,
dup2136,
],
on_success: processor_chain([
dup55,
dup2137,
]),
});
var msg852 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2138,
]),
});
var all395 = all_match({
processors: [
dup12,
dup4,
dup2139,
],
on_success: processor_chain([
dup68,
dup2140,
]),
});
var all396 = all_match({
processors: [
dup12,
dup4,
dup2141,
],
on_success: processor_chain([
dup68,
dup2142,
]),
});
var all397 = all_match({
processors: [
dup12,
dup4,
dup2143,
],
on_success: processor_chain([
dup68,
dup2144,
]),
});
var select163 = linear_select([
all395,
all396,
all397,
]);
var msg853 = match({
dissect: {
tokenizer: "Moving connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} to non-proxy mode - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2145,
]),
});
var msg854 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description} (function=%{fld1}, line=%{fld2}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2146,
]),
});
var all398 = all_match({
processors: [
dup2147,
dup2148,
dup2149,
],
on_success: processor_chain([
dup14,
dup2150,
]),
});
var msg855 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2151,
]),
});
var msg856 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2152,
]),
});
var all399 = all_match({
processors: [
dup2153,
dup2154,
],
on_success: processor_chain([
dup579,
dup2155,
]),
});
var all400 = all_match({
processors: [
dup12,
dup4,
dup2156,
],
on_success: processor_chain([
dup55,
dup2157,
]),
});
var all401 = all_match({
processors: [
dup2158,
dup2159,
],
on_success: processor_chain([
dup55,
dup2160,
]),
});
var msg857 = match({
dissect: {
tokenizer: "IP = %{saddr} , %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2161,
]),
});
var all402 = all_match({
processors: [
dup2162,
],
on_success: processor_chain([
dup93,
dup2163,
]),
});
var select164 = linear_select([
all400,
all401,
msg857,
all402,
]);
var all403 = all_match({
processors: [
dup31,
dup352,
],
on_success: processor_chain([
dup33,
dup2164,
]),
});
var msg858 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup2165,
]),
});
var msg859 = match({
dissect: {
tokenizer: "Authorization denied from %{saddr}/%{sport} to %{daddr}/%{dport} (not authenticated)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
dup2166,
]),
});
var msg860 = match({
dissect: {
tokenizer: "%{fld1}(): Orphan IP %{hostip} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2167,
]),
});
var msg861 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup2168,
]),
});
var msg862 = match({
dissect: {
tokenizer: "H225 message from %{saddr}/%{sport} to %{daddr}/%{dport} contains bad protocol discriminator %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup2169,
]),
});
var all404 = all_match({
processors: [
dup2170,
dup2171,
dup2172,
],
on_success: processor_chain([
dup93,
dup2173,
]),
});
var msg863 = match({
dissect: {
tokenizer: "IPS requested to drop %{protocol} packets %{sinterface}:%{saddr} to %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2174,
]),
});
var msg864 = match({
dissect: {
tokenizer: "%{service} requested to drop %{protocol} packet from %{sinterface}:%{saddr}/%{sport} %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2175,
]),
});
var select165 = linear_select([
msg863,
msg864,
]);
var msg865 = match({
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup2176,
]),
});
var msg866 = match({
dissect: {
tokenizer: "Auth from %{saddr} to %{daddr}/%{dport} failed (all servers failed) on interface %{sinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup2177,
]),
});
var all405 = all_match({
processors: [
dup2178,
dup2179,
dup757,
dup2180,
dup2181,
dup2182,
],
on_success: processor_chain([
dup334,
dup2183,
]),
});
var select166 = linear_select([
msg866,
all405,
]);
var msg867 = match({
dissect: {
tokenizer: "%{service}",
field: "nwparser.p1",
},
});
var all406 = all_match({
processors: [
dup2184,
dup2185,
msg867,
],
on_success: processor_chain([
dup288,
dup2186,
]),
});
var msg868 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2187,
]),
});
var msg869 = match({
dissect: {
tokenizer: "UPDATE: ASA image checksum error copying '%{filename}' to '%{fld22}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup2188,
]),
});
var msg870 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2189,
]),
});
var msg871 = match({
dissect: {
tokenizer: "Duplicate address %{hostip_v6}/%{macaddr} on %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2190,
]),
});
var msg872 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup2191,
]),
});
var msg873 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2192,
]),
});
var msg874 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2193,
]),
});
var msg875 = match({
dissect: {
tokenizer: "IP = %{saddr}, Starting IOS keepalive monitor: %{duration} sec.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2194,
]),
});
var msg876 = match({
dissect: {
tokenizer: "%{group}-%{level}-%{p_msgid}: %{fld}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2195,
dup2196,
]),
});
var msg877 = match({
dissect: {
tokenizer: "%{level}-%{p_msgid}: %{fld}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2195,
dup2197,
]),
});
var select167 = linear_select([
msg876,
msg877,
]);
var all407 = all_match({
processors: [
dup1605,
dup1606,
dup2198,
],
on_success: processor_chain([
dup473,
dup2199,
]),
});
var msg878 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2200,
]),
});
var msg879 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2201,
]),
});
var msg880 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{protocol}, sequence number=%{fld1}) from %{saddr} (user=%{username}) to %{daddr} containing an illegal IP fragment of length %{dclass_counter1} with offset %{dclass_counter2}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2202,
]),
});
var all408 = all_match({
processors: [
dup2203,
dup2204,
dup2205,
dup1916,
dup1917,
dup1918,
dup2206,
],
on_success: processor_chain([
dup33,
dup2207,
]),
});
var msg881 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2208,
]),
});
var select168 = linear_select([
all408,
msg881,
]);
var msg882 = match({
dissect: {
tokenizer: "Certificate chain was successfully validated %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1397,
dup2209,
]),
});
var all409 = all_match({
processors: [
dup63,
dup64,
dup65,
dup224,
dup2210,
],
on_success: processor_chain([
dup93,
dup2211,
]),
});
var msg883 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e VLAN Mapping is enabled on VLAN \u003c\u003c%{instance}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2212,
]),
});
var msg884 = match({
dissect: {
tokenizer: "Invalid IP fragment, size = %{icmptype} exceeds maximum size = %{icmpcode}: %{space} src = %{saddr}, dest = %{daddr}, proto = %{protocol}, id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2213,
]),
});
var msg885 = match({
dissect: {
tokenizer: "VPNClient: Perfect Forward Secrecy Policy installed%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup2214,
]),
});
var msg886 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2215,
]),
});
var msg887 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2216,
]),
});
var msg888 = match({
dissect: {
tokenizer: "IKEv2 Doesn't have a proposal specified%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2217,
]),
});
var msg889 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2218,
]),
});
var msg890 = match({
dissect: {
tokenizer: "No ARP for host %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2219,
]),
});
var msg891 = match({
dissect: {
tokenizer: "Failed to locate egress interface for %{protocol} from %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2220,
]),
});
var select169 = linear_select([
msg890,
msg891,
]);
var msg892 = match({
dissect: {
tokenizer: "Cmd priv level changed: Var: %{fld1} Cmd: %{fld2} Priv level: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup2221,
]),
});
var msg893 = match({
dissect: {
tokenizer: "User transitioning priv level%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup2222,
]),
});
var select170 = linear_select([
msg892,
msg893,
]);
var msg894 = match({
dissect: {
tokenizer: "%{info}/%{result}: %{event_description}",
field: "nwparser.p3",
},
});
var all410 = all_match({
processors: [
dup2223,
dup2224,
dup2225,
dup2226,
msg894,
],
on_success: processor_chain([
dup55,
dup2227,
]),
});
var all411 = all_match({
processors: [
dup2228,
dup1670,
],
on_success: processor_chain([
dup2229,
dup2230,
]),
});
var all412 = all_match({
processors: [
dup1807,
dup4,
dup2231,
],
on_success: processor_chain([
dup33,
dup2232,
]),
});
var msg895 = match({
dissect: {
tokenizer: "(%{context}) Link status 'Down' on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup2233,
]),
});
var all413 = all_match({
processors: [
dup249,
dup250,
dup632,
dup453,
dup2234,
],
on_success: processor_chain([
dup33,
dup2235,
]),
});
var msg896 = match({
dissect: {
tokenizer: "Invalid transport field for protocol=%{protocol}, from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup2236,
]),
});
var msg897 = match({
dissect: {
tokenizer: "Deleted peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2237,
]),
});
var all414 = all_match({
processors: [
dup1605,
dup1606,
dup2238,
dup2239,
],
on_success: processor_chain([
dup473,
dup2240,
]),
});
var all415 = all_match({
processors: [
dup173,
dup2241,
],
on_success: processor_chain([
dup288,
dup2242,
]),
});
var all416 = all_match({
processors: [
dup2243,
dup4,
dup2244,
],
on_success: processor_chain([
dup288,
dup2245,
]),
});
var msg898 = match({
dissect: {
tokenizer: "%{daddr} %{action} %{saddr}:%{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup2246,
]),
});
var select171 = linear_select([
all415,
all416,
msg898,
]);
var msg899 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2247,
]),
});
var msg900 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2248,
]),
});
var msg901 = match({
dissect: {
tokenizer: "State machine function trace: state=%{category}, event=%{obj_type}, func=%{application}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2249,
]),
});
var all417 = all_match({
processors: [
dup854,
dup855,
],
on_success: processor_chain([
dup141,
dup2250,
]),
});
var msg902 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2251,
]),
});
var msg903 = match({
dissect: {
tokenizer: "LU make UDP connection for %{saddr}:%{sport} %{daddr}:%{dport} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup2252,
]),
});
var all418 = all_match({
processors: [
dup2253,
dup2254,
],
on_success: processor_chain([
dup33,
dup2255,
]),
});
var msg904 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2256,
]),
});
var msg905 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2257,
]),
});
var msg906 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2258,
]),
});
var msg907 = match({
dissect: {
tokenizer: "CTS SGT-MAP: Binding %{saddr}/%{sport}-\u003e%{fld1}:%{group} from %{fld2} added to binding manager.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2259,
]),
});
var msg908 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup2260,
]),
});
var msg909 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2261,
]),
});
var msg910 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action} for peer %{fld1}. %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2262,
]),
});
var msg911 = match({
dissect: {
tokenizer: "Unable to allocate new %{protocol} connections (%{saddr}/%{sport}-%{daddr}/%{dport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup2263,
]),
});
var all419 = all_match({
processors: [
dup2264,
dup4,
dup2265,
],
on_success: processor_chain([
dup1838,
dup2266,
]),
});
var msg912 = match({
dissect: {
tokenizer: "Teardown conduit from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} IP version %{fld1} protocol %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup2267,
]),
});
var all420 = all_match({
processors: [
dup249,
dup250,
dup2268,
],
on_success: processor_chain([
dup33,
dup2269,
]),
});
var msg913 = match({
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1} secondary channel for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2270,
]),
});
var msg914 = match({
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1} secondary channel for %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2271,
]),
});
var select172 = linear_select([
msg913,
msg914,
]);
var msg915 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e VLAN Mapping to VLAN \u003c\u003c%{instance}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2272,
]),
});
var msg916 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e VLAN Mapping to VLAN \u003c\u003c%{instance}\u003e failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2273,
]),
});
var msg917 = match({
dissect: {
tokenizer: "User at %{saddr} exceeded auth proxy connection limit (max %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2274,
dup2275,
]),
});
var msg918 = match({
dissect: {
tokenizer: "Connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2276,
]),
});
var msg919 = match({
dissect: {
tokenizer: "FTP %{action} command denied, terminating connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2277,
]),
});
var msg920 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2278,
]),
});
var msg921 = match({
dissect: {
tokenizer: "%{hostip} Erase configuration",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup2279,
]),
});
var msg922 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup2280,
]),
});
var msg923 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2281,
]),
});
var msg924 = match({
dissect: {
tokenizer: "%{sigid} HTTP Deobfuscation signature detected - %{listnum} HTTP deobfuscation detected IPS evasion technique from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2282,
]),
});
var all421 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup2283,
],
on_success: processor_chain([
dup33,
dup2284,
]),
});
var msg925 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1723,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg926 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1532,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg927 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup935,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg928 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup344,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg929 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup840,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg930 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1760,
dup2290,
dup2291,
dup2292,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg931 = match({
dissect: {
tokenizer: "(%{context})%{event_description} (reason code = %{resultcode}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup1551,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg932 = match({
dissect: {
tokenizer: "(%{context}) %{event_description} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1890,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2293,
]),
});
var msg933 = match({
dissect: {
tokenizer: "(%{context})%{event_description} OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1891,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.disposition",
value: constant("OK"),
}),
]),
});
var msg934 = match({
dissect: {
tokenizer: "Call-Home Module started%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1399,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home Module started"),
}),
]),
});
var all422 = all_match({
processors: [
dup1521,
dup1522,
dup1523,
],
on_success: processor_chain([
dup14,
dup1524,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home is processing event"),
}),
]),
});
var msg935 = match({
dissect: {
tokenizer: "Call-Home %{info} message to %{web_host} delivered",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1564,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home message delivered"),
}),
]),
});
var msg936 = match({
dissect: {
tokenizer: "Call-Home client %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup647,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home client activity"),
}),
]),
});
var msg937 = match({
dissect: {
tokenizer: "To ensure Smart Call Home can properly communicate with Cisco, use the command \"%{action}\" to configure at least one DNS server.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2087,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all423 = all_match({
processors: [
dup2147,
dup2148,
dup2149,
],
on_success: processor_chain([
dup14,
dup2150,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("User chose to disable or postpone call-home anonymous reporting"),
}),
]),
});
var msg938 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup60,
dup2286,
dup2287,
dup2288,
dup2289,
dup2293,
]),
});
var msg939 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup680,
dup1542,
dup2286,
dup2287,
dup2288,
dup2289,
dup2294,
]),
});
var msg940 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup680,
dup681,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg941 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1069,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg942 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup408,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg943 = match({
dissect: {
tokenizer: "(%{context})%{event_description}(cause: %{result}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup908,
dup2290,
dup2292,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg944 = match({
dissect: {
tokenizer: "(%{context})%{event_description} - %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup909,
dup2290,
dup2292,
dup2291,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg945 = match({
dissect: {
tokenizer: "(%{context})%{event_description} (cause: %{result}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup999,
dup2290,
dup2292,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg946 = match({
dissect: {
tokenizer: "(%{context})%{event_description} - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1000,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg947 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup133,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg948 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1240,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg949 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1706,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg950 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup2023,
dup2296,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg951 = match({
dissect: {
tokenizer: "(%{context}) Monitoring on interface %{interface} waiting",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup551,
dup2286,
dup2287,
dup2288,
dup2289,
dup2297,
]),
});
var msg952 = match({
dissect: {
tokenizer: "(%{context}) Monitoring on interface %{interface} normal",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup832,
dup2286,
dup2287,
dup2288,
dup2289,
dup2297,
]),
});
var msg953 = match({
dissect: {
tokenizer: "(%{context}) Lost Failover communications with mate on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup1905,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Lost Failover communications with mate on interface"),
}),
]),
});
var msg954 = match({
dissect: {
tokenizer: "(%{context}) Link status 'Up' on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1879,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Link status Up"),
}),
]),
});
var msg955 = match({
dissect: {
tokenizer: "(%{context}) Link status 'Down' on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup2233,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Link status down"),
}),
]),
});
var all424 = all_match({
processors: [
dup1935,
dup895,
dup1936,
],
on_success: processor_chain([
dup14,
dup1937,
dup2286,
dup2287,
dup2288,
dup2289,
dup2298,
]),
});
var msg956 = match({
dissect: {
tokenizer: "(%{context}) Testing on interface %{interface} %{disposition}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1816,
dup2286,
dup2287,
dup2288,
dup2289,
dup2298,
]),
});
var msg957 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1149,
dup2286,
dup2287,
dup2294,
dup2288,
dup2289,
]),
});
var msg958 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup669,
dup2286,
dup2287,
dup2294,
dup2288,
dup2289,
]),
});
var msg959 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup211,
dup2290,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all425 = all_match({
processors: [
dup2095,
dup2096,
dup2097,
dup161,
],
on_success: processor_chain([
dup2098,
dup2099,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Standby unit failed to sync due to a locked Config"),
}),
dup2294,
]),
});
var msg960 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1286,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg961 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup1189,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg962 = match({
dissect: {
tokenizer: "(%{context})%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup297,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg963 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup298,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg964 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup862,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg965 = match({
dissect: {
tokenizer: "(%{context}) %{event_description} %{fld1}, seq = %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1170,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg966 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1171,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg967 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1439,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg968 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup48,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg969 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup1434,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg970 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup269,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg971 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1061,
dup1062,
dup2286,
dup2287,
dup2294,
dup2288,
dup2289,
]),
});
var msg972 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1933,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg973 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup861,
dup2088,
dup2286,
dup2287,
dup2294,
dup2288,
dup2289,
]),
});
var msg974 = match({
dissect: {
tokenizer: "(%{context}) Mate operational mode %{fld1} is not compatible with my mode %{fld2}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup545,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Mate operational mode is not compatible"),
}),
]),
});
var all426 = all_match({
processors: [
dup459,
dup460,
dup461,
dup462,
dup463,
],
on_success: processor_chain([
dup464,
dup465,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Mate license is not compatible"),
}),
]),
});
var msg975 = match({
dissect: {
tokenizer: "(%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1356,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg976 = match({
dissect: {
tokenizer: "%{fld1} card in slot %{fld2} which is different from my %{fld3}%{fld3}",
field: "nwparser.p1",
},
});
var all427 = all_match({
processors: [
dup123,
dup124,
msg976,
],
on_success: processor_chain([
dup125,
dup126,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Mate card is different"),
}),
]),
});
var msg977 = match({
dissect: {
tokenizer: "%{direction} %{protocol} connection denied from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1387,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg978 = match({
dissect: {
tokenizer: "%{direction} %{protocol} connection denied from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1388,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var all428 = all_match({
processors: [
dup1133,
dup1134,
dup1135,
],
on_success: processor_chain([
dup285,
dup1136,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var all429 = all_match({
processors: [
dup1133,
dup1134,
dup1137,
],
on_success: processor_chain([
dup285,
dup1138,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg979 = match({
dissect: {
tokenizer: "Connection denied src %{saddr} dest %{daddr} due to JAVA Applet on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1411,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
set_field({
dest: "nwparser.event_description",
value: constant("Connection denied due to JAVA Applet on interface"),
}),
]),
});
var msg980 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1096,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg981 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1097,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg982 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} from %{saddr}/%{sport} to %{daddr}/%{dport} due to DNS %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1714,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg983 = match({
dissect: {
tokenizer: "Translation for %{hostip} denied by %{direction} (source is denied) %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1389,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2305,
]),
});
var msg984 = match({
dissect: {
tokenizer: "Translation for %{hostip} denied by %{direction} %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1390,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2305,
]),
});
var msg985 = match({
dissect: {
tokenizer: "Translation for %{saddr} to %{daddr}/%{dport} denied by %{direction} (destination is denied) %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1324,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2305,
]),
});
var msg986 = match({
dissect: {
tokenizer: "Deny %{direction} protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1466,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg987 = match({
dissect: {
tokenizer: "Deny %{direction} icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1467,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
dup2306,
]),
});
var msg988 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1468,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg989 = match({
dissect: {
tokenizer: "Deny %{direction} %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1469,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg990 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1012,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg991 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1013,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg992 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate) %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1014,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg993 = match({
dissect: {
tokenizer: "Deny %{direction} (No xlate)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1015,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all430 = all_match({
processors: [
dup1710,
dup1711,
dup1712,
],
on_success: processor_chain([
dup285,
dup1713,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("IP connection denied"),
}),
]),
});
var msg994 = match({
dissect: {
tokenizer: "Dropping echo request from %{saddr} to PAT address %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2008,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2307,
dup2288,
dup2289,
]),
});
var msg995 = match({
dissect: {
tokenizer: "Dropping echo request from %{saddr} to address %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2009,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2307,
dup2288,
dup2289,
]),
});
var all431 = all_match({
processors: [
dup1451,
dup1452,
dup1453,
],
on_success: processor_chain([
dup285,
dup1454,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2308,
dup2304,
]),
});
var msg996 = match({
dissect: {
tokenizer: "Deny %{protocol} (no connection) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup827,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg997 = match({
dissect: {
tokenizer: "Deny %{protocol} (no connection) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup828,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg998 = match({
dissect: {
tokenizer: "Deny %{protocol} spoof from (%{saddr}) to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup259,
dup2300,
dup2309,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg999 = match({
dissect: {
tokenizer: "Deny %{protocol} spoof from (%{saddr}) to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup260,
dup2300,
dup2309,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg1000 = match({
dissect: {
tokenizer: "Deny IP due to Land Attack from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2002,
dup2300,
dup2309,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg1001 = match({
dissect: {
tokenizer: "Packet contains ActiveX content and has been modified src %{saddr} dest to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2003,
dup2004,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg1002 = match({
dissect: {
tokenizer: "%{protocol} packet type %{fld1} denied by %{direction} list %{fld2} src %{saddr} dest %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup904,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2310,
]),
});
var msg1003 = match({
dissect: {
tokenizer: "IP packet from %{saddr} to %{daddr}, protocol %{protocol} received from interface \"%{interface}\" %{space} deny by access-group \"%{fld1}\"",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1156,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("denied by acces-group"),
}),
]),
});
var msg1004 = match({
dissect: {
tokenizer: "Deny IP teardrop fragment (size = %{fld1}, offset = %{fld2}) from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup1391,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("denied IP teardrop fragment"),
}),
]),
});
var msg1005 = match({
dissect: {
tokenizer: "Deny %{protocol} reverse path check from %{saddr} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1428,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var msg1006 = match({
dissect: {
tokenizer: "Deny %{protocol} connection spoof from %{saddr} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1811,
dup2300,
dup2309,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
]),
});
var all432 = all_match({
processors: [
dup1029,
dup1030,
dup1031,
dup1032,
],
on_success: processor_chain([
dup285,
dup1033,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2311,
]),
});
var msg1007 = match({
dissect: {
tokenizer: "%{rule_group}\"\"\"",
field: "nwparser.p3",
},
});
var all433 = all_match({
processors: [
dup1034,
dup1035,
dup1036,
dup1037,
msg1007,
],
on_success: processor_chain([
dup285,
dup1038,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2312,
dup2288,
dup2289,
dup2303,
dup2311,
]),
});
var msg1008 = match({
dissect: {
tokenizer: " \"%{rule_group}\" %{fld1} %{p3}",
field: "nwparser.p2",
},
});
var msg1009 = match({
dissect: {
tokenizer: "\"%{rule_group}\"%{p3}",
field: "nwparser.p2",
},
});
var msg1010 = match({
dissect: {
tokenizer: "%{rule_group} %{p3}",
field: "nwparser.p2",
},
});
var select173 = linear_select([
msg1008,
msg1009,
msg1010,
]);
var all434 = all_match({
processors: [
dup1039,
dup1040,
dup1041,
select173,
],
on_success: processor_chain([
dup285,
dup1042,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2312,
dup2288,
dup2289,
dup2303,
dup2311,
]),
});
var all435 = all_match({
processors: [
dup1043,
dup1044,
],
on_success: processor_chain([
dup285,
dup1045,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2311,
]),
});
var msg1011 = match({
dissect: {
tokenizer: "%{event_description}: %{interface} %{protocol} src %{saddr}/%{sport} dest %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1128,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all436 = all_match({
processors: [
dup1268,
dup1044,
],
on_success: processor_chain([
dup285,
dup1269,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2311,
dup2303,
]),
});
var all437 = all_match({
processors: [
dup2052,
dup802,
dup2053,
dup2054,
dup2055,
],
on_success: processor_chain([
dup2056,
dup2057,
dup2300,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dropping invalid echo reply"),
}),
]),
});
var msg1012 = match({
dissect: {
tokenizer: "Deny %{protocol} (Connection marked for Deletion) from %{saddr}/%{sport} to %{daddr}/%{dport} flags %{network_service} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2058,
dup2300,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2304,
]),
});
var msg1013 = match({
dissect: {
tokenizer: "access-list %{listnum} denied %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1} %{fld6}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup720,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2315,
dup2310,
]),
});
var all438 = all_match({
processors: [
dup721,
dup722,
dup723,
dup724,
dup725,
],
on_success: processor_chain([
dup288,
dup726,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2315,
dup2317,
]),
});
var all439 = all_match({
processors: [
dup721,
dup722,
dup727,
dup728,
dup725,
],
on_success: processor_chain([
dup288,
dup729,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2315,
dup2317,
]),
});
var all440 = all_match({
processors: [
dup721,
dup722,
dup730,
dup728,
dup725,
],
on_success: processor_chain([
dup288,
dup731,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2315,
dup2317,
]),
});
var msg1014 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2189,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all441 = all_match({
processors: [
dup278,
dup279,
dup280,
dup281,
dup282,
dup283,
dup2318,
],
on_success: processor_chain([
dup285,
dup286,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2319,
set_field({
dest: "nwparser.event_description",
value: constant("deny"),
}),
]),
});
var all442 = all_match({
processors: [
dup287,
dup279,
dup280,
dup281,
dup282,
dup283,
dup2318,
],
on_success: processor_chain([
dup288,
dup289,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2319,
set_field({
dest: "nwparser.event_description",
value: constant("permit"),
}),
]),
});
var msg1015 = match({
dissect: {
tokenizer: "access-list %{listnum} url %{url} hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup290,
dup2286,
dup2287,
dup2319,
dup2288,
dup2289,
]),
});
var msg1016 = match({
dissect: {
tokenizer: "access-list %{listnum} %{action} %{protocol} for user '%{username}' %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1490,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2319,
]),
});
var msg1017 = match({
dissect: {
tokenizer: "access-list %{listnum} %{protocol} %{sinterface}/%{saddr}(%{sport}) -\u003e %{dinterface}/%{daddr}(%{dport}) hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1491,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2319,
]),
});
var msg1018 = match({
dissect: {
tokenizer: "%{saddr} attempted to ping %{daddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1497,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
]),
});
var msg1019 = match({
dissect: {
tokenizer: "RIP auth failed from %{saddr}: version=%{fld1}, type=%{fld2}, mode=%{fld3}, sequence=%{fld4} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1498,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("RIP auth failure"),
}),
]),
});
var msg1020 = match({
dissect: {
tokenizer: "RIP pkt failed from %{saddr}: version=%{fld1} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup440,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("RIP packet failure"),
}),
]),
});
var all443 = all_match({
processors: [
dup1113,
dup1114,
dup1115,
],
on_success: processor_chain([
dup1116,
dup1117,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1021 = match({
dissect: {
tokenizer: "SMTP replaced %{fld1}: out %{saddr} in %{daddr} data: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup782,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1022 = match({
dissect: {
tokenizer: "Bad Checksum in %{network_service} command",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup200,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("Bad Checksum"),
}),
dup2288,
dup2289,
]),
});
var all444 = all_match({
processors: [
dup201,
dup202,
dup203,
],
on_success: processor_chain([
dup204,
dup205,
set_field({
dest: "nwparser.ec_subject",
value: constant("EmailAddress"),
}),
dup2300,
dup2309,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Connection terminated"),
}),
set_field({
dest: "nwparser.event_description",
value: constant("Malicious pattern detected in mail address"),
}),
]),
});
var all445 = all_match({
processors: [
dup1913,
dup1914,
dup1915,
dup1916,
dup1917,
dup1918,
dup1919,
],
on_success: processor_chain([
dup204,
dup1920,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1023 = match({
dissect: {
tokenizer: "Bad Checksum in %{network_service} response",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup1921,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all446 = all_match({
processors: [
dup1922,
dup1914,
dup1915,
dup1916,
dup1917,
dup1918,
dup1919,
],
on_success: processor_chain([
dup204,
dup1923,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1024 = match({
dissect: {
tokenizer: "Out of SMTP connections! %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1058,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Out of SMTP connections"),
}),
]),
});
var msg1025 = match({
dissect: {
tokenizer: "%{network_service}: Received ESMTP Request from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup1059,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESMTP request"),
}),
]),
});
var msg1026 = match({
dissect: {
tokenizer: "Detected %{network_service} size violation from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup199,
dup206,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Detected ESMTP size violation"),
}),
]),
});
var all447 = all_match({
processors: [
dup108,
dup4,
dup109,
],
on_success: processor_chain([
dup110,
dup111,
dup2321,
dup2296,
dup2320,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Start_Session"),
}),
]),
});
var all448 = all_match({
processors: [
dup332,
dup333,
],
on_success: processor_chain([
dup334,
dup335,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2322,
set_field({
dest: "nwparser.result",
value: constant("server failed"),
}),
]),
});
var msg1027 = match({
dissect: {
tokenizer: "Auth from %{saddr} to %{daddr}/%{dport} failed (all servers failed) on interface %{sinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup2177,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2322,
dup2323,
]),
});
var all449 = all_match({
processors: [
dup2178,
dup2179,
dup757,
dup2180,
dup2181,
dup2182,
],
on_success: processor_chain([
dup334,
dup2183,
dup2320,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2322,
dup2323,
]),
});
var all450 = all_match({
processors: [
dup1862,
dup4,
dup930,
],
on_success: processor_chain([
dup85,
dup1863,
dup2321,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Successful Authentication"),
}),
]),
});
var all451 = all_match({
processors: [
dup929,
dup4,
dup930,
],
on_success: processor_chain([
dup81,
dup931,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("authentication failure"),
}),
]),
});
var all452 = all_match({
processors: [
dup1906,
dup4,
dup930,
],
on_success: processor_chain([
dup85,
dup1907,
dup2321,
dup2324,
dup2325,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Successful Authorization"),
}),
]),
});
var all453 = all_match({
processors: [
dup1790,
dup4,
dup930,
],
on_success: processor_chain([
dup1791,
dup1792,
dup2321,
dup2300,
dup2325,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Authorization failure"),
}),
]),
});
var msg1028 = match({
dissect: {
tokenizer: "Authorization denied from %{saddr}/%{sport} to %{daddr}/%{dport} (not authenticated)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
dup2166,
dup2321,
dup2300,
dup2325,
dup2286,
dup2287,
dup2288,
dup2289,
dup2326,
]),
});
var msg1029 = match({
dissect: {
tokenizer: "Auth from %{saddr}/%{sport} to %{daddr}/%{dport} failed (%{result}) on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup547,
dup2320,
dup2300,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
dup2326,
]),
});
var all454 = all_match({
processors: [
dup1190,
dup4,
dup1191,
],
on_success: processor_chain([
dup110,
dup1192,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Authen Session Start"),
}),
]),
});
var all455 = all_match({
processors: [
dup1645,
dup4,
dup1646,
],
on_success: processor_chain([
dup110,
dup1647,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Authen Session End"),
}),
]),
});
var msg1030 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1582,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1031 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup977,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all456 = all_match({
processors: [
dup1052,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1053,
dup2321,
dup2300,
dup2320,
dup2286,
dup2287,
dup2288,
dup2289,
dup2326,
]),
});
var all457 = all_match({
processors: [
dup1054,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1055,
dup2321,
dup2300,
dup2320,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2326,
]),
});
var all458 = all_match({
processors: [
dup1056,
dup4,
dup930,
],
on_success: processor_chain([
dup285,
dup1057,
dup2321,
dup2300,
dup2320,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2326,
]),
});
var all459 = all_match({
processors: [
dup1380,
dup4,
],
on_success: processor_chain([
dup334,
dup1381,
dup2325,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("access-list not found"),
}),
]),
});
var all460 = all_match({
processors: [
dup1382,
dup4,
],
on_success: processor_chain([
dup334,
dup1383,
dup2325,
dup2299,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("authorization list not found for user"),
}),
]),
});
var msg1032 = match({
dissect: {
tokenizer: "User at %{saddr} exceeded auth proxy connection limit (max %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2274,
dup2275,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all461 = all_match({
processors: [
dup1605,
dup1606,
dup1607,
],
on_success: processor_chain([
dup473,
dup1608,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("ACL is empty"),
}),
]),
});
var all462 = all_match({
processors: [
dup1605,
dup1606,
dup2198,
],
on_success: processor_chain([
dup473,
dup2199,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("ACL has parsing error"),
}),
]),
});
var all463 = all_match({
processors: [
dup1605,
dup1606,
dup2238,
dup2239,
],
on_success: processor_chain([
dup473,
dup2240,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Downloaded ACL has config error"),
}),
]),
});
var msg1033 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup184,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1034 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup118,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1035 = match({
dissect: {
tokenizer: "User from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} using %{protocol} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup355,
dup2321,
dup2320,
dup2327,
dup2286,
dup2287,
dup2288,
dup2289,
dup2328,
]),
});
var msg1036 = match({
dissect: {
tokenizer: "User from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup356,
dup2321,
dup2320,
dup2327,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2328,
]),
});
var msg1037 = match({
dissect: {
tokenizer: "Authorization denied from %{saddr}/%{sport} to %{daddr}/%{dport} (%{result}) on interface %{interface} using %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
dup257,
dup2325,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
dup2328,
]),
});
var all464 = all_match({
processors: [
dup1056,
dup4,
dup2010,
],
on_success: processor_chain([
dup285,
dup2011,
dup2325,
dup2321,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
dup2328,
]),
});
var msg1038 = match({
dissect: {
tokenizer: "[%{protocol}] %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup1748,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all465 = all_match({
processors: [
dup2026,
dup2027,
dup2028,
dup161,
],
on_success: processor_chain([
dup334,
dup2029,
dup2321,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all466 = all_match({
processors: [
dup470,
dup471,
dup472,
],
on_success: processor_chain([
dup473,
dup474,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1039 = match({
dissect: {
tokenizer: "Parsing downloaded ACL: ERROR: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup475,
dup476,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all467 = all_match({
processors: [
dup628,
dup4,
dup629,
],
on_success: processor_chain([
dup473,
dup630,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all468 = all_match({
processors: [
dup270,
dup4,
dup271,
dup272,
dup273,
],
on_success: processor_chain([
dup89,
dup274,
dup2321,
dup2320,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2329,
dup2330,
]),
});
var all469 = all_match({
processors: [
dup270,
dup4,
dup275,
],
on_success: processor_chain([
dup89,
dup276,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2329,
dup2330,
]),
});
var msg1040 = match({
dissect: {
tokenizer: "uauth_pickapp: Uauth Unproxy Failed due to the reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1086,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Uauth Unproxy Failed"),
}),
]),
});
var msg1041 = match({
dissect: {
tokenizer: "No route to %{daddr} from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup44,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1042 = match({
dissect: {
tokenizer: "No ARP for host %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2219,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("No ARP for host"),
}),
]),
});
var msg1043 = match({
dissect: {
tokenizer: "Failed to locate egress interface for %{protocol} from %{sinterface}:%{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2220,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Failed to locate egress interface"),
}),
]),
});
var all470 = all_match({
processors: [
dup1101,
dup1102,
dup1103,
],
on_success: processor_chain([
dup93,
dup1104,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: dup2331,
}),
set_field({
dest: "nwparser.event_description",
value: dup2331,
}),
]),
});
var msg1044 = match({
dissect: {
tokenizer: "No interface is configured (with %{interface}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1105,
dup2285,
dup2286,
dup2288,
dup2289,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("No interface configured"),
}),
]),
});
var msg1045 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1106,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1046 = match({
dissect: {
tokenizer: "Begin configuration: %{hostip} writing to %{device}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1819,
dup2290,
dup2292,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Begin configuration writing to device"),
}),
]),
});
var msg1047 = match({
dissect: {
tokenizer: "Begin configuration: %{hostip} reading from %{device}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup893,
dup2290,
dup2332,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Begin configuration reading from device"),
}),
]),
});
var msg1048 = match({
dissect: {
tokenizer: "%{hostip} Erase configuration",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup2279,
dup2290,
dup2333,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Erase configuration"),
}),
]),
});
var all471 = all_match({
processors: [
dup854,
dup855,
],
on_success: processor_chain([
dup316,
dup856,
dup2290,
dup2334,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all472 = all_match({
processors: [
dup854,
dup855,
],
on_success: processor_chain([
dup141,
dup2250,
dup2290,
dup2334,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("end configuration: OK"),
}),
]),
});
var all473 = all_match({
processors: [
dup1125,
dup4,
dup1126,
],
on_success: processor_chain([
dup141,
dup1127,
dup2321,
dup2335,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all474 = all_match({
processors: [
dup621,
dup622,
dup623,
],
on_success: processor_chain([
dup141,
dup624,
dup2290,
dup2332,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Begin configuration - reading from device"),
}),
]),
});
var all475 = all_match({
processors: [
dup466,
dup4,
dup467,
dup468,
],
on_success: processor_chain([
dup141,
dup469,
dup2286,
dup2287,
dup2288,
dup2289,
dup2336,
]),
});
var all476 = all_match({
processors: [
dup466,
dup4,
dup884,
],
on_success: processor_chain([
dup848,
dup885,
dup2286,
dup2287,
dup2288,
dup2289,
dup2336,
]),
});
var all477 = all_match({
processors: [
dup466,
dup4,
dup847,
],
on_success: processor_chain([
dup848,
dup849,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("User executed cmd"),
}),
]),
});
var msg1049 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1683,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1050 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup2260,
dup2290,
dup2333,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all478 = all_match({
processors: [
dup886,
dup887,
],
on_success: processor_chain([
dup93,
dup888,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Session limit reached"),
}),
]),
});
var msg1051 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup889,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all479 = all_match({
processors: [
dup291,
dup4,
dup292,
dup293,
],
on_success: processor_chain([
dup193,
dup294,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AAA group policy set for user"),
}),
]),
});
var all480 = all_match({
processors: [
dup70,
dup159,
dup160,
dup161,
],
on_success: processor_chain([
dup85,
dup162,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("AAA user accounting/authentication successful"),
}),
]),
});
var all481 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
dup78,
dup79,
dup80,
],
on_success: processor_chain([
dup81,
dup82,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2337,
]),
});
var all482 = all_match({
processors: [
dup70,
dup71,
dup72,
dup73,
dup74,
dup75,
dup76,
dup77,
],
on_success: processor_chain([
dup81,
dup83,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2337,
]),
});
var all483 = all_match({
processors: [
dup466,
dup4,
dup1989,
],
on_success: processor_chain([
dup81,
dup1990,
dup2321,
set_field({
dest: "nwparser.ec_activity",
value: constant("Lockout"),
}),
dup2320,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("User locked out"),
}),
]),
});
var all484 = all_match({
processors: [
dup84,
dup4,
],
on_success: processor_chain([
dup85,
dup86,
dup2321,
dup2325,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all485 = all_match({
processors: [
dup1775,
dup1776,
dup452,
dup1777,
dup74,
dup1778,
],
on_success: processor_chain([
dup110,
dup1779,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2338,
]),
});
var all486 = all_match({
processors: [
dup1775,
dup610,
dup1780,
],
on_success: processor_chain([
dup110,
dup1781,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2338,
]),
});
var all487 = all_match({
processors: [
dup1435,
dup4,
dup1436,
],
on_success: processor_chain([
dup110,
dup1437,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("AAA challenge received for user"),
}),
]),
});
var all488 = all_match({
processors: [
dup609,
dup610,
dup611,
dup161,
],
on_success: processor_chain([
dup110,
dup612,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("AAA retrieved user specific group policy"),
}),
]),
});
var all489 = all_match({
processors: [
dup1290,
dup4,
],
on_success: processor_chain([
dup85,
dup1291,
dup2321,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("AAA user authentication successful"),
}),
]),
});
var all490 = all_match({
processors: [
dup1205,
dup4,
],
on_success: processor_chain([
dup81,
dup1206,
dup2321,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AAA unable to complete the request"),
}),
]),
});
var all491 = all_match({
processors: [
dup1998,
dup71,
dup1999,
dup161,
],
on_success: processor_chain([
dup334,
dup2000,
dup2321,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("server not accessible"),
}),
]),
});
var all492 = all_match({
processors: [
dup796,
dup797,
],
on_success: processor_chain([
dup81,
dup798,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all493 = all_match({
processors: [
dup575,
dup4,
],
on_success: processor_chain([
dup81,
dup576,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all494 = all_match({
processors: [
dup12,
dup4,
dup2139,
],
on_success: processor_chain([
dup68,
dup2140,
dup2285,
dup2286,
dup2287,
dup2339,
dup2288,
dup2289,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%A%N%T%O"),
field("day"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var all495 = all_match({
processors: [
dup12,
dup4,
dup2141,
],
on_success: processor_chain([
dup68,
dup2142,
dup2285,
dup2286,
dup2287,
dup2339,
dup2288,
dup2289,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N%U%O"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var all496 = all_match({
processors: [
dup12,
dup4,
dup2143,
],
on_success: processor_chain([
dup68,
dup2144,
dup2286,
dup2287,
dup2339,
dup2288,
dup2289,
]),
});
var msg1052 = match({
dissect: {
tokenizer: "Kerberos error : Clock skew with server %{hostip} greater than 300 seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup599,
dup2320,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Kerberos error"),
}),
]),
});
var msg1053 = match({
dissect: {
tokenizer: "AAA Marking %{protocol} server %{hostip} in aaa-server group %{fld1} as FAILED",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup429,
set_field({
dest: "nwparser.ec_subject",
value: constant("Service"),
}),
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AAA marking Server as FAILED"),
}),
]),
});
var msg1054 = match({
dissect: {
tokenizer: "AAA Marking %{protocol} server %{hostip} in aaa-server group %{fld1} as ACTIVE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1100,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AAA marking Server as ACTIVE"),
}),
]),
});
var msg1055 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect parent session started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup36,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect parent session started"),
}),
]),
});
var all497 = all_match({
processors: [
dup769,
dup770,
dup771,
],
on_success: processor_chain([
dup141,
dup772,
dup2285,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("Reload command executed"),
}),
dup2288,
dup2289,
]),
});
var msg1056 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup773,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1057 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1789,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1058 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup112,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1059 = match({
dissect: {
tokenizer: "PIX clear config %{fld1} from %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup857,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("clear config"),
}),
]),
});
var msg1060 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup2165,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all498 = all_match({
processors: [
dup562,
dup563,
dup564,
],
on_success: processor_chain([
dup25,
dup565,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Orderly reload started"),
}),
dup2288,
dup2289,
]),
});
var all499 = all_match({
processors: [
dup2264,
dup4,
dup2265,
],
on_success: processor_chain([
dup1838,
dup2266,
dup2292,
dup2290,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Reload scheduled"),
}),
dup2288,
dup2289,
]),
});
var all500 = all_match({
processors: [
dup1836,
dup4,
dup1837,
],
on_success: processor_chain([
dup1838,
dup1839,
dup2321,
dup2292,
dup2290,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Scheduled reload"),
}),
dup2288,
dup2289,
]),
});
var msg1061 = match({
dissect: {
tokenizer: "Reloaded at %{event_time_string} by failover parser thread. Reload reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup21,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Reload operation by failover parser thread"),
}),
]),
});
var all501 = all_match({
processors: [
dup22,
dup4,
dup23,
dup24,
],
on_success: processor_chain([
dup25,
dup26,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Reload operation"),
}),
]),
});
var msg1062 = match({
dissect: {
tokenizer: "IP detected an attached application using port %{network_port} while removing context",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup641,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("IP detected an attached application using port"),
}),
dup2288,
dup2289,
]),
});
var msg1063 = match({
dissect: {
tokenizer: "%{protocol} detected an attached application using local port %{sport} and destination port %{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1287,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1064 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup600,
dup2286,
dup2287,
dup2288,
dup2289,
dup2308,
]),
});
var msg1065 = match({
dissect: {
tokenizer: "Out of connections! %{fld1}/%{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup248,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all502 = all_match({
processors: [
dup380,
dup381,
dup382,
],
on_success: processor_chain([
dup93,
dup383,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all503 = all_match({
processors: [
dup384,
dup385,
dup386,
dup387,
dup388,
],
on_success: processor_chain([
dup93,
dup389,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1066 = match({
dissect: {
tokenizer: "Embryonic limit exceeded %{sinterface}/%{dinterface} for %{saddr}/%{sport} to (%{hostip}) %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1049,
dup2286,
dup2287,
dup2288,
dup2289,
dup2341,
]),
});
var all504 = all_match({
processors: [
dup992,
dup381,
dup993,
],
on_success: processor_chain([
dup93,
dup994,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1067 = match({
dissect: {
tokenizer: "Too many embryonic connections on STRING %{hostip} %{fld1}/%{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup995,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1068 = match({
dissect: {
tokenizer: "%{protocol} data connection failed for %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1009,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("data connection failed"),
}),
]),
});
var msg1069 = match({
dissect: {
tokenizer: "RCMD backconnection failed for %{hostip}/%{network_port}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup367,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("RCMD back connection failed"),
}),
dup2288,
dup2289,
]),
});
var msg1070 = match({
dissect: {
tokenizer: "Unable to allocate new %{protocol} connections (%{saddr}/%{sport}-%{daddr}/%{dport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup2263,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate new connections"),
}),
]),
});
var msg1071 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1764,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("New connections disallowed"),
}),
]),
});
var msg1072 = match({
dissect: {
tokenizer: "TCP connection limit of %{dclass_counter1} for host %{hostip} on %{interface} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2046,
dup2286,
dup2287,
set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Number of connections"),
}),
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("TCP connection limit exceeded"),
}),
]),
});
var msg1073 = match({
dissect: {
tokenizer: "Embryonic connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2129,
dup2286,
dup2287,
dup2288,
dup2289,
dup2342,
]),
});
var msg1074 = match({
dissect: {
tokenizer: "Per-client connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2024,
dup2286,
dup2287,
dup2288,
dup2289,
dup2342,
]),
});
var msg1075 = match({
dissect: {
tokenizer: "Connection limit exceeded %{fld1}/%{fld2} for %{direction} packet from %{saddr}/%{sport} to %{daddr}/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2276,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Connection limit exceeded"),
}),
]),
});
var msg1076 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2138,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1077 = match({
dissect: {
tokenizer: "Unable to find translation for SRC=%{saddr} DEST=%{daddr} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1046,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1078 = match({
dissect: {
tokenizer: "Could not build translation for %{saddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1445,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1079 = match({
dissect: {
tokenizer: "Could not build portmap translation for %{saddr}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1285,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1080 = match({
dissect: {
tokenizer: "Non-embryonic in embryonic list %{saddr}/%{sport} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1849,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1081 = match({
dissect: {
tokenizer: "%{info} Error: No Key SPI %{fld1} SRC %{saddr} DEST %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup676,
dup2343,
dup2344,
dup2299,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("No Key SPI"),
}),
dup2288,
dup2289,
]),
});
var msg1082 = match({
dissect: {
tokenizer: "(FUNCTION:%{fld1}) pix clear %{fld2} return %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1908,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1083 = match({
dissect: {
tokenizer: "IPFRAG: Unable to allocate frag record for %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2036,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate frag record"),
}),
]),
});
var msg1084 = match({
dissect: {
tokenizer: "IPFRAG: First Frag have not been seen %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup1440,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("First Frag have not been seen"),
}),
]),
});
var msg1085 = match({
dissect: {
tokenizer: "Fragment database limit of %{fld1} exceeded: %{space} src = %{saddr}, %{space} dest = %{daddr}, proto = %{protocol}, id = %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1680,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("Fragment database limit exceeded"),
}),
]),
});
var msg1086 = match({
dissect: {
tokenizer: "Invalid IP fragment, size = %{icmptype} exceeds maximum size = %{icmpcode}: %{space} src = %{saddr}, dest = %{daddr}, proto = %{protocol}, id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2213,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid IP fragment"),
}),
set_field({
dest: "nwparser.result",
value: constant("size exceeded"),
}),
]),
});
var msg1087 = match({
dissect: {
tokenizer: "Discard IP fragment set with more than %{fld1} elements: %{space} src = %{saddr}, dest = %{daddr}, proto = %{protocol}, id = %{policy_id}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1299,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("Discarded IP fragment"),
}),
set_field({
dest: "nwparser.result",
value: constant("number of elements exceeded"),
}),
]),
});
var msg1088 = match({
dissect: {
tokenizer: "LU SMNAME error = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1574,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1089 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1900,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1090 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup368,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1091 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1659,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1092 = match({
dissect: {
tokenizer: "LU look NAT for %{hostip} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup864,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1093 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1050,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1094 = match({
dissect: {
tokenizer: "LU no xlate for %{saddr}/%{sport} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup601,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1095 = match({
dissect: {
tokenizer: "LU make UDP connection for %{saddr}:%{sport} %{daddr}:%{dport} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup2252,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate a new record for a UDP connection"),
}),
dup2345,
]),
});
var msg1096 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1726,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1097 = match({
dissect: {
tokenizer: "LU create static xlate %{hostip} ifc %{interface} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1715,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1098 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup244,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1099 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1213,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1100 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup946,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1101 = match({
dissect: {
tokenizer: "Unable to open %{protocol} channel (UDP port %{network_port}) on interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1077,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1102 = match({
dissect: {
tokenizer: "Unable to open %{protocol} trap channel (UDP port %{network_port}) on interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup850,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1103 = match({
dissect: {
tokenizer: "Unable to receive an %{protocol} request on interface %{interface}, error code = %{resultcode}, will try again.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1962,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1104 = match({
dissect: {
tokenizer: "Unable to send an %{protocol} response to IP Address %{daddr} Port %{dport} interface %{interface}, error code = %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1946,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all505 = all_match({
processors: [
dup1782,
dup1783,
dup1784,
dup1785,
dup1786,
],
on_success: processor_chain([
dup93,
dup1787,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("incoming request exceeds data buffer size"),
}),
]),
});
var msg1105 = match({
dissect: {
tokenizer: "Dropping %{protocol} request from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} because: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1280,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dropping SNMP request"),
}),
]),
});
var msg1106 = match({
dissect: {
tokenizer: "PPTP control daemon socket io %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup595,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1107 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup370,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1108 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1078,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1109 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup703,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1110 = match({
dissect: {
tokenizer: "Terminating manager session from %{saddr} on interface %{interface}.%{space}Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup548,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Terminated manager session"),
}),
]),
});
var msg1111 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1829,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1112 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup903,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1113 = match({
dissect: {
tokenizer: "%{service} error, slot = %{fld1}, device = %{fld2}, address = %{fld3}, byte count = %{bytes}. Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1699,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("i2c_read_block_w_suspend() error"),
}),
]),
});
var msg1114 = match({
dissect: {
tokenizer: "%{severity}: Duplex-mismatch on %{service} resulted in transmitter lockup. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup799,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant(" Duplex-mismatch resulted in transmitter lockup."),
}),
]),
});
var msg1115 = match({
dissect: {
tokenizer: "Denied HTTP configuration attempt from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup833,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("HTTP config denied"),
}),
]),
});
var msg1116 = match({
dissect: {
tokenizer: "Built inbound TCP connection %{fld1} for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1003,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
]),
});
var msg1117 = match({
dissect: {
tokenizer: "Built outbound TCP connection %{fld1} for faddr %{daddr}/%{dport} gaddr %{hostip}/%{network_port} laddr %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1004,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
]),
});
var msg1118 = match({
dissect: {
tokenizer: "Built TCP connection %{fld1} for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1005,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1119 = match({
dissect: {
tokenizer: "Built outbound TCP connection %{fld1} for %{dinterface}:%{daddr}/%{dport} (%{hostip}) to %{sinterface}:%{saddr}/%{sport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1006,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1120 = match({
dissect: {
tokenizer: "Built %{direction} TCP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1007,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1121 = match({
dissect: {
tokenizer: "Teardown TCP connection %{connectionid} faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport} duration %{duration} bytes %{bytes} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup431,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
dup2349,
]),
});
var msg1122 = match({
dissect: {
tokenizer: "Teardown TCP connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup432,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
dup2349,
]),
});
var msg1123 = match({
dissect: {
tokenizer: "Built H245 connection for faddr %{saddr} laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1118,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var all506 = all_match({
processors: [
dup1727,
dup1728,
dup1729,
dup1730,
dup1731,
dup1732,
],
on_success: processor_chain([
dup33,
dup1733,
dup2313,
dup2302,
dup2287,
dup2316,
dup2288,
dup2289,
dup2351,
]),
});
var all507 = all_match({
processors: [
dup1727,
dup1728,
dup1729,
dup1734,
dup1731,
dup446,
dup1735,
],
on_success: processor_chain([
dup33,
dup1736,
dup2313,
dup2302,
dup2316,
dup2285,
dup2287,
dup2288,
dup2289,
dup2351,
]),
});
var msg1124 = match({
dissect: {
tokenizer: "Built UDP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1129,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1125 = match({
dissect: {
tokenizer: "Built outbound UDP connection %{fld1} for %{dinterface}:%{daddr}/%{dport} (%{hostip}) to %{sinterface}:%{saddr}/%{sport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1130,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1126 = match({
dissect: {
tokenizer: "Built %{direction} UDP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1131,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1127 = match({
dissect: {
tokenizer: "Denied invalid %{protocol} code %{icmpcode}, for %{sinterface}:%{saddr}/%{sport} (%{hostip}) to %{dinterface}:%{daddr}/%{dport} (%{fld3}), ICMP id %{fld4}, ICMP type %{icmptype}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1737,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
]),
});
var msg1128 = match({
dissect: {
tokenizer: "Teardown UDP connection for faddr %{saddr}/%{sport} gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1770,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
dup2345,
]),
});
var msg1129 = match({
dissect: {
tokenizer: "Teardown UDP connection %{fld1} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1771,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
dup2345,
]),
});
var msg1130 = match({
dissect: {
tokenizer: "Built conduit from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} IP version %{fld1} protocol %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1063,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1131 = match({
dissect: {
tokenizer: "Teardown conduit from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} IP version %{fld1} protocol %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup2267,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2352,
]),
});
var all508 = all_match({
processors: [
dup304,
dup305,
dup306,
dup307,
dup308,
dup309,
dup310,
],
on_success: processor_chain([
dup33,
dup311,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2353,
]),
});
var all509 = all_match({
processors: [
dup312,
dup305,
dup306,
dup307,
dup308,
dup309,
dup310,
],
on_success: processor_chain([
dup288,
dup313,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2353,
]),
});
var msg1132 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1315,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all510 = all_match({
processors: [
dup2253,
dup2254,
],
on_success: processor_chain([
dup33,
dup2255,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2351,
]),
});
var msg1133 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{domain}\\%{fld3}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{ddomain}\\%{c_username}) (%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup735,
dup2324,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var all511 = all_match({
processors: [
dup736,
dup737,
dup738,
dup739,
],
on_success: processor_chain([
dup288,
dup740,
dup2324,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var all512 = all_match({
processors: [
dup741,
dup742,
],
on_success: processor_chain([
dup288,
dup743,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var all513 = all_match({
processors: [
dup736,
dup744,
dup745,
],
on_success: processor_chain([
dup288,
dup746,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var msg1134 = match({
dissect: {
tokenizer: "%{sport} (%{stransaddr}/%{stransport})))",
field: "nwparser.p3",
},
});
var all514 = all_match({
processors: [
dup747,
dup748,
dup749,
dup750,
msg1134,
],
on_success: processor_chain([
dup288,
dup752,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var msg1135 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup753,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var msg1136 = match({
dissect: {
tokenizer: "Built outbound %{protocol} connection %{connectionid} for %{dinterface} %{daddr}/%{dport} gaddr %{hostip}/%{network_port} %{sinterface} %{saddr}/%{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup754,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var all515 = all_match({
processors: [
dup755,
dup756,
dup757,
dup750,
dup2354,
],
on_success: processor_chain([
dup288,
dup758,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var msg1137 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{domain}\\%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup759,
dup2324,
dup2301,
dup2302,
dup2285,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var msg1138 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{fld}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup760,
dup2324,
dup2301,
dup2302,
dup2285,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var msg1139 = match({
dissect: {
tokenizer: "\u003c\u003c%{result}\u003e (%{username})%{p4}",
field: "nwparser.p3",
},
});
var msg1140 = match({
dissect: {
tokenizer: "%{result} (%{username})%{p4}",
field: "nwparser.p3",
},
});
var msg1141 = match({
dissect: {
tokenizer: "(%{result}) %{p4}",
field: "nwparser.p3",
},
});
var msg1142 = match({
dissect: {
tokenizer: " %{result} %{p4}",
field: "nwparser.p3",
},
});
var select174 = linear_select([
msg1139,
msg1140,
msg1141,
msg1142,
]);
var all516 = all_match({
processors: [
dup1609,
dup1610,
dup2059,
dup2060,
select174,
],
on_success: processor_chain([
dup579,
dup2061,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all517 = all_match({
processors: [
dup2062,
dup2063,
],
on_success: processor_chain([
dup579,
dup2064,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all518 = all_match({
processors: [
dup1609,
dup2065,
dup2066,
dup2067,
],
on_success: processor_chain([
dup579,
dup2068,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all519 = all_match({
processors: [
dup2069,
dup2070,
],
on_success: processor_chain([
dup579,
dup2071,
dup2313,
dup2302,
dup2316,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1143 = match({
dissect: {
tokenizer: "%{info} (%{username})%{p4}",
field: "nwparser.p3",
},
});
var msg1144 = match({
dissect: {
tokenizer: "%{info} %{p4}",
field: "nwparser.p3",
},
});
var select175 = linear_select([
msg1143,
msg1144,
]);
var all520 = all_match({
processors: [
dup1609,
dup2072,
dup2073,
dup2074,
select175,
],
on_success: processor_chain([
dup579,
dup2075,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all521 = all_match({
processors: [
dup2076,
dup2077,
],
on_success: processor_chain([
dup579,
dup2078,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1145 = match({
dissect: {
tokenizer: "Built inbound %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})(%{domain}\\%{fld3}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})(%{fld4}) (%{username})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1254,
dup2324,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var all522 = all_match({
processors: [
dup736,
dup737,
dup1255,
dup1256,
],
on_success: processor_chain([
dup288,
dup1257,
dup2324,
dup2301,
dup2302,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var all523 = all_match({
processors: [
dup741,
dup742,
],
on_success: processor_chain([
dup288,
dup1258,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var all524 = all_match({
processors: [
dup1259,
dup1260,
dup757,
dup750,
dup2354,
],
on_success: processor_chain([
dup288,
dup1261,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.direction",
value: field("fld1"),
}),
dup2350,
]),
});
var msg1146 = match({
dissect: {
tokenizer: "Built %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1262,
dup2324,
dup2301,
dup2302,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1147 = match({
dissect: {
tokenizer: "%{bytes} (%{username})%{p4}",
field: "nwparser.p3",
},
});
var msg1148 = match({
dissect: {
tokenizer: "%{bytes} %{p4}",
field: "nwparser.p3",
},
});
var select176 = linear_select([
msg1147,
msg1148,
]);
var all525 = all_match({
processors: [
dup1609,
dup1610,
dup1611,
dup1612,
select176,
],
on_success: processor_chain([
dup579,
dup1613,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all526 = all_match({
processors: [
dup1614,
dup1615,
],
on_success: processor_chain([
dup579,
dup1616,
dup2313,
dup2302,
dup2316,
dup2285,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var all527 = all_match({
processors: [
dup1617,
dup1615,
],
on_success: processor_chain([
dup579,
dup1618,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1149 = match({
dissect: {
tokenizer: " bytes %{bytes} '%{username}' %{p6}",
field: "nwparser.p5",
},
});
var msg1150 = match({
dissect: {
tokenizer: " bytes %{bytes} (%{username}) %{p6}",
field: "nwparser.p5",
},
});
var msg1151 = match({
dissect: {
tokenizer: " bytes %{bytes} %{p6}",
field: "nwparser.p5",
},
});
var select177 = linear_select([
msg1149,
msg1150,
msg1151,
]);
var all528 = all_match({
processors: [
dup1609,
dup1619,
dup1620,
dup1621,
dup1622,
dup1623,
select177,
],
on_success: processor_chain([
dup579,
dup1624,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1152 = match({
dissect: {
tokenizer: " '%{username}' %{p6}",
field: "nwparser.p5",
},
});
var msg1153 = match({
dissect: {
tokenizer: " (%{username}) %{p6}",
field: "nwparser.p5",
},
});
var select178 = linear_select([
msg1152,
msg1153,
]);
var msg1154 = match({
dissect: {
tokenizer: " (%{username}) %{p7}",
field: "nwparser.p6",
},
});
var select179 = linear_select([
dup2356,
msg1154,
]);
var all529 = all_match({
processors: [
dup1609,
dup1619,
dup1620,
dup1625,
dup1626,
dup1627,
select178,
select179,
],
on_success: processor_chain([
dup579,
dup1628,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1155 = match({
dissect: {
tokenizer: "%{duration} bytes %{bytes}%{bytes}%{bytes}",
field: "nwparser.p3",
},
});
var all530 = all_match({
processors: [
dup1609,
dup1629,
dup1620,
dup1630,
msg1155,
],
on_success: processor_chain([
dup579,
dup1631,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1156 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection %{connectionid} for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1632,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2355,
dup2348,
]),
});
var msg1157 = match({
dissect: {
tokenizer: "Teardown %{protocol} connection for %{sinterface} %{saddr}/%{sport} gaddr %{hostip}/%{network_port} %{dinterface} %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1633,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
]),
});
var msg1158 = match({
dissect: {
tokenizer: "Built inbound GRE connection %{connectionid} from %{sinterface}:%{saddr} (%{stransaddr}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1766,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
dup2350,
]),
});
var msg1159 = match({
dissect: {
tokenizer: "Built outbound GRE connection %{connectionid} from %{dinterface}:%{daddr} (%{dtransaddr}) to %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1767,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
dup2350,
]),
});
var msg1160 = match({
dissect: {
tokenizer: "Teardown GRE connection %{connectionid} from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup1392,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2348,
set_field({
dest: "nwparser.protocol",
value: constant("GRE"),
}),
]),
});
var msg1161 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup2130,
dup2131,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1162 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{fld12}) type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p3",
},
});
var msg1163 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p3",
},
});
var msg1164 = match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p4}",
field: "nwparser.p3",
},
});
var msg1165 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p5}",
field: "nwparser.p3",
},
});
var msg1166 = match({
dissect: {
tokenizer: "%{daddr}(%{fld10})%{p4}",
field: "nwparser.p3",
},
});
var msg1167 = match({
dissect: {
tokenizer: "%{daddr} %{p4}",
field: "nwparser.p3",
},
});
var select180 = linear_select([
msg1162,
msg1163,
msg1164,
msg1165,
msg1166,
msg1167,
]);
var msg1168 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} (%{fld12}) type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p4",
},
});
var msg1169 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} type %{icmptype} code %{icmpcode} %{p5}",
field: "nwparser.p4",
},
});
var msg1170 = match({
dissect: {
tokenizer: "%{daddr}/%{dport}(%{username})%{p5}",
field: "nwparser.p4",
},
});
var msg1171 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} %{p5}",
field: "nwparser.p4",
},
});
var msg1172 = match({
dissect: {
tokenizer: "%{daddr}(%{fld10})%{p5}",
field: "nwparser.p4",
},
});
var msg1173 = match({
dissect: {
tokenizer: "%{daddr} %{p5}",
field: "nwparser.p4",
},
});
var select181 = linear_select([
msg1168,
msg1169,
msg1170,
msg1171,
msg1172,
msg1173,
]);
var all531 = all_match({
processors: [
dup1214,
dup1215,
dup1216,
dup1217,
select180,
select181,
],
on_success: processor_chain([
dup288,
dup1218,
dup2313,
dup2302,
dup2316,
dup2286,
dup2312,
dup2288,
dup2289,
dup2346,
]),
});
var all532 = all_match({
processors: [
dup1219,
dup1220,
],
on_success: processor_chain([
dup288,
dup1221,
dup2313,
dup2302,
dup2316,
dup2286,
dup2312,
dup2288,
dup2289,
dup2347,
]),
});
var all533 = all_match({
processors: [
dup1222,
dup1223,
],
on_success: processor_chain([
dup288,
dup1224,
dup2313,
dup2302,
dup2316,
dup2286,
dup2312,
dup2288,
dup2289,
dup2347,
]),
});
var all534 = all_match({
processors: [
dup1225,
dup1226,
],
on_success: processor_chain([
dup288,
dup1227,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2346,
]),
});
var msg1174 = match({
dissect: {
tokenizer: "%{saddr}(%{fld11})%{p4}",
field: "nwparser.p3",
},
});
var msg1175 = match({
dissect: {
tokenizer: "%{saddr} %{p4}",
field: "nwparser.p3",
},
});
var select182 = linear_select([
msg1174,
msg1175,
]);
var all535 = all_match({
processors: [
dup1228,
dup1229,
dup1230,
dup1231,
select182,
],
on_success: processor_chain([
dup288,
dup1232,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2347,
]),
});
var msg1176 = match({
dissect: {
tokenizer: "Built ICMP connection for faddr %{saddr} gaddr %{hostip} laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup1233,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all536 = all_match({
processors: [
dup1245,
dup1246,
dup1247,
dup2357,
],
on_success: processor_chain([
dup579,
dup1248,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2348,
dup2308,
]),
});
var msg1177 = match({
dissect: {
tokenizer: "%{icmptype} code %{icmpcode}%{icmpcode}%{icmpcode}",
field: "nwparser.p2",
},
});
var all537 = all_match({
processors: [
dup1249,
dup1246,
dup1250,
msg1177,
],
on_success: processor_chain([
dup579,
dup1251,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2348,
dup2308,
]),
});
var all538 = all_match({
processors: [
dup1252,
dup1246,
dup1247,
dup2357,
],
on_success: processor_chain([
dup579,
dup1253,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2348,
dup2308,
]),
});
var msg1178 = match({
dissect: {
tokenizer: "Built IP protocol %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} (%{stransaddr}) to %{dinterface}:%{daddr} (%{dtransaddr})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup875,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var all539 = all_match({
processors: [
dup371,
dup433,
dup876,
],
on_success: processor_chain([
dup288,
dup877,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2350,
]),
});
var msg1179 = match({
dissect: {
tokenizer: "Teardown IP protocol %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration} bytes %{bytes}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup905,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2352,
]),
});
var msg1180 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} forwarded bytes %{bytes} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup906,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all540 = all_match({
processors: [
dup371,
dup433,
dup373,
],
on_success: processor_chain([
dup288,
dup434,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2358,
]),
});
var msg1181 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} forwarded bytes %{bytes} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1367,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2352,
]),
});
var all541 = all_match({
processors: [
dup371,
dup372,
dup373,
],
on_success: processor_chain([
dup288,
dup374,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2358,
]),
});
var msg1182 = match({
dissect: {
tokenizer: "Teardown stub %{protocol} connection %{connectionid} for %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration} bytes %{bytes} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup969,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2352,
]),
});
var msg1183 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1374,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1184 = match({
dissect: {
tokenizer: "Built %{protocol} state-bypass connection %{connectionid} from %{sinterface}:%{saddr}/%{sport} (%{stransaddr}/%{stransport}) to %{dinterface}:%{daddr}/%{dport} (%{dtransaddr}/%{dtransport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup932,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Built state-bypass connection"),
}),
]),
});
var msg1185 = match({
dissect: {
tokenizer: "Teardown %{protocol} state-bypass connection %{connectionid} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration} bytes %{bytes} %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup640,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Teardown state-bypass connection"),
}),
]),
});
var all542 = all_match({
processors: [
dup173,
dup2241,
],
on_success: processor_chain([
dup288,
dup2242,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2359,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var all543 = all_match({
processors: [
dup2243,
dup4,
dup2244,
],
on_success: processor_chain([
dup288,
dup2245,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1186 = match({
dissect: {
tokenizer: "%{daddr} %{action} %{saddr}:%{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup2246,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2359,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var msg1187 = match({
dissect: {
tokenizer: "FTP %{action} command denied, terminating connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2277,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("command denied"),
}),
]),
});
var msg1188 = match({
dissect: {
tokenizer: "FTP %{action} command unsupported - failed strict inspection, %{result} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup506,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("FTP command unsupported - failed strict inspection"),
}),
]),
});
var msg1189 = match({
dissect: {
tokenizer: "Strict FTP inspection matched Class 25: %{info}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1166,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Strict FTP inspection matched Class 25"),
}),
]),
});
var all544 = all_match({
processors: [
dup173,
dup174,
dup175,
dup176,
],
on_success: processor_chain([
dup177,
dup178,
dup2286,
dup2287,
dup2288,
dup2289,
dup2364,
dup2365,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var all545 = all_match({
processors: [
dup179,
dup180,
dup181,
],
on_success: processor_chain([
dup177,
dup182,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2364,
dup2365,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var msg1190 = match({
dissect: {
tokenizer: "Access denied URL %{url} SRC %{saddr} DEST %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1575,
dup2286,
dup2287,
dup2288,
dup2289,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var msg1191 = match({
dissect: {
tokenizer: "Access denied URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1576,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2360,
dup2361,
dup2362,
dup2363,
]),
});
var msg1192 = match({
dissect: {
tokenizer: "URL Server %{hostip} timed out URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup936,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1193 = match({
dissect: {
tokenizer: "URL Server %{hostip} request failed URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup1655,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1194 = match({
dissect: {
tokenizer: "URL Server %{hostip} request pending URL %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup1165,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1195 = match({
dissect: {
tokenizer: "URL Server %{hostip} not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup336,
dup337,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1196 = match({
dissect: {
tokenizer: "URL Server %{hostip} not responding, ENTERING ALLOW mode",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup675,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all546 = all_match({
processors: [
dup642,
dup643,
],
on_success: processor_chain([
dup14,
dup644,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1197 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2151,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1198 = match({
dissect: {
tokenizer: "Portmapped translation built for gaddr %{hostip}/%{network_port} laddr %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1929,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Portmapped translation built"),
}),
]),
});
var msg1199 = match({
dissect: {
tokenizer: "Translation built for gaddr %{hostip} to laddr %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1427,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Translation built"),
}),
]),
});
var msg1200 = match({
dissect: {
tokenizer: "Teardown translation for global %{hostip} local %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup590,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1201 = match({
dissect: {
tokenizer: "Teardown translation for %{hostip} %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup591,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1202 = match({
dissect: {
tokenizer: "Teardown portmap translation for global %{hostip}/%{network_port} local %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("teardown portmap translation"),
}),
]),
});
var msg1203 = match({
dissect: {
tokenizer: "No translation group found for %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup870,
dup2286,
dup2287,
dup2288,
dup2289,
dup2367,
]),
});
var msg1204 = match({
dissect: {
tokenizer: "No translation group found for icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup871,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2367,
dup2306,
]),
});
var msg1205 = match({
dissect: {
tokenizer: "No translation group found for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup872,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2367,
]),
});
var msg1206 = match({
dissect: {
tokenizer: "No translation group found for protocol %{protocol} src %{saddr} dst %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup873,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2367,
]),
});
var msg1207 = match({
dissect: {
tokenizer: "%{service} translation creation failed for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1270,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed for protocol"),
}),
]),
});
var msg1208 = match({
dissect: {
tokenizer: "%{service} translation creation failed for %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1271,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2368,
]),
});
var msg1209 = match({
dissect: {
tokenizer: "%{service} translation creation failed for icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1272,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2306,
dup2368,
]),
});
var msg1210 = match({
dissect: {
tokenizer: "%{fld1}(): Orphan IP %{hostip} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2167,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Orphan IP detected on interface"),
}),
]),
});
var msg1211 = match({
dissect: {
tokenizer: "Free unallocated global IP address.%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1669,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("trying to free unallocated global address"),
}),
]),
});
var msg1212 = match({
dissect: {
tokenizer: "Built %{context} translation from %{sinterface}:%{saddr} to %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup119,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2369,
]),
});
var msg1213 = match({
dissect: {
tokenizer: "Teardown %{context} translation from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1360,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1214 = match({
dissect: {
tokenizer: "Teardown %{context} translation from %{sinterface}:%{saddr} to %{dinterface}:%{daddr} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1361,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1215 = match({
dissect: {
tokenizer: "Built %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport}(%{fld51}) to %{dinterface}(%{fld52}):%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup937,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2369,
]),
});
var all547 = all_match({
processors: [
dup938,
dup921,
dup2370,
],
on_success: processor_chain([
dup33,
dup940,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2369,
]),
});
var msg1216 = match({
dissect: {
tokenizer: "%{daddr}/%{dport}%{dport}",
field: "nwparser.p1",
},
});
var all548 = all_match({
processors: [
dup941,
dup924,
msg1216,
],
on_success: processor_chain([
dup33,
dup942,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2369,
]),
});
var msg1217 = match({
dissect: {
tokenizer: "Teardown %{context} %{protocol} translation from %{sinterface}:%{saddr}/%{sport}(%{fld51}) to %{dinterface}(%{fld52}):%{daddr}/%{dport} duration %{duration}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup919,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1218 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} duration %{duration}%{duration}",
field: "nwparser.p1",
},
});
var all549 = all_match({
processors: [
dup920,
dup921,
msg1218,
],
on_success: processor_chain([
dup33,
dup922,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1219 = match({
dissect: {
tokenizer: "%{daddr}/%{dport} duration %{duration}%{duration}",
field: "nwparser.p1",
},
});
var all550 = all_match({
processors: [
dup923,
dup924,
msg1219,
],
on_success: processor_chain([
dup33,
dup925,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2366,
]),
});
var msg1220 = match({
dissect: {
tokenizer: "%{dinterface}:%{daddr}/%{dport} denied due to NAT reverse path failure denied due to NAT reverse path failure",
field: "nwparser.p1",
},
});
var all551 = all_match({
processors: [
dup1867,
dup1868,
msg1220,
],
on_success: processor_chain([
dup412,
dup1869,
dup2286,
dup2312,
dup2288,
dup2289,
dup2303,
dup2304,
dup2371,
]),
});
var msg1221 = match({
dissect: {
tokenizer: "%{result}; Connection for %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1870,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
dup2371,
]),
});
var msg1222 = match({
dissect: {
tokenizer: "System CPU utilization reached %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1493,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1223 = match({
dissect: {
tokenizer: "%{result}; Connection for protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup1871,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2304,
dup2371,
]),
});
var msg1224 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1832,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1225 = match({
dissect: {
tokenizer: "Denied %{protocol} login session from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup984,
dup2286,
dup2287,
dup2288,
dup2289,
dup2372,
dup2373,
dup2374,
]),
});
var msg1226 = match({
dissect: {
tokenizer: "Denied %{protocol} login session from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup985,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2372,
dup2373,
dup2374,
]),
});
var msg1227 = match({
dissect: {
tokenizer: "%{result} session from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup734,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1228 = match({
dissect: {
tokenizer: "telnet login session failed from %{saddr} (%{result}) on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1844,
dup1845,
dup2302,
dup2335,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2375,
]),
});
var msg1229 = match({
dissect: {
tokenizer: "telnet login session failed from %{saddr} (%{result})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1844,
dup1846,
dup2302,
dup2335,
dup2320,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2375,
]),
});
var msg1230 = match({
dissect: {
tokenizer: "Telnet session limit exceeded.%{space}Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup350,
dup2286,
dup2287,
dup2288,
dup2289,
dup2376,
]),
});
var all552 = all_match({
processors: [
dup87,
dup88,
],
on_success: processor_chain([
dup89,
dup90,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("enable password incorrect - multiple tries"),
}),
]),
});
var msg1231 = match({
dissect: {
tokenizer: "static %{fld1} %{fld2} %{fld3} %{fld4} overlapped with %{fld5} %{fld6}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1176,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1232 = match({
dissect: {
tokenizer: "Denied manager connection from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1681,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("denied manager connection"),
}),
]),
});
var msg1233 = match({
dissect: {
tokenizer: "Permitted manager connection from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup167,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("permitted manager connection"),
}),
]),
});
var msg1234 = match({
dissect: {
tokenizer: "Manager session limit exceeded. Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1342,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Manager session limit exceeded"),
}),
]),
});
var msg1235 = match({
dissect: {
tokenizer: "LU loading standby start%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1765,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("LU loading standby start"),
}),
dup2288,
dup2289,
]),
});
var msg1236 = match({
dissect: {
tokenizer: "LU loading standby end%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup858,
dup859,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("LU loading standby end"),
}),
dup2288,
dup2289,
]),
});
var msg1237 = match({
dissect: {
tokenizer: "LU recv thread up%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2037,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("LU recv thread"),
}),
dup2288,
dup2289,
]),
});
var msg1238 = match({
dissect: {
tokenizer: "LU xmit thread up%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup300,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("LU xmit thread up"),
}),
dup2288,
dup2289,
]),
});
var msg1239 = match({
dissect: {
tokenizer: "RIP hdr failed from %{saddr}: cmd=%{fld1}, version=%{fld2} domain=%{fld3} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1234,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1240 = match({
dissect: {
tokenizer: "Denied ICMP type=%{icmptype}, code=%{icmpcode} from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup567,
dup2286,
dup2287,
dup2288,
dup2289,
dup2308,
dup2304,
]),
});
var msg1241 = match({
dissect: {
tokenizer: "Invalid destination %{result} destination %{fld1} on %{interface} interface. %{space} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup345,
dup2286,
dup2287,
dup2288,
dup2289,
dup2308,
dup2377,
]),
});
var msg1242 = match({
dissect: {
tokenizer: "Invalid destination %{result} on %{interface} interface. %{space} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup346,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2377,
]),
});
var msg1243 = match({
dissect: {
tokenizer: "Denied ICMP type=%{icmptype}, from laddr %{saddr} on interface %{interface} to %{daddr}: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup593,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2308,
set_field({
dest: "nwparser.event_description",
value: constant("Denied ICMP"),
}),
]),
});
var msg1244 = match({
dissect: {
tokenizer: "Denied %{protocol} type=%{icmptype}, from %{saddr} on interface %{interface} to %{daddr}:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup566,
dup594,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Denied connection"),
}),
]),
});
var msg1245 = match({
dissect: {
tokenizer: "No matching connection for ICMP error message: icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode}) on %{interface} interface. Original IP payload:%{info}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2089,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("No matching connection for error message"),
}),
]),
});
var all553 = all_match({
processors: [
dup1634,
dup1635,
dup1636,
dup1637,
dup1638,
dup446,
dup1639,
dup1640,
dup1641,
],
on_success: processor_chain([
dup33,
dup1642,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocated connection"),
}),
]),
});
var msg1246 = match({
dissect: {
tokenizer: "Denied SSH session from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1928,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Denied session"),
}),
]),
});
var all554 = all_match({
processors: [
dup1484,
dup4,
],
on_success: processor_chain([
dup141,
dup1485,
dup2321,
dup2335,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Permitted session"),
}),
]),
});
var all555 = all_match({
processors: [
dup414,
dup4,
],
on_success: processor_chain([
dup89,
dup415,
dup2286,
dup2287,
dup2288,
dup2289,
dup2378,
]),
});
var all556 = all_match({
processors: [
dup416,
dup417,
],
on_success: processor_chain([
dup89,
dup418,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2378,
]),
});
var msg1247 = match({
dissect: {
tokenizer: "RSA host key retrieval failed.%{}",
field: "nwparser.p1",
},
});
var all557 = all_match({
processors: [
dup91,
dup92,
msg1247,
],
on_success: processor_chain([
dup93,
dup94,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1248 = match({
dissect: {
tokenizer: "SSH session limit exceeded.%{space}Connection request from %{saddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup878,
dup2286,
dup2287,
dup2288,
dup2289,
dup2376,
]),
});
var all558 = all_match({
processors: [
dup1327,
dup1328,
dup1329,
dup1330,
],
on_success: processor_chain([
dup579,
dup1331,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("session disconnected"),
}),
]),
});
var all559 = all_match({
processors: [
dup1327,
dup1328,
dup1332,
],
on_success: processor_chain([
dup579,
dup1333,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("terminated normally"),
}),
]),
});
var msg1249 = match({
dissect: {
tokenizer: "Denied new tunnel to %{saddr} VPN peer limit (%{fld1}) exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup424,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("denied new VPN tunnel"),
}),
set_field({
dest: "nwparser.result",
value: constant("VPN peer limit exceeded"),
}),
]),
});
var all560 = all_match({
processors: [
dup425,
dup426,
dup427,
],
on_success: processor_chain([
dup285,
dup428,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("cannot create isakmp peers"),
}),
set_field({
dest: "nwparser.result",
value: constant("peer limit exceeded"),
}),
]),
});
var msg1250 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1504,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1251 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1943,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1252 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1241,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1253 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1812,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1254 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1119,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1255 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup525,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1256 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1698,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1257 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup517,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1258 = match({
dissect: {
tokenizer: "area %{fld1} lsid %{fld2} mask %{fld3} adv %{fld4} type %{fld5}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2031,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1259 = match({
dissect: {
tokenizer: "lsid %{fld1} adv %{fld2} type %{fld3} gateway %{fld4} metric %{fld5} network %{fld6} mask %{fld7} protocol %{protocol} attr %{fld8} net-metric %{fld9}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup978,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1260 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1552,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1261 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup631,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1262 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup50,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1263 = match({
dissect: {
tokenizer: "Acknowledge for arp update for IP address %{daddr} not received (%{count}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1486,
dup2285,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Acknowledge for arp update"),
}),
dup2288,
dup2289,
]),
});
var msg1264 = match({
dissect: {
tokenizer: "The subject name of the peer cert is not allowed for connection%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1487,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("The subject name of the peer cert is not allowed for connection"),
}),
dup2288,
dup2289,
]),
});
var msg1265 = match({
dissect: {
tokenizer: "Route update for IP address %{daddr} to %{fld1} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1872,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("route update failure"),
}),
]),
});
var msg1266 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup2012,
dup2340,
dup2320,
dup2321,
dup2335,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1267 = match({
dissect: {
tokenizer: "Resource %{fld1} limit of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup375,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1268 = match({
dissect: {
tokenizer: "Resource %{fld1} limit of %{fld2} reached for context %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup376,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1269 = match({
dissect: {
tokenizer: "Resource %{fld1} rate limit of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup660,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1270 = match({
dissect: {
tokenizer: "Resource %{fld1} log level of %{fld2} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1505,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1271 = match({
dissect: {
tokenizer: "Resource %{fld1} rate log level of %{fld2} %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1873,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1272 = match({
dissect: {
tokenizer: "Deny MAC address %{daddr}, possible spoof attempt on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup933,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("denied mac address"),
}),
set_field({
dest: "nwparser.result",
value: constant("possible spoof attempt"),
}),
]),
});
var msg1273 = match({
dissect: {
tokenizer: "ARP inspection check failed for arp request received from host %{smacaddr} on interface %{interface}.%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1880,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1274 = match({
dissect: {
tokenizer: "ARP inspection check failed for arp response received from host %{smacaddr} on interface %{interface}.%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1090,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1275 = match({
dissect: {
tokenizer: "No management IP address configured for transparent firewall. %{result} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1951,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("No management IP address configured for transparent firewall"),
}),
]),
});
var msg1276 = match({
dissect: {
tokenizer: "Module in slot %{fld1} experienced a control channel communication failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup661,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1277 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not able to shut down, shut down request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1157,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1278 = match({
dissect: {
tokenizer: "Module in slot %{fld1} is not able to reload, reload request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1120,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1279 = match({
dissect: {
tokenizer: " experienced a data channel communication failure, data channel is DOWN%{}",
field: "nwparser.p0",
},
});
var all561 = all_match({
processors: [
dup617,
msg1279,
],
on_success: processor_chain([
dup125,
dup618,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("data channel communication failure - data channel is DOWN"),
}),
]),
});
var all562 = all_match({
processors: [
dup1308,
dup1309,
dup1310,
],
on_success: processor_chain([
dup285,
dup1311,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Drop GTPv"),
}),
]),
});
var msg1280 = match({
dissect: {
tokenizer: "GTPv0 packet parsing error from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, TID: %{fld1}, Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup163,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("GTPv0 packet parsing error"),
}),
]),
});
var msg1281 = match({
dissect: {
tokenizer: "No %{fld1} exists to process GTPv0 %{fld2} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, TID: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup347,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("nonexistent resource to process GTP request"),
}),
]),
});
var msg1282 = match({
dissect: {
tokenizer: "No matching request to process GTPv %{fld2} %{fld3} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2042,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("No matching GTP request"),
}),
]),
});
var msg1283 = match({
dissect: {
tokenizer: "GTP packet with version %{status} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} is not supported",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1158,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("GTP version not supported"),
}),
]),
});
var msg1284 = match({
dissect: {
tokenizer: "Unable to create tunnel from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup561,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Unable to create tunnel"),
}),
]),
});
var msg1285 = match({
dissect: {
tokenizer: "GSN ip_addr tunnel limit %{fld1} exceeded, PDP Context TID %{fld2} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1573,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1286 = match({
dissect: {
tokenizer: "Unable to create GTP connection for response from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup377,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Unable to create GTP connection"),
}),
]),
});
var msg1287 = match({
dissect: {
tokenizer: "Router %{hostip_v6} on %{interface} has conflicting ND (Neighbor Discovery) settings",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup1377,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1288 = match({
dissect: {
tokenizer: "Duplicate address %{hostip_v6}/%{macaddr} on %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2190,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1289 = match({
dissect: {
tokenizer: "Unexpected error in the timer library: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup613,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1290 = match({
dissect: {
tokenizer: "Dynamic DNS Update for '%{domain}' \u003c\u003c=\u003e %{hostip} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup1899,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic DNS Update failed"),
}),
]),
});
var msg1291 = match({
dissect: {
tokenizer: "Web Cache %{saddr}/%{shost} acquired",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup907,
dup2286,
dup2287,
dup2288,
dup2289,
dup2379,
]),
});
var msg1292 = match({
dissect: {
tokenizer: "Web Cache %{saddr}/%{shost} lost",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup120,
dup2286,
dup2287,
dup2288,
dup2289,
dup2379,
]),
});
var msg1293 = match({
dissect: {
tokenizer: "NAC is disabled for host - %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1098,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("NAC is disabled"),
}),
]),
});
var msg1294 = match({
dissect: {
tokenizer: "%{group}: %{fld1} Neighbor %{saddr} (%{interface}) is %{event_state}: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1942,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Neighbor state change"),
}),
]),
});
var msg1295 = match({
dissect: {
tokenizer: "Phone Proxy SRTP: Media session not found for %{hostip}/%{network_port} for packet from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1438,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Phone Proxy SRTP: Media session not found"),
}),
]),
});
var msg1296 = match({
dissect: {
tokenizer: "Phone Proxy: Unable to create secure phone entry for %{sinterface}:%{saddr} with MAC address %{smacaddr}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup659,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to create secure phone entry for endpoint"),
}),
]),
});
var all563 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup549,
],
on_success: processor_chain([
dup33,
dup550,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all564 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup910,
],
on_success: processor_chain([
dup33,
dup911,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all565 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup454,
],
on_success: processor_chain([
dup33,
dup455,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1297 = match({
dissect: {
tokenizer: "%{severity}, category: %{result}%{result}",
field: "nwparser.p5",
},
});
var all566 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup1419,
dup1420,
msg1297,
],
on_success: processor_chain([
dup33,
dup1421,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all567 = all_match({
processors: [
dup249,
dup250,
dup1964,
],
on_success: processor_chain([
dup33,
dup1965,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all568 = all_match({
processors: [
dup249,
dup250,
dup1506,
],
on_success: processor_chain([
dup33,
dup1507,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all569 = all_match({
processors: [
dup249,
dup250,
dup1757,
],
on_success: processor_chain([
dup33,
dup1758,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all570 = all_match({
processors: [
dup249,
dup250,
dup251,
],
on_success: processor_chain([
dup33,
dup252,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all571 = all_match({
processors: [
dup249,
dup250,
dup1273,
],
on_success: processor_chain([
dup33,
dup1274,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all572 = all_match({
processors: [
dup249,
dup250,
dup2038,
],
on_success: processor_chain([
dup33,
dup2039,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all573 = all_match({
processors: [
dup249,
dup250,
dup2268,
],
on_success: processor_chain([
dup33,
dup2269,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all574 = all_match({
processors: [
dup249,
dup250,
dup632,
dup633,
dup634,
],
on_success: processor_chain([
dup33,
dup635,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic Filter monitored whitelisted traffic"),
}),
]),
});
var all575 = all_match({
processors: [
dup249,
dup250,
dup452,
dup453,
dup2283,
],
on_success: processor_chain([
dup33,
dup2284,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all576 = all_match({
processors: [
dup249,
dup250,
dup632,
dup453,
dup2234,
],
on_success: processor_chain([
dup33,
dup2235,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all577 = all_match({
processors: [
dup249,
dup250,
dup1159,
],
on_success: processor_chain([
dup33,
dup1160,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all578 = all_match({
processors: [
dup249,
dup250,
dup1738,
],
on_success: processor_chain([
dup33,
dup1739,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all579 = all_match({
processors: [
dup1161,
dup1162,
dup1163,
],
on_success: processor_chain([
dup33,
dup1164,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Intercepted DNS reply for name"),
}),
]),
});
var all580 = all_match({
processors: [
dup1499,
dup1500,
dup1501,
],
on_success: processor_chain([
dup528,
dup1502,
dup2380,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all581 = all_match({
processors: [
dup556,
dup557,
dup558,
],
on_success: processor_chain([
dup437,
dup559,
dup2333,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1298 = match({
dissect: {
tokenizer: "Successfully downloaded dynamic filter data file from updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1813,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1299 = match({
dissect: {
tokenizer: "Failed to download dynamic filter data file from updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup351,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1300 = match({
dissect: {
tokenizer: "Failed to authenticate with dynamic filter updater server %{url}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1749,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1301 = match({
dissect: {
tokenizer: "Failed to decrypt downloaded dynamic filter database file%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup1975,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1302 = match({
dissect: {
tokenizer: "Dynamic filter updater server dynamically changed from %{change_old} to %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup95,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic filter updater server dynamically changed"),
}),
]),
});
var msg1303 = match({
dissect: {
tokenizer: "The license on this ASA does not support dynamic filter updater feature.%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup1643,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1304 = match({
dissect: {
tokenizer: "Failed to update from dynamic filter updater server %{web_domain}, reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup262,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1305 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup774,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1306 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup242,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1307 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2200,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1308 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1151,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1309 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1700,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1310 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1952,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1311 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1953,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1312 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2201,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1313 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup596,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1314 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup584,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1315 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2247,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1316 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1909,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1317 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1193,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1318 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2256,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1319 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1047,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1320 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup169,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1321 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup2119,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1322 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1001,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1323 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup677,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1324 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup701,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1325 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup301,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1326 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup405,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1327 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1458,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1328 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1307,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1329 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1292,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1330 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1586,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1331 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup2280,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1332 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1847,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1333 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1276,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1334 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup842,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1335 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup598,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1336 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup171,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1337 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup170,
dup2248,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1338 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup1172,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1339 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup2030,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1340 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup645,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1341 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup1277,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1342 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup2007,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1343 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1761,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1344 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1194,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1345 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1275,
dup1429,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1346 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup1684,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1347 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup2191,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1348 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1091,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1349 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1901,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1350 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1648,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1351 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup1817,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1352 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup597,
dup851,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1353 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup795,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1354 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup1685,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1355 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup794,
dup2047,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1356 = match({
dissect: {
tokenizer: "%{product}:%{sigid} %{context} from %{saddr} to %{daddr} on interface %{dinterface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1938,
dup1939,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2381,
dup2382,
dup2383,
]),
});
var msg1357 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup504,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all582 = all_match({
processors: [
dup614,
],
on_success: processor_chain([
dup528,
dup615,
dup2380,
dup2290,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shun(s) added"),
}),
]),
});
var all583 = all_match({
processors: [
dup1976,
dup1977,
dup1978,
],
on_success: processor_chain([
dup437,
dup1979,
dup2333,
dup2290,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shun deleted"),
}),
dup2288,
dup2289,
]),
});
var all584 = all_match({
processors: [
dup1422,
dup1423,
],
on_success: processor_chain([
dup285,
dup1424,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Packet dropped"),
}),
]),
});
var all585 = all_match({
processors: [
dup1422,
dup2013,
dup2014,
],
on_success: processor_chain([
dup1855,
dup2015,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("Shun add failed"),
}),
dup2288,
dup2289,
]),
});
var msg1358 = match({
dissect: {
tokenizer: "%{fld1}: rec'd IPSEC packet has invalid spi for destaddr=%{daddr}, prot=%{protocol}, spi=%{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1822,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2384,
set_field({
dest: "nwparser.result",
value: constant("invalid spi"),
}),
]),
});
var msg1359 = match({
dissect: {
tokenizer: "%{fld1}: packet missing %{fld2}, destadr=%{daddr}, actual prot=%{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("invalid packet"),
}),
set_field({
dest: "nwparser.result",
value: constant("missing packet type"),
}),
]),
});
var all586 = all_match({
processors: [
dup363,
dup364,
dup365,
],
on_success: processor_chain([
dup55,
dup366,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("identity doesn't match"),
}),
dup2288,
dup2289,
]),
});
var msg1360 = match({
dissect: {
tokenizer: "Rec'd packet not an IPSEC packet %{space} (ip) dest_addr= %{daddr}, src_addr= %{saddr}, prot= %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup934,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2384,
]),
});
var msg1361 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet %{space} (%{result}) from %{saddr} to %{daddr} with an invalid SPI",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup970,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received an ESP packet with an invalid SPI"),
}),
]),
});
var all587 = all_match({
processors: [
dup648,
dup208,
dup1547,
],
on_success: processor_chain([
dup55,
dup1548,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Bad ESP packet"),
}),
dup2385,
]),
});
var msg1362 = match({
dissect: {
tokenizer: "IPSEC: Received a non-IPSec packet (protocol= %{protocol}) from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup456,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2384,
dup2385,
]),
});
var msg1363 = match({
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{protocol}, sequence number=%{fld1}) from %{saddr} (user=%{username}) to %{daddr} containing an illegal IP fragment of length %{dclass_counter1} with offset %{dclass_counter2}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2202,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("illegal IP fragment on IPSEC packet"),
}),
dup2385,
]),
});
var all588 = all_match({
processors: [
dup648,
dup208,
dup649,
],
on_success: processor_chain([
dup55,
dup650,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESP packet that failed anti-replay checking"),
}),
dup2385,
]),
});
var all589 = all_match({
processors: [
dup648,
dup208,
dup1494,
],
on_success: processor_chain([
dup55,
dup1495,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESP packet that failed authentication"),
}),
]),
});
var msg1364 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} encountered an error (%{context}) while executing the command %{process}(%{info}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup865,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2386,
]),
});
var msg1365 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} encountered an error (%{info})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1121,
dup1293,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2386,
]),
});
var msg1366 = match({
dissect: {
tokenizer: "CRYPTO: The %{product} timed out (%{info})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1121,
dup1122,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("hardware accelerator Ipsec ring timed out"),
}),
]),
});
var all590 = all_match({
processors: [
dup1393,
dup540,
dup1394,
],
on_success: processor_chain([
dup125,
dup1395,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Crypto archive - soft reset"),
}),
]),
});
var all591 = all_match({
processors: [
dup539,
dup540,
dup541,
],
on_success: processor_chain([
dup125,
dup542,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Latest Crypto File not written"),
}),
]),
});
var msg1367 = match({
dissect: {
tokenizer: "CRYPTO: Received an ESP packet (SPI = %{dst_spi}, sequence number= %{fld2}) from %{saddr} (user= %{username}) to %{daddr} with incorrect IPsec padding. (padding: %{fld3})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup343,
dup1242,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Received an ESP packet with incorrect IPsec padding"),
}),
]),
});
var msg1368 = match({
dissect: {
tokenizer: "PPTP session state not established, but received an XGRE packet, tunnel_id=%{fld1}, session_id=%{sessionid}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2115,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1369 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} rcvd pkt with invalid protocol: %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2043,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1370 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2261,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1371 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} requires mschap for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1441,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1372 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} requires RADIUS for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1818,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1373 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} missing aaa server group info",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup800,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1374 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} missing client %{hostip} option",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1362,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1375 = match({
dissect: {
tokenizer: "Rec'd packet not an PPTP packet. (%{service}) dest_addr=%{daddr}, src_addr=%{saddr}, data: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup1814,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("invalid PPTP packet"),
}),
]),
});
var msg1376 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup1997,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1377 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup2168,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1378 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup164,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1379 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup912,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1380 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1076,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1381 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2281,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1382 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2152,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1383 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1947,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1384 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1412,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1385 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup137,
dup138,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all592 = all_match({
processors: [
dup1980,
],
on_success: processor_chain([
dup1981,
dup1982,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1386 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup253,
dup254,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all593 = all_match({
processors: [
dup687,
dup688,
dup689,
dup690,
dup74,
dup691,
dup692,
dup693,
dup694,
dup695,
],
on_success: processor_chain([
dup93,
dup696,
dup2286,
dup2287,
dup2387,
dup2288,
dup2289,
]),
});
var all594 = all_match({
processors: [
dup687,
dup688,
dup1874,
dup690,
dup74,
dup691,
dup692,
dup693,
dup694,
dup695,
],
on_success: processor_chain([
dup93,
dup1875,
dup2286,
dup2287,
dup2387,
dup2288,
dup2289,
]),
});
var msg1387 = match({
dissect: {
tokenizer: "H225 message from %{saddr}/%{sport} to %{daddr}/%{dport} contains bad protocol discriminator %{protocol}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup2169,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("H225 message contains bad protocol discriminator"),
}),
]),
});
var msg1388 = match({
dissect: {
tokenizer: "H225 message %{fld} received from %{saddr}/%{sport} to %{daddr}/%{dport} before SETUP",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup783,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("H225 message received from before SETUP"),
}),
]),
});
var all595 = all_match({
processors: [
dup2170,
dup2171,
dup2172,
],
on_success: processor_chain([
dup93,
dup2173,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1389 = match({
dissect: {
tokenizer: "FTP port command low port: %{saddr}/%{sport} to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup227,
dup2016,
dup2286,
dup2287,
dup2288,
dup2289,
dup2388,
]),
});
var msg1390 = match({
dissect: {
tokenizer: "FTP port command different address: %{saddr}(%{fld1}) to %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup227,
dup228,
dup2286,
dup2287,
dup2288,
dup2289,
dup2388,
]),
});
var msg1391 = match({
dissect: {
tokenizer: "Deny traffic for protocol %{protocol} src %{sinterface}:%{saddr}/%{sport} dst %{dinterface}:%{daddr}/%{dport}, licensed host limit of %{fld1} exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup1876,
dup2302,
dup2300,
dup2301,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1392 = match({
dissect: {
tokenizer: "Deny traffic for local-host %{interface}:%{hostip}, license limit of %{fld1} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup258,
dup1553,
dup2302,
dup2300,
dup2301,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("denied traffic"),
}),
set_field({
dest: "nwparser.result",
value: constant("license limit exceeded"),
}),
]),
});
var msg1393 = match({
dissect: {
tokenizer: "Embryonic limit %{fld1}/%{fld2} for through connections exceeded. %{saddr}/%{sport} to %{daddr} (%{fld3})/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1740,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2341,
dup2389,
]),
});
var msg1394 = match({
dissect: {
tokenizer: "Embryonic limit for through connections exceeded %{fld1}. %{saddr}/%{sport} to %{daddr} (%{fld2})/%{dport} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1741,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2341,
dup2389,
]),
});
var msg1395 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1656,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all596 = all_match({
processors: [
dup1554,
dup1555,
dup1556,
],
on_success: processor_chain([
dup1557,
dup1558,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Ospf IA update conflict"),
}),
]),
});
var msg1396 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1910,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1397 = match({
dissect: {
tokenizer: "%{fld1}: external LSA %{hostip} %{fld}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup488,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all597 = all_match({
processors: [
dup314,
dup315,
],
on_success: processor_chain([
dup316,
dup317,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1398 = match({
dissect: {
tokenizer: "Received %{result} from unknown neighbor %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1173,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1399 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup490,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1400 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1187,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1401 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1934,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1402 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1533,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1403 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup491,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1404 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1359,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1405 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup379,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1406 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1963,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1407 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1363,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all598 = all_match({
processors: [
dup1649,
dup4,
dup1650,
],
on_success: processor_chain([
dup334,
dup1651,
dup2325,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Auth-server group unreachable"),
}),
]),
});
var all599 = all_match({
processors: [
dup801,
dup802,
dup803,
dup804,
dup805,
dup806,
dup807,
],
on_success: processor_chain([
dup808,
dup809,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2390,
]),
});
var all600 = all_match({
processors: [
dup801,
dup802,
dup810,
dup811,
dup805,
dup812,
dup807,
],
on_success: processor_chain([
dup808,
dup813,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2390,
]),
});
var msg1408 = match({
dissect: {
tokenizer: "Dropped UDP DNS reply from %{saddr}/%{sport} to %{daddr}/%{dport}; compression pointer length %{bytes} bytes exceeds packet length limit of %{fld2} bytes",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup814,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP reply packet - length exceeded"),
}),
]),
});
var all601 = all_match({
processors: [
dup815,
dup816,
dup817,
],
on_success: processor_chain([
dup808,
dup818,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2390,
]),
});
var all602 = all_match({
processors: [
dup819,
dup820,
],
on_success: processor_chain([
dup14,
dup821,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all603 = all_match({
processors: [
dup894,
dup895,
dup896,
dup897,
],
on_success: processor_chain([
dup898,
dup899,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all604 = all_match({
processors: [
dup1301,
dup1302,
dup1303,
],
on_success: processor_chain([
dup93,
dup1304,
dup2290,
dup2292,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all605 = all_match({
processors: [
dup1301,
dup1302,
dup1303,
],
on_success: processor_chain([
dup93,
dup1312,
dup2290,
dup2292,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all606 = all_match({
processors: [
dup1301,
dup1892,
],
on_success: processor_chain([
dup93,
dup1893,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.misc",
value: constant("Interface experienced a hardware transmit hang"),
}),
]),
});
var msg1409 = match({
dissect: {
tokenizer: "MAC %{interface} moved from %{src_zone} to %{dst_zone}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup732,
dup2290,
dup2292,
dup2291,
dup2316,
dup2287,
dup2288,
dup2289,
]),
});
var msg1410 = match({
dissect: {
tokenizer: "Module in slot%{fld1}is not able to shut down. %{space} Module Error: %{fld2} %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1508,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1411 = match({
dissect: {
tokenizer: "Module in slot%{fld1}is not able to reload.%{space}Module Error:%{fld2} %{data}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2120,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all607 = all_match({
processors: [
dup507,
dup508,
],
on_success: processor_chain([
dup93,
dup509,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1412 = match({
dissect: {
tokenizer: "Failed to save logging buffer using file name %{filename} to FTP server %{hostip} on interface %{interface}: [%{result}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1343,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1413 = match({
dissect: {
tokenizer: "Failed to save logging buffer to flash:/syslog directory using filename: %{filename}: [%{result}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1525,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1414 = match({
dissect: {
tokenizer: "%{sigid} HTTP Tunnel detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup245,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Tunnel detected"),
}),
]),
});
var msg1415 = match({
dissect: {
tokenizer: "%{sigid} HTTP Instant Messenger detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1048,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Instant Messenger detected"),
}),
]),
});
var msg1416 = match({
dissect: {
tokenizer: "%{sigid} HTTP Peer-to-Peer detected - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup996,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Peer-to-Peer detected"),
}),
]),
});
var msg1417 = match({
dissect: {
tokenizer: "%{sigid} Content type not found - %{listnum} Content Verification Failed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1894,
dup2286,
dup2287,
dup2288,
dup2289,
dup2391,
]),
});
var msg1418 = match({
dissect: {
tokenizer: "%{sigid} Content type not found - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1895,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2391,
]),
});
var msg1419 = match({
dissect: {
tokenizer: "%{sigid} Content type does not match specified type - %{listnum} Content Verification Failed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2114,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("Content type does not match specified type"),
}),
]),
});
var msg1420 = match({
dissect: {
tokenizer: "%{sigid} Content size %{priority} out of range - %{listnum} %{protocol} from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup28,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("Content size out of range"),
}),
]),
});
var msg1421 = match({
dissect: {
tokenizer: "%{sigid} HTTP Extension method illegal - %{listnum} '%{protocol}' from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1526,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Extension method illegal"),
}),
]),
});
var msg1422 = match({
dissect: {
tokenizer: "%{sigid} HTTP RFC method illegal - %{listnum} '%{protocol}' from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1177,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP RFC method illegal"),
}),
]),
});
var msg1423 = match({
dissect: {
tokenizer: "%{sigid} HTTP - matched %{fld1} in policy-map %{policyname}, header matched - Resetting connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1178,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1424 = match({
dissect: {
tokenizer: "%{sigid} HTTP Header length exceeded. Received %{priority} byte Header - %{listnum} header length exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1896,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Header length exceeded"),
}),
]),
});
var msg1425 = match({
dissect: {
tokenizer: "%{sigid} HTTP protocol violation detected - %{listnum} HTTP Protocol not detected from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2121,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP protocol violation detected"),
}),
]),
});
var msg1426 = match({
dissect: {
tokenizer: "%{sigid} HTTP URL Length exceeded. Received %{priority} byte URL - %{listnum} URI length exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1570,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP URL Length exceeded"),
}),
]),
});
var msg1427 = match({
dissect: {
tokenizer: "%{sigid} HTTP Deobfuscation signature detected - %{listnum} HTTP deobfuscation detected IPS evasion technique from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup2282,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Deobfuscation signature detected"),
}),
]),
});
var msg1428 = match({
dissect: {
tokenizer: "%{sigid} HTTP Transfer encoding violation detected - %{listnum} %{protocol} Transfer encoding not allowed from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup1446,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("HTTP Transfer encoding violation detected"),
}),
]),
});
var msg1429 = match({
dissect: {
tokenizer: "%{sigid} Maximum of 10 unanswered HTTP requests exceeded from %{saddr} to %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup27,
dup874,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.context",
value: constant("Maximum of 10 unanswered HTTP requests exceeded"),
}),
]),
});
var msg1430 = match({
dissect: {
tokenizer: "Dropped UDP SNMP packet from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}; %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup890,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("dropped UDP SNMP packet"),
}),
]),
});
var msg1431 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: icmp src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1023,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2392,
dup2393,
dup2308,
]),
});
var msg1432 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: protocol %{protocol} src %{sinterface}:%{saddr} dst %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1024,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2392,
dup2393,
]),
});
var all608 = all_match({
processors: [
dup1025,
dup1026,
dup2370,
],
on_success: processor_chain([
dup285,
dup1027,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2394,
dup2393,
]),
});
var msg1433 = match({
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol} from %{sinterface} %{saddr} (%{sport}) to %{dinterface} %{daddr} (%{dport})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1028,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2394,
dup2393,
]),
});
var msg1434 = match({
dissect: {
tokenizer: "%{action} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}, reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1940,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1435 = match({
dissect: {
tokenizer: "%{action} from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} with different initial sequence number",
field: "nwparser.payload",
},
on_success: processor_chain([
dup168,
dup1459,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1436 = match({
dissect: {
tokenizer: "Cleared TCP urgent flag from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1460,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Cleared TCP urgent flag"),
}),
]),
});
var msg1437 = match({
dissect: {
tokenizer: "IPS requested to drop %{protocol} packets %{sinterface}:%{saddr} to %{dinterface}:%{daddr} (type %{icmptype}, code %{icmpcode})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2174,
dup2313,
dup2302,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2395,
]),
});
var msg1438 = match({
dissect: {
tokenizer: "%{service} requested to drop %{protocol} packet from %{sinterface}:%{saddr}/%{sport} %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup2175,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2395,
]),
});
var msg1439 = match({
dissect: {
tokenizer: "IPS requested to reset %{protocol} connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup784,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IPS request to reset connection"),
}),
]),
});
var msg1440 = match({
dissect: {
tokenizer: "Virtual Sensor %{vsys} was added on the %{product}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup399,
dup2380,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Virtual Sensor added"),
}),
]),
});
var msg1441 = match({
dissect: {
tokenizer: "Virtual Sensor %{vsys} was deleted from the %{product}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1750,
dup2333,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Virtual Sensor deleted"),
}),
]),
});
var msg1442 = match({
dissect: {
tokenizer: "TCP flow from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} is skipped because %{application} has failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1386,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("TCP flow skipped"),
}),
set_field({
dest: "nwparser.result",
value: constant("process failure"),
}),
]),
});
var msg1443 = match({
dissect: {
tokenizer: "Failed to inject TCP packet from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2079,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("failed to inject TCP packet"),
}),
]),
});
var all609 = all_match({
processors: [
dup1179,
dup1180,
dup1181,
],
on_success: processor_chain([
dup1182,
dup1183,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1444 = match({
dissect: {
tokenizer: "There are %{fld1} users of %{product} during the past %{fld2} hours",
field: "nwparser.payload",
},
on_success: processor_chain([
dup625,
dup626,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1445 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup762,
set_field({
dest: "nwparser.ec_subject",
value: constant("License"),
}),
dup2313,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Temporary license key will expire in 365 days"),
}),
]),
});
var msg1446 = match({
dissect: {
tokenizer: "Shared license register request failed, Reason:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1974,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license register request failed"),
}),
]),
});
var msg1447 = match({
dissect: {
tokenizer: "Shared license service is active. %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1008,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license service is active"),
}),
]),
});
var msg1448 = match({
dissect: {
tokenizer: "%{result}. License server is not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup255,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("License server is not responding"),
}),
]),
});
var msg1449 = match({
dissect: {
tokenizer: "Shared %{protocol} license availability: %{info}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1334,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shared protocol license availability"),
}),
]),
});
var msg1450 = match({
dissect: {
tokenizer: "Shared license backup server %{hostip} is not available",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1587,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license backup server not available"),
}),
]),
});
var msg1451 = match({
dissect: {
tokenizer: "Shared license added client id %{hostid}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup971,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license added client"),
}),
]),
});
var msg1452 = match({
dissect: {
tokenizer: "Shared license expired client id %{hostid}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup972,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license expired client"),
}),
]),
});
var msg1453 = match({
dissect: {
tokenizer: "Shared license backup server role change to %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup560,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license backup server role changed"),
}),
]),
});
var msg1454 = match({
dissect: {
tokenizer: "ActiveX content modified src %{saddr} dest %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup2005,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1455 = match({
dissect: {
tokenizer: "Java content modified src %{saddr} dest %{daddr} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup486,
dup568,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1456 = match({
dissect: {
tokenizer: "Bad %{protocol} hdr length (hdrlen=%{fld1}, pktlen=%{fld2}) from %{saddr}/%{sport} to %{daddr}/%{dport}, flags: %{fld3}, on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup863,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Bad hdr length"),
}),
]),
});
var msg1457 = match({
dissect: {
tokenizer: "Invalid transport field for protocol=%{protocol}, from %{saddr}/%{sport} to %{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup2236,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid transport field"),
}),
]),
});
var msg1458 = match({
dissect: {
tokenizer: "Cmd priv level changed: Var: %{fld1} Cmd: %{fld2} Priv level: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup2221,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Cmd priv level changed successfully"),
}),
]),
});
var msg1459 = match({
dissect: {
tokenizer: "User transitioning priv level%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup2222,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("User transitioning priv level"),
}),
]),
});
var all610 = all_match({
processors: [
dup113,
dup4,
dup114,
],
on_success: processor_chain([
dup115,
dup116,
dup2321,
dup2380,
dup2396,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("New user added to local DB"),
}),
]),
});
var all611 = all_match({
processors: [
dup834,
dup4,
dup114,
],
on_success: processor_chain([
dup835,
dup836,
dup2321,
dup2333,
dup2396,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("User deleted from local DB"),
}),
]),
});
var all612 = all_match({
processors: [
dup585,
dup4,
dup586,
],
on_success: processor_chain([
dup587,
dup588,
dup2321,
dup2292,
dup2396,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("User priv level change"),
}),
]),
});
var all613 = all_match({
processors: [
dup234,
dup4,
dup5,
],
on_success: processor_chain([
dup235,
dup236,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("New group policy added"),
}),
]),
});
var all614 = all_match({
processors: [
dup3,
dup4,
dup5,
],
on_success: processor_chain([
dup6,
dup7,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Group policy deleted"),
}),
]),
});
var msg1460 = match({
dissect: {
tokenizer: "Process %{fld1}, Nbr %{hostip} on %{interface} from %{fld2} to %{fld3}, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1174,
dup1175,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1461 = match({
dissect: {
tokenizer: "Security context %{info} was added to the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup409,
dup2380,
dup2290,
dup2285,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Security context added"),
}),
dup2288,
dup2289,
]),
});
var msg1462 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup410,
dup2380,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1463 = match({
dissect: {
tokenizer: "Security context %{info} was removed from the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1167,
dup2333,
dup2290,
dup2285,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Security context removed"),
}),
dup2288,
dup2289,
]),
});
var msg1464 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup761,
dup1168,
dup2333,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1465 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup662,
dup663,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1466 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup1235,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1467 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup592,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1468 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup662,
dup670,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1469 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup1948,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1470 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
dup339,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1471 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
dup1148,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1472 = match({
dissect: {
tokenizer: "UP.%{p2}",
field: "nwparser.p1",
},
});
var msg1473 = match({
dissect: {
tokenizer: "UP%{p2}",
field: "nwparser.p1",
},
});
var select183 = linear_select([
msg1472,
msg1473,
]);
var all615 = all_match({
processors: [
dup926,
dup927,
select183,
],
on_success: processor_chain([
dup193,
dup928,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("data channel communication is UP"),
}),
]),
});
var all616 = all_match({
processors: [
dup602,
dup2397,
],
on_success: processor_chain([
dup604,
dup605,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1474 = match({
dissect: {
tokenizer: "%{product} Module in slot %{fld1}, application down \"%{application}\", %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup733,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all617 = all_match({
processors: [
dup1577,
dup2397,
],
on_success: processor_chain([
dup1540,
dup1578,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1475 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup246,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1476 = match({
dissect: {
tokenizer: "Terminating TCP-Proxy connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup846,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("TCP-Proxy connection terminated"),
}),
]),
});
var msg1477 = match({
dissect: {
tokenizer: "Moving connection from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport} to non-proxy mode - %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2145,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Moving connection"),
}),
]),
});
var all618 = all_match({
processors: [
dup2153,
dup2154,
],
on_success: processor_chain([
dup579,
dup2155,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("tcp/udp flow terminated"),
}),
]),
});
var all619 = all_match({
processors: [
dup710,
dup711,
dup712,
],
on_success: processor_chain([
dup14,
dup713,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("DCERPC unknown non-standard major version on connection"),
}),
]),
});
var all620 = all_match({
processors: [
dup1092,
dup1093,
dup1094,
],
on_success: processor_chain([
dup808,
dup1095,
dup2340,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("PMTU-D packet bytes greater than effective mtu"),
}),
]),
});
var msg1478 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup212,
dup2340,
dup2292,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1479 = match({
dissect: {
tokenizer: "%{product}: Received an ICMP Destination Unreachable from %{saddr} with %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1843,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2398,
]),
});
var msg1480 = match({
dissect: {
tokenizer: "%{product}: Received an ICMP Destination Unreachable from %{saddr},%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1823,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2398,
]),
});
var msg1481 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{daddr}/%{dport} (responder), remote %{saddr}/%{sport}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup2132,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1482 = match({
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{saddr}/%{sport} (initiator), remote %{daddr}/%{dport}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup2133,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all621 = all_match({
processors: [
dup651,
dup652,
dup653,
],
on_success: processor_chain([
dup10,
dup654,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2399,
]),
});
var all622 = all_match({
processors: [
dup651,
dup652,
dup655,
],
on_success: processor_chain([
dup10,
dup656,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2399,
]),
});
var all623 = all_match({
processors: [
dup651,
dup2116,
dup653,
],
on_success: processor_chain([
dup68,
dup2117,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2400,
]),
});
var all624 = all_match({
processors: [
dup651,
dup2116,
dup655,
],
on_success: processor_chain([
dup68,
dup2118,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2400,
]),
});
var msg1483 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup358,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1484 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup589,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all625 = all_match({
processors: [
dup207,
dup208,
dup209,
],
on_success: processor_chain([
dup10,
dup2134,
dup2340,
dup2286,
dup2312,
dup2288,
dup2289,
]),
});
var all626 = all_match({
processors: [
dup207,
dup208,
dup209,
],
on_success: processor_chain([
dup68,
dup210,
dup2340,
dup2286,
dup2312,
dup2288,
dup2289,
]),
});
var msg1485 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1364,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1486 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} - user: %{username} aaa authentication started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1368,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1487 = match({
dissect: {
tokenizer: "PPP virtual interface %{interface} - user: %{username} aaa authentication %{disposition}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1212,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all627 = all_match({
processors: [
dup8,
dup4,
dup9,
],
on_success: processor_chain([
dup10,
dup11,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP Tunnel created"),
}),
]),
});
var all628 = all_match({
processors: [
dup1534,
dup1535,
dup1536,
],
on_success: processor_chain([
dup68,
dup1537,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP tunnel deleted"),
}),
]),
});
var all629 = all_match({
processors: [
dup714,
dup1793,
dup1794,
dup1795,
dup1796,
dup1778,
],
on_success: processor_chain([
dup10,
dup1797,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("L2TP tunnel created"),
}),
]),
});
var all630 = all_match({
processors: [
dup714,
dup715,
dup716,
],
on_success: processor_chain([
dup68,
dup717,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("L2TP tunnel deleted"),
}),
]),
});
var all631 = all_match({
processors: [
dup1263,
dup1080,
dup1264,
dup161,
dup1265,
],
on_success: processor_chain([
dup10,
dup1266,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP tunnel created"),
}),
]),
});
var all632 = all_match({
processors: [
dup1079,
dup1080,
dup1081,
],
on_success: processor_chain([
dup68,
dup1082,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Teardown PPPOE tunnel"),
}),
]),
});
var msg1488 = match({
dissect: {
tokenizer: "DHCP client interface %{interface}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup822,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1489 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup1278,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all633 = all_match({
processors: [
dup2102,
],
on_success: processor_chain([
dup1540,
dup2103,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1490 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup477,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1491 = match({
dissect: {
tokenizer: "HTTP daemon interface %{interface}: connection denied from %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1378,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1492 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2218,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all634 = all_match({
processors: [
dup569,
dup570,
dup571,
dup572,
],
on_success: processor_chain([
dup573,
dup574,
dup2321,
dup2335,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Login failed"),
}),
]),
});
var all635 = all_match({
processors: [
dup636,
dup417,
],
on_success: processor_chain([
dup573,
dup637,
dup2321,
dup2335,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: dup2401,
}),
set_field({
dest: "nwparser.result",
value: dup2401,
}),
]),
});
var all636 = all_match({
processors: [
dup638,
dup417,
],
on_success: processor_chain([
dup573,
dup639,
dup2321,
dup2335,
dup2320,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all637 = all_match({
processors: [
dup185,
dup186,
],
on_success: processor_chain([
dup141,
dup187,
dup2321,
dup2335,
dup2320,
dup2316,
dup2286,
dup2312,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Login permitted"),
}),
]),
});
var all638 = all_match({
processors: [
dup188,
dup186,
],
on_success: processor_chain([
dup141,
dup189,
dup2321,
dup2335,
dup2320,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all639 = all_match({
processors: [
dup139,
dup140,
],
on_success: processor_chain([
dup141,
dup142,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("PDM/ASDM session started"),
}),
]),
});
var all640 = all_match({
processors: [
dup139,
dup775,
],
on_success: processor_chain([
dup579,
dup776,
dup2302,
dup2334,
dup2301,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("PDM/ASDM session ended"),
}),
]),
});
var msg1493 = match({
dissect: {
tokenizer: "ASDM logging session number %{sessionid} from %{hostip} started %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
dup1152,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("ASDM loggingsession started"),
}),
]),
});
var msg1494 = match({
dissect: {
tokenizer: "ASDM logging session number %{sessionid} from %{hostip} ended",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1954,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1495 = match({
dissect: {
tokenizer: "Pre-allocate SIP %{fld1} secondary channel for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1413,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1496 = match({
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1} secondary channel for %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2270,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1497 = match({
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1} secondary channel for %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} from %{info} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2271,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1498 = match({
dissect: {
tokenizer: "Built local-host %{interface}:%{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup404,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all641 = all_match({
processors: [
dup1405,
dup1406,
dup1407,
],
on_success: processor_chain([
dup33,
dup1408,
dup2302,
dup2313,
dup2316,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2352,
]),
});
var msg1499 = match({
dissect: {
tokenizer: "%{service} daemon interface %{interface}: Packet denied from %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1153,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Packet denied"),
}),
]),
});
var msg1500 = match({
dissect: {
tokenizer: "%{service} daemon interface %{interface}: Authentication failed for packet from %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup183,
dup2001,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Authentication failed"),
}),
]),
});
var all642 = all_match({
processors: [
dup1930,
dup570,
dup1931,
],
on_success: processor_chain([
dup89,
dup1932,
dup2325,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all643 = all_match({
processors: [
dup1660,
dup4,
],
on_success: processor_chain([
dup141,
dup1661,
dup2340,
dup2320,
dup2321,
dup2335,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2402,
]),
});
var all644 = all_match({
processors: [
dup1662,
dup4,
],
on_success: processor_chain([
dup141,
dup1663,
dup2340,
dup2320,
dup2321,
dup2335,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
dup2402,
]),
});
var all645 = all_match({
processors: [
dup1509,
dup4,
],
on_success: processor_chain([
dup89,
dup1510,
dup2340,
dup2320,
dup2321,
dup2335,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2403,
]),
});
var all646 = all_match({
processors: [
dup954,
dup4,
],
on_success: processor_chain([
dup955,
dup956,
dup2340,
dup2321,
dup2404,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("User logged out"),
}),
]),
});
var msg1501 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup430,
dup1294,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1502 = match({
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with no split %{space} tunneling: NAT addr: %{stransaddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1017,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2405,
]),
});
var msg1503 = match({
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup2176,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2406,
]),
});
var msg1504 = match({
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: %{stransaddr} Split Tunnel Networks:",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup122,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2405,
]),
});
var msg1505 = match({
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1305,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2406,
]),
});
var msg1506 = match({
dissect: {
tokenizer: "VPNClient: DHCP Policy installed:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup1089,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2407,
]),
});
var msg1507 = match({
dissect: {
tokenizer: "VPNClient: Perfect Forward Secrecy Policy installed%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup121,
dup2214,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2407,
]),
});
var msg1508 = match({
dissect: {
tokenizer: "VPNClient: Head end : %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1571,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1509 = match({
dissect: {
tokenizer: "VPNClient: Split DNS Policy installed: List of domains:%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1123,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2407,
]),
});
var msg1510 = match({
dissect: {
tokenizer: "VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : %{hostip}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup1396,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("head end disconnect"),
}),
]),
});
var msg1511 = match({
dissect: {
tokenizer: "VPNClient: XAUTH Succeeded: Peer: %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup532,
dup718,
dup2340,
dup2320,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("XAUTH Succeeded"),
}),
]),
});
var msg1512 = match({
dissect: {
tokenizer: "VPNClient: XAUTH Failed: Peer: %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup892,
dup2340,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("XAUTH failed"),
}),
]),
});
var msg1513 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1496,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1514 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2192,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1515 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1503,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1516 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1430,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1517 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup1195,
dup2340,
dup2296,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1518 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup543,
dup2340,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1519 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup686,
dup2340,
dup2296,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1520 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup233,
dup2340,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1521 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup685,
dup1139,
dup2340,
dup2296,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1522 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup232,
dup1461,
dup2340,
dup2295,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1523 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup237,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1524 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1514,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1525 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup1911,
dup2292,
dup2290,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all647 = all_match({
processors: [
dup1850,
dup4,
dup1851,
],
on_success: processor_chain([
dup93,
dup1852,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1526 = match({
dissect: {
tokenizer: "Auto Update failed to contact:%{url}, reason:%{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1083,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1527 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1016,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1528 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup837,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1529 = match({
dissect: {
tokenizer: "%{hostip} changed from area %{fld1} to area %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup143,
dup2290,
dup2292,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1530 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2278,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1531 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2193,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1532 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1470,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1533 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1534 = match({
dissect: {
tokenizer: "Pre-allocate MGCP %{fld1} connection for %{sinterface}:%{saddr} to %{dinterface}:%{daddr}/%{dport} from %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup419,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2408,
]),
});
var msg1535 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup420,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1536 = match({
dissect: {
tokenizer: "GTPv version %{fld1} from %{sinterface}:%{saddr}/%{sport} not accepted by %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1701,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("GTP version not accepted"),
}),
dup2288,
dup2289,
]),
});
var all648 = all_match({
processors: [
dup190,
dup191,
dup192,
],
on_success: processor_chain([
dup193,
dup194,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1537 = match({
dissect: {
tokenizer: "Removing v1 PDP Context with TID %{fld1} from GGSN %{fld2} and SGSN %{fld3}, Reason: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup195,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1538 = match({
dissect: {
tokenizer: "GTP Tunnel created from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup357,
dup1288,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("GTP tunnel created"),
}),
]),
});
var msg1539 = match({
dissect: {
tokenizer: "GTP connection created for response from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup838,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("GTP connection created"),
}),
]),
});
var all649 = all_match({
processors: [
dup2203,
dup2204,
dup2205,
dup1916,
dup1917,
dup1918,
dup2206,
],
on_success: processor_chain([
dup33,
dup2207,
dup2313,
dup2302,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2408,
]),
});
var msg1540 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2208,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1541 = match({
dissect: {
tokenizer: "Unsupported CTIQBE version: %{fld1}: from %{sinterface}:%{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup229,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1542 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup230,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all650 = all_match({
processors: [
dup318,
dup319,
],
on_success: processor_chain([
dup14,
dup320,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Adding/Removing tracked route on interface"),
}),
]),
});
var msg1543 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1821,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1544 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup544,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all651 = all_match({
processors: [
dup518,
dup519,
dup520,
],
on_success: processor_chain([
dup33,
dup521,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2409,
]),
});
var all652 = all_match({
processors: [
dup518,
dup519,
dup522,
],
on_success: processor_chain([
dup33,
dup523,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2409,
]),
});
var all653 = all_match({
processors: [
dup518,
dup519,
dup1236,
],
on_success: processor_chain([
dup33,
dup1237,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2410,
]),
});
var all654 = all_match({
processors: [
dup518,
dup519,
dup1238,
],
on_success: processor_chain([
dup33,
dup1239,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2410,
]),
});
var all655 = all_match({
processors: [
dup947,
dup948,
dup949,
],
on_success: processor_chain([
dup55,
dup950,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2411,
]),
});
var all656 = all_match({
processors: [
dup947,
dup948,
dup951,
],
on_success: processor_chain([
dup55,
dup952,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2411,
]),
});
var all657 = all_match({
processors: [
dup518,
dup786,
dup655,
],
on_success: processor_chain([
dup55,
dup900,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2412,
]),
});
var all658 = all_match({
processors: [
dup518,
dup786,
dup653,
],
on_success: processor_chain([
dup55,
dup901,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2412,
]),
});
var all659 = all_match({
processors: [
dup785,
dup786,
dup655,
],
on_success: processor_chain([
dup55,
dup787,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2412,
]),
});
var all660 = all_match({
processors: [
dup785,
dup786,
dup653,
],
on_success: processor_chain([
dup55,
dup788,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2412,
]),
});
var all661 = all_match({
processors: [
dup1140,
dup1141,
dup1142,
],
on_success: processor_chain([
dup327,
dup1143,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2413,
]),
});
var all662 = all_match({
processors: [
dup1140,
dup1141,
dup1144,
],
on_success: processor_chain([
dup327,
dup1145,
dup2340,
dup2286,
dup2287,
dup2413,
dup2288,
dup2289,
]),
});
var msg1545 = match({
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{saddr} (initiator), remote %{daddr}, message-ID %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup697,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
dup2414,
]),
});
var msg1546 = match({
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{daddr} (responder), remote %{saddr}, message-ID %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup698,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2414,
]),
});
var all663 = all_match({
processors: [
dup1471,
dup824,
dup655,
],
on_success: processor_chain([
dup33,
dup1579,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
dup2415,
]),
});
var all664 = all_match({
processors: [
dup1471,
dup824,
dup653,
],
on_success: processor_chain([
dup33,
dup1580,
dup2340,
dup2286,
dup2287,
dup2415,
dup2288,
dup2289,
]),
});
var all665 = all_match({
processors: [
dup823,
dup824,
dup655,
],
on_success: processor_chain([
dup33,
dup825,
dup2340,
dup2285,
dup2286,
dup2287,
dup2415,
dup2288,
dup2289,
]),
});
var all666 = all_match({
processors: [
dup823,
dup824,
dup653,
],
on_success: processor_chain([
dup33,
dup826,
dup2340,
dup2286,
dup2287,
dup2415,
dup2288,
dup2289,
]),
});
var all667 = all_match({
processors: [
dup1471,
dup1472,
dup1473,
],
on_success: processor_chain([
dup33,
dup1474,
dup2340,
dup2285,
dup2286,
dup2287,
dup2416,
dup2288,
dup2289,
]),
});
var all668 = all_match({
processors: [
dup1471,
dup1472,
dup1475,
],
on_success: processor_chain([
dup33,
dup1476,
dup2340,
dup2286,
dup2287,
dup2416,
dup2288,
dup2289,
]),
});
var all669 = all_match({
processors: [
dup823,
dup1472,
dup1473,
],
on_success: processor_chain([
dup33,
dup2104,
dup2340,
dup2285,
dup2286,
dup2287,
dup2416,
dup2288,
dup2289,
]),
});
var all670 = all_match({
processors: [
dup823,
dup1472,
dup1475,
],
on_success: processor_chain([
dup33,
dup2105,
dup2340,
dup2286,
dup2287,
dup2416,
dup2288,
dup2289,
]),
});
var all671 = all_match({
processors: [
dup518,
dup1107,
dup1108,
],
on_success: processor_chain([
dup33,
dup1109,
dup2340,
dup2343,
dup2344,
dup2292,
dup2285,
dup2286,
dup2287,
dup2417,
dup2288,
dup2289,
]),
});
var all672 = all_match({
processors: [
dup518,
dup1107,
dup1110,
],
on_success: processor_chain([
dup33,
dup1111,
dup2340,
dup2343,
dup2344,
dup2292,
dup2286,
dup2287,
dup2417,
dup2288,
dup2289,
]),
});
var msg1547 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup719,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1548 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1357,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1549 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1877,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all673 = all_match({
processors: [
dup1983,
dup208,
dup209,
],
on_success: processor_chain([
dup14,
dup1984,
dup2340,
dup2343,
dup2344,
dup2292,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1550 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup489,
dup1188,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1551 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1686,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1552 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2251,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1553 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1243,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1554 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2215,
dup2290,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1555 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1944,
dup2290,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1556 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1902,
dup2290,
dup2291,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1557 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup295,
dup2290,
dup2291,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1558 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1759,
dup2290,
dup2291,
dup2314,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("Configuration replication failure"),
}),
dup2288,
dup2289,
]),
});
var msg1559 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1897,
dup2286,
dup2287,
set_field({
dest: "nwparser.result",
value: constant("Configuration may be out of sync"),
}),
dup2288,
dup2289,
]),
});
var msg1560 = match({
dissect: {
tokenizer: "%{protocol} access requested from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup702,
dup2313,
dup2302,
set_field({
dest: "nwparser.ec_activity",
value: constant("Request"),
}),
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.result",
value: constant("access requested"),
}),
]),
});
var msg1561 = match({
dissect: {
tokenizer: "%{service}%{service}",
field: "nwparser.p1",
},
});
var all674 = all_match({
processors: [
dup2184,
dup2185,
msg1561,
],
on_success: processor_chain([
dup288,
dup2186,
dup2313,
dup2302,
dup2324,
dup2286,
dup2312,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("access permitted"),
}),
]),
});
var msg1562 = match({
dissect: {
tokenizer: "%{protocol} access denied by ACL from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup349,
dup1966,
dup2313,
dup2302,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
set_field({
dest: "nwparser.event_description",
value: constant("access denied"),
}),
]),
});
var msg1563 = match({
dissect: {
tokenizer: "%{protocol} connection limit exceeded from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1866,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("connection limit exceeded"),
}),
]),
});
var msg1564 = match({
dissect: {
tokenizer: "%{protocol} request discarded from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{service}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup990,
dup2313,
dup2302,
dup2300,
dup2286,
dup2312,
dup2288,
dup2289,
dup2303,
dup2418,
]),
});
var msg1565 = match({
dissect: {
tokenizer: "%{protocol} request discarded from %{saddr} to %{dinterface}:%{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup505,
dup2313,
dup2302,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
dup2303,
dup2418,
]),
});
var msg1566 = match({
dissect: {
tokenizer: "NAT-T keepalive received from %{saddr}/%{sport} to %{dinterface}:%{daddr}/%{dport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup843,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("NAT-T keepalive received"),
}),
]),
});
var msg1567 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup51,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1568 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup47,
dup1295,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all675 = all_match({
processors: [
dup1742,
],
on_success: processor_chain([
dup1743,
dup1744,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1569 = match({
dissect: {
tokenizer: "IP = %{daddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1702,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1570 = match({
dissect: {
tokenizer: "Group = %{host}, IP = %{daddr}, Unknown identification type, Phase %{fld1}, Type %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1751,
dup1752,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1571 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description} payload: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup943,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all676 = all_match({
processors: [
dup31,
dup973,
],
on_success: processor_chain([
dup33,
dup974,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all677 = all_match({
processors: [
dup12,
dup4,
dup704,
],
on_success: processor_chain([
dup33,
dup705,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1572 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup706,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all678 = all_match({
processors: [
dup12,
dup4,
dup400,
],
on_success: processor_chain([
dup33,
dup401,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1573 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup402,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all679 = all_match({
processors: [
dup12,
dup4,
dup400,
],
on_success: processor_chain([
dup33,
dup671,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1574 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup672,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all680 = all_match({
processors: [
dup144,
dup145,
dup146,
dup147,
dup148,
dup149,
],
on_success: processor_chain([
dup33,
dup150,
dup2340,
dup2343,
dup2344,
dup2292,
dup2286,
dup2287,
dup2288,
dup2289,
dup2419,
]),
});
var all681 = all_match({
processors: [
dup151,
dup152,
dup153,
],
on_success: processor_chain([
dup33,
dup154,
dup2340,
dup2343,
dup2344,
dup2292,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2419,
]),
});
var msg1575 = match({
dissect: {
tokenizer: "IKE Initiator unable to find policy: Intf %{interface}, Src: %{saddr}, Dst: %{daddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1296,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all682 = all_match({
processors: [
dup99,
dup1549,
],
on_success: processor_chain([
dup55,
dup1550,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Error processing payload"),
}),
]),
});
var all683 = all_match({
processors: [
dup421,
dup1687,
dup1688,
dup1689,
dup1690,
dup1691,
],
on_success: processor_chain([
dup10,
dup1692,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Security negotiation complete"),
}),
]),
});
var all684 = all_match({
processors: [
dup421,
dup422,
],
on_success: processor_chain([
dup68,
dup423,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all685 = all_match({
processors: [
dup12,
dup4,
dup1283,
],
on_success: processor_chain([
dup85,
dup1284,
dup2340,
dup2320,
dup2321,
dup2335,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("User authenticated"),
}),
]),
});
var all686 = all_match({
processors: [
dup12,
dup4,
dup13,
],
on_success: processor_chain([
dup14,
dup15,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2420,
]),
});
var all687 = all_match({
processors: [
dup12,
dup4,
dup13,
],
on_success: processor_chain([
dup14,
dup524,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2420,
]),
});
var msg1576 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr} , %{action}:%{info} on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1538,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("no matching crypto map entry"),
}),
]),
});
var all688 = all_match({
processors: [
dup12,
dup4,
dup1455,
],
on_success: processor_chain([
dup33,
dup1456,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1577 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Remote Peer configured for crypto map: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1457,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all689 = all_match({
processors: [
dup664,
dup1588,
dup1589,
dup1590,
dup1591,
dup1592,
],
on_success: processor_chain([
dup93,
dup1593,
dup2340,
dup2421,
dup2422,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received non-routine Notify message"),
}),
]),
});
var all690 = all_match({
processors: [
dup12,
dup4,
dup1798,
],
on_success: processor_chain([
dup1799,
dup1800,
dup2340,
dup2321,
set_field({
dest: "nwparser.ec_theme",
value: constant("Password"),
}),
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Password for user "),
}),
]),
});
var msg1578 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Responder forcing change of %{ike} rekeying duration from %{fld1} to %{fld2} seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup342,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var msg1579 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup777,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var all691 = all_match({
processors: [
dup12,
dup4,
dup213,
dup214,
],
on_success: processor_chain([
dup215,
dup216,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all692 = all_match({
processors: [
dup217,
dup218,
],
on_success: processor_chain([
dup215,
dup219,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1580 = match({
dissect: {
tokenizer: "%{event_description} from %{fld1} to %{fld2} kbs %{p2}",
field: "nwparser.p1",
},
});
var msg1581 = match({
dissect: {
tokenizer: "%{event_description} %{p2}",
field: "nwparser.p1",
},
});
var select184 = linear_select([
msg1580,
msg1581,
]);
var all693 = all_match({
processors: [
dup778,
dup779,
select184,
],
on_success: processor_chain([
dup215,
dup780,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1582 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1864,
dup2340,
dup2343,
dup2344,
dup2292,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1583 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1745,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1584 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, IP address request attempt failed!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup763,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IP address request attempt failed"),
}),
]),
});
var all694 = all_match({
processors: [
dup1184,
dup1185,
],
on_success: processor_chain([
dup93,
dup1186,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Received Invalid SPI notify"),
}),
]),
});
var msg1585 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1853,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1586 = match({
dissect: {
tokenizer: "%{saddr}, %{event_description}%{event_description}",
field: "nwparser.p0",
},
});
var all695 = all_match({
processors: [
dup1693,
msg1586,
],
on_success: processor_chain([
dup33,
dup1694,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1587 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup17,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1588 = match({
dissect: {
tokenizer: "IP = %{saddr}, Keep-alives configured %{fld1} but peer does not support keep-alives (type = %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup492,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1589 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup699,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2424,
]),
});
var msg1590 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup700,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2424,
]),
});
var msg1591 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received DPD sequence number %{fld1} in R_U_THERE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1985,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received DPD sequence number"),
}),
]),
});
var msg1592 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Xauth required but selected Proposal does not support xauth, %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup435,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Xauth required but selected Proposal does not support xauth"),
}),
]),
});
var msg1593 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup390,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2425,
]),
});
var msg1594 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
dup391,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2425,
]),
});
var msg1595 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} payload type: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup1768,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all696 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup55,
dup1002,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all697 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup55,
dup830,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1596 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received unknown transaction mode attribute: %{change_attribute}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup831,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received unknown transaction mode attribute"),
}),
]),
});
var all698 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup14,
dup1369,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all699 = all_match({
processors: [
dup12,
dup4,
dup1064,
],
on_success: processor_chain([
dup316,
dup1065,
dup2340,
dup2290,
dup2291,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1597 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Mismatch: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1664,
dup2340,
dup2290,
dup2291,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("algorithm mismatch"),
}),
]),
});
var msg1598 = match({
dissect: {
tokenizer: "%{saddr}, %{action} [%{fld1}]]",
field: "nwparser.p0",
},
});
var all700 = all_match({
processors: [
dup1442,
msg1598,
],
on_success: processor_chain([
dup55,
dup1443,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all701 = all_match({
processors: [
dup12,
dup4,
dup1207,
],
on_success: processor_chain([
dup1019,
dup1208,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1599 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} refCnt [%{fld1}] and tunnelCnt [%{fld2}] -- deleting SA!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1209,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1600 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1010,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1601 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1682,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1602 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, Detected Hardware Client in network extension mode, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1991,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Detected Hardware Client in network extension mode"),
}),
]),
});
var msg1603 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{result}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1912,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2426,
]),
});
var msg1604 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, Hardware client security attribute %{change_attribute} was enabled but not requested",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup879,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Hardware client security attribute was enabled but not requested"),
}),
]),
});
var msg1605 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup37,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2426,
]),
});
var msg1606 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup38,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2426,
]),
});
var msg1607 = match({
dissect: {
tokenizer: "Username = %{username}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup39,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2426,
]),
});
var all702 = all_match({
processors: [
dup12,
dup4,
dup1801,
],
on_success: processor_chain([
dup81,
dup1802,
dup2340,
dup2321,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
dup2427,
]),
});
var msg1608 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Remote peer has failed user authentication - %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1803,
dup2340,
dup2321,
dup2320,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2427,
]),
});
var msg1609 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Received delete for rekeyed SA %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup341,
dup1084,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE received delete message from remote peer"),
}),
]),
});
var msg1610 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Received delete for rekeyed centry %{space} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup707,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE received delete for rekeyed centry"),
}),
]),
});
var all703 = all_match({
processors: [
dup1335,
dup1336,
],
on_success: processor_chain([
dup33,
dup1337,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all704 = all_match({
processors: [
dup12,
dup4,
dup1804,
],
on_success: processor_chain([
dup14,
dup1805,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1611 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Client Type: %{product} Client Application Version: %{version}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1806,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1612 = match({
dissect: {
tokenizer: "Received packet with missing payload, Expected payload: %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup43,
dup2106,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all705 = all_match({
processors: [
dup1370,
dup1371,
],
on_success: processor_chain([
dup68,
dup1372,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all706 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup1019,
dup1967,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all707 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup55,
dup979,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all708 = all_match({
processors: [
dup104,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup980,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1613 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2187,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all709 = all_match({
processors: [
dup12,
dup4,
dup526,
dup527,
],
on_success: processor_chain([
dup528,
dup529,
dup2340,
dup2380,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1614 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Tunnel Rejected: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1572,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: dup2428,
}),
]),
});
var msg1615 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr},%{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup398,
dup1306,
dup2340,
dup2380,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Adding static router for peer"),
}),
]),
});
var all710 = all_match({
processors: [
dup99,
dup436,
],
on_success: processor_chain([
dup437,
dup438,
dup2340,
dup2333,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Deleting static router for peer"),
}),
]),
});
var msg1616 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1840,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1617 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP %{saddr}, Rule: %{fld1} Client: %{fld2} - allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1657,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2429,
]),
});
var msg1618 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP %{saddr}, Rule: %{fld1} OS : %{fld3} Client: %{fld2} - NOT allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1492,
dup1658,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2429,
]),
});
var all711 = all_match({
processors: [
dup2032,
dup2033,
],
on_success: processor_chain([
dup33,
dup2034,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("messages enqueued"),
}),
]),
});
var msg1619 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, De-queuing KEY-ACQUIRE messages that were left pending",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1060,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("pending messages dequeued"),
}),
]),
});
var msg1620 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2122,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2430,
]),
});
var msg1621 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map = %{fld1}, seq = %{fld2}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup475,
dup646,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2430,
]),
});
var msg1622 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map = %{fld1}, seq = %{fld2}, no ACL configured",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup1820,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check - no ACL configured"),
}),
]),
});
var msg1623 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Static Crypto Map check, map %{fld1}, seq = %{fld2} is a successful match",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1949,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2430,
]),
});
var msg1624 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action} for peer %{fld1}. %{fld2}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2262,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all712 = all_match({
processors: [
dup12,
dup4,
dup1539,
],
on_success: processor_chain([
dup1540,
dup1541,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1625 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1724,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Notification to client of update string"),
}),
]),
});
var msg1626 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Internal Error, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1146,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all713 = all_match({
processors: [
dup664,
dup665,
dup1854,
],
on_success: processor_chain([
dup1855,
dup1856,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all714 = all_match({
processors: [
dup12,
dup4,
dup1018,
],
on_success: processor_chain([
dup1019,
dup1020,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1627 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}. %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1021,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all715 = all_match({
processors: [
dup1992,
dup1993,
dup1994,
dup1995,
],
on_success: processor_chain([
dup33,
dup1996,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE_DECODE Message"),
}),
]),
});
var msg1628 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received DH key with bad length: received length=%{observed_val} expected length=%{expected_val}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup52,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Received DH key with bad length"),
}),
]),
});
var all716 = all_match({
processors: [
dup12,
dup4,
dup1431,
],
on_success: processor_chain([
dup1432,
dup1433,
dup2340,
dup2421,
dup2422,
dup2320,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received authentication failure message"),
}),
]),
});
var msg1629 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received %{protocol} Aggressive Mode message %{fld1} with unknown tunnel group name '%{group}'.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1444,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1630 = match({
dissect: {
tokenizer: "Phase %{fld1} failure: Mismatched attribute types for class %{process}: Rcv'd: %{fld2} Cfg'd: %{fld3}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup392,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Mismatched attribute types for class"),
}),
]),
});
var all717 = all_match({
processors: [
dup12,
dup4,
dup578,
],
on_success: processor_chain([
dup579,
dup580,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2431,
]),
});
var all718 = all_match({
processors: [
dup99,
dup581,
],
on_success: processor_chain([
dup579,
dup582,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2431,
]),
});
var all719 = all_match({
processors: [
dup104,
dup4,
dup578,
],
on_success: processor_chain([
dup579,
dup583,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2431,
]),
});
var msg1631 = match({
dissect: {
tokenizer: "ike_DelOldCentryAndCreateNew(): %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1716,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("ike_DelOldCentryAndCreateNew mismatch"),
}),
]),
});
var all720 = all_match({
processors: [
dup1527,
dup1717,
],
on_success: processor_chain([
dup93,
dup1718,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1632 = match({
dissect: {
tokenizer: "Unable to contruct xauth message, no message%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1719,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all721 = all_match({
processors: [
dup1824,
dup352,
],
on_success: processor_chain([
dup55,
dup1825,
dup2340,
dup2290,
dup2291,
dup2299,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1633 = match({
dissect: {
tokenizer: "%{saddr}, %{action} (P2 struct %{fld11}, mess id %{fld12})!)!",
field: "nwparser.p0",
},
});
var all722 = all_match({
processors: [
dup1826,
msg1633,
],
on_success: processor_chain([
dup55,
dup1827,
dup2340,
dup2290,
dup2291,
dup2299,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1634 = match({
dissect: {
tokenizer: "%{saddr} , %{action}%{action}",
field: "nwparser.p0",
},
});
var all723 = all_match({
processors: [
dup1826,
msg1634,
],
on_success: processor_chain([
dup55,
dup1828,
dup2340,
dup2290,
dup2291,
dup2299,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all724 = all_match({
processors: [
dup12,
dup4,
dup2156,
],
on_success: processor_chain([
dup55,
dup2157,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all725 = all_match({
processors: [
dup2158,
dup2159,
],
on_success: processor_chain([
dup55,
dup2160,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1635 = match({
dissect: {
tokenizer: "IP = %{saddr} , %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup2161,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all726 = all_match({
processors: [
dup2162,
],
on_success: processor_chain([
dup93,
dup2163,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Runt ISAKMP packet discarded on Port"),
}),
]),
});
var msg1636 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Received an un-encrypted AUTH_FAILED notify message, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup958,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received an un-encrypted AUTH_FAILED notify message"),
}),
]),
});
var msg1637 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received encrypted packet with no matching SA, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup959,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received encrypted packet with no matching SA"),
}),
]),
});
var msg1638 = match({
dissect: {
tokenizer: "IP = %{saddr}, Received an un-encrypted %{obj_type} notify message, %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup960,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received an un-encrypted notify message"),
}),
]),
});
var msg1639 = match({
dissect: {
tokenizer: "IP = %{saddr}, No crypto map bound to interface... %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup961,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("No crypto map bound to interface"),
}),
]),
});
var msg1640 = match({
dissect: {
tokenizer: "Group = %{group}, Username = %{username}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup962,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1641 = match({
dissect: {
tokenizer: "%{event_description}%{event_description}",
field: "nwparser.p0",
},
});
var all727 = all_match({
processors: [
dup963,
msg1641,
],
on_success: processor_chain([
dup14,
dup964,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1642 = match({
dissect: {
tokenizer: "IKE port %{network_port} for IPSec UDP already reserved on interface %{interface}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup96,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("IKE port for IPSec UDP already reserved on interface"),
}),
]),
});
var all728 = all_match({
processors: [
dup12,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup98,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all729 = all_match({
processors: [
dup99,
dup100,
dup101,
],
on_success: processor_chain([
dup14,
dup102,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var msg1643 = match({
dissect: {
tokenizer: "INFO: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup103,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all730 = all_match({
processors: [
dup104,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup105,
dup2340,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all731 = all_match({
processors: [
dup393,
dup1672,
],
on_success: processor_chain([
dup14,
dup1673,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all732 = all_match({
processors: [
dup396,
dup1674,
],
on_success: processor_chain([
dup14,
dup1675,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all733 = all_match({
processors: [
dup1676,
dup1677,
],
on_success: processor_chain([
dup14,
dup1678,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1644 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1679,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1645 = match({
dissect: {
tokenizer: "OBSOLETE DESCRIPTOR - INDEX %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup30,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("OBSOLETE DESCRIPTOR"),
}),
]),
});
var msg1646 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1652,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1647 = match({
dissect: {
tokenizer: "IKE Initiator starting QM: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1653,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator starting QM"),
}),
]),
});
var msg1648 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup457,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1649 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup40,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1650 = match({
dissect: {
tokenizer: "IKE Initiator sending 1st QM pkt: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup42,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator sending 1st QM pkt"),
}),
]),
});
var all734 = all_match({
processors: [
dup31,
dup32,
],
on_success: processor_chain([
dup33,
dup34,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1651 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1375,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1652 = match({
dissect: {
tokenizer: "IKE Initiator sending 3rd QM pkt: msg id = %{fld1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1376,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator sending 3rd QM pkt"),
}),
]),
});
var msg1653 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKE Initiator sending Initial Contact",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1762,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Sending initial contact"),
}),
]),
});
var all735 = all_match({
processors: [
dup1527,
dup352,
],
on_success: processor_chain([
dup33,
dup1528,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all736 = all_match({
processors: [
dup1529,
dup1530,
],
on_success: processor_chain([
dup14,
dup1531,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all737 = all_match({
processors: [
dup1833,
dup322,
],
on_success: processor_chain([
dup93,
dup1834,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all738 = all_match({
processors: [
dup664,
dup1071,
dup1072,
],
on_success: processor_chain([
dup10,
dup1073,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1654 = match({
dissect: {
tokenizer: "IKE got SPI from key engine: SPI = %{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1074,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got SPI from key engine"),
}),
]),
});
var all739 = all_match({
processors: [
dup664,
dup1071,
dup1072,
],
on_success: processor_chain([
dup10,
dup1414,
dup2340,
dup2343,
dup2344,
dup2380,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1655 = match({
dissect: {
tokenizer: "IKE got a KEY_ADD msg for SA: SPI = %{dst_spi}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1415,
dup1416,
dup2340,
dup2343,
dup2344,
dup2380,
dup2316,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got a KEY_ADD msg for SA"),
}),
]),
});
var all740 = all_match({
processors: [
dup12,
dup4,
dup2080,
],
on_success: processor_chain([
dup68,
dup2081,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all741 = all_match({
processors: [
dup99,
dup2082,
],
on_success: processor_chain([
dup68,
dup2083,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all742 = all_match({
processors: [
dup12,
dup4,
dup1720,
],
on_success: processor_chain([
dup33,
dup1721,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2432,
]),
});
var msg1656 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, IKEGetUserAttributes: %{change_attribute} = %{change_new}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1722,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
dup2432,
]),
});
var all743 = all_match({
processors: [
dup12,
dup4,
dup1986,
],
on_success: processor_chain([
dup33,
dup1987,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all744 = all_match({
processors: [
dup664,
dup665,
dup666,
],
on_success: processor_chain([
dup33,
dup1543,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all745 = all_match({
processors: [
dup664,
dup665,
dup666,
],
on_success: processor_chain([
dup33,
dup667,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all746 = all_match({
processors: [
dup31,
dup352,
],
on_success: processor_chain([
dup33,
dup2164,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all747 = all_match({
processors: [
dup324,
dup1670,
],
on_success: processor_chain([
dup33,
dup1671,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1657 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, Processing CONNECTED notify (MsgId %{fld1})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup844,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var msg1658 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1373,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1659 = match({
dissect: {
tokenizer: "IP = %{saddr}, Starting IOS keepalive monitor: %{duration} sec.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2194,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var all748 = all_match({
processors: [
dup393,
dup394,
],
on_success: processor_chain([
dup14,
dup395,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all749 = all_match({
processors: [
dup396,
dup394,
],
on_success: processor_chain([
dup14,
dup397,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all750 = all_match({
processors: [
dup1695,
dup1696,
],
on_success: processor_chain([
dup14,
dup1697,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all751 = all_match({
processors: [
dup12,
dup4,
dup1196,
],
on_success: processor_chain([
dup1019,
dup1197,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1660 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup369,
dup1198,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1661 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1703,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1662 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} of type %{event_description}, %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup458,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all752 = all_match({
processors: [
dup12,
dup4,
dup97,
],
on_success: processor_chain([
dup14,
dup975,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all753 = all_match({
processors: [
dup1583,
dup322,
],
on_success: processor_chain([
dup14,
dup1584,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all754 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup1585,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all755 = all_match({
processors: [
dup321,
dup322,
],
on_success: processor_chain([
dup14,
dup1313,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all756 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup1314,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all757 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup682,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all758 = all_match({
processors: [
dup321,
dup322,
],
on_success: processor_chain([
dup14,
dup323,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all759 = all_match({
processors: [
dup324,
dup322,
],
on_success: processor_chain([
dup14,
dup325,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1663 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup196,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all760 = all_match({
processors: [
dup1316,
dup1317,
],
on_success: processor_chain([
dup14,
dup1318,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Old P1 SA is being deleted but new SA is DEAD"),
}),
]),
});
var all761 = all_match({
processors: [
dup12,
dup4,
dup1857,
],
on_success: processor_chain([
dup33,
dup1858,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1664 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, MODE_CFG: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1859,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all762 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup2035,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all763 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1462,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all764 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1788,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1665 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, NAT-Discovery payloads missing. Aborting NAT-Traversal.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup19,
dup2340,
dup2292,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var all765 = all_match({
processors: [
dup12,
dup4,
dup829,
],
on_success: processor_chain([
dup33,
dup1199,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1666 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup1200,
dup2340,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1667 = match({
dissect: {
tokenizer: "IP = %{saddr}, %{action}. %{space} Reason: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
dup902,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1668 = match({
dissect: {
tokenizer: "Group = %{group} IP = %{saddr}, %{action}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
dup2044,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all766 = all_match({
processors: [
dup99,
dup352,
],
on_success: processor_chain([
dup33,
dup353,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all767 = all_match({
processors: [
dup478,
dup479,
],
on_success: processor_chain([
dup33,
dup480,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all768 = all_match({
processors: [
dup53,
dup54,
],
on_success: processor_chain([
dup55,
dup56,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1669 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup1988,
dup2340,
dup2292,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var msg1670 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup18,
dup35,
dup2340,
dup2292,
dup2290,
dup2286,
dup2287,
dup2288,
dup2289,
dup2423,
]),
});
var msg1671 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{action} of type %{fld1} (seq number %{fld2})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup348,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all769 = all_match({
processors: [
dup789,
dup790,
],
on_success: processor_chain([
dup14,
dup791,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all770 = all_match({
processors: [
dup510,
dup511,
],
on_success: processor_chain([
dup93,
dup512,
dup2340,
dup2343,
dup2344,
dup2292,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var all771 = all_match({
processors: [
dup513,
dup514,
dup515,
],
on_success: processor_chain([
dup93,
dup516,
dup2340,
dup2343,
dup2344,
dup2292,
dup2285,
dup2288,
dup2289,
dup2286,
dup2287,
]),
});
var msg1672 = match({
dissect: {
tokenizer: "Group = %{group}, IP = %{saddr}, %{event_description}: %{duration} seconds.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup1365,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all772 = all_match({
processors: [
dup127,
dup64,
dup657,
],
on_success: processor_chain([
dup10,
dup658,
dup2320,
dup2321,
dup2335,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("session started"),
}),
]),
});
var all773 = all_match({
processors: [
dup127,
dup64,
dup552,
],
on_success: processor_chain([
dup68,
dup553,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("session terminated"),
}),
]),
});
var all774 = all_match({
processors: [
dup127,
dup64,
dup852,
],
on_success: processor_chain([
dup177,
dup853,
dup2340,
dup2320,
dup2321,
dup2335,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("WebVPN access GRANTED"),
}),
]),
});
var all775 = all_match({
processors: [
dup127,
dup64,
dup2084,
],
on_success: processor_chain([
dup285,
dup2085,
dup2320,
dup2321,
dup2335,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("access DENIED"),
}),
]),
});
var all776 = all_match({
processors: [
dup127,
dup64,
dup530,
],
on_success: processor_chain([
dup285,
dup531,
dup2340,
dup2320,
dup2321,
dup2335,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to create session"),
}),
]),
});
var msg1673 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{hostip}\u003e %{result}. ACL parse error",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1070,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("ACL parse error"),
}),
]),
});
var all777 = all_match({
processors: [
dup127,
dup64,
dup997,
],
on_success: processor_chain([
dup285,
dup998,
dup2320,
dup2321,
dup2335,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Session could not be established"),
}),
]),
});
var all778 = all_match({
processors: [
dup441,
dup442,
dup443,
dup444,
dup445,
dup446,
dup447,
dup448,
dup449,
dup450,
],
on_success: processor_chain([
dup85,
dup451,
dup2320,
dup2321,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all779 = all_match({
processors: [
dup1344,
dup64,
dup1345,
dup1346,
dup1347,
],
on_success: processor_chain([
dup573,
dup1348,
dup2320,
dup2321,
dup2300,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all780 = all_match({
processors: [
dup1349,
dup64,
dup65,
dup1346,
dup1350,
],
on_success: processor_chain([
dup573,
dup1351,
dup2320,
dup2321,
dup2335,
dup2314,
dup2285,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Session connection rejected"),
}),
]),
});
var msg1674 = match({
dissect: {
tokenizer: "access-list %{listnum} permit url %{url} hit-cnt %{dclass_counter1}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1769,
dup2286,
dup2287,
dup2288,
dup2289,
dup2319,
set_field({
dest: "nwparser.result",
value: constant("access-list permit url"),
}),
]),
});
var all781 = all_match({
processors: [
dup127,
dup64,
dup128,
],
on_success: processor_chain([
dup14,
dup129,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Java applet started"),
}),
]),
});
var all782 = all_match({
processors: [
dup127,
dup64,
dup1066,
],
on_success: processor_chain([
dup1067,
dup1068,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1675 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{hostip}\u003e Error adding dynamic ACL for user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1112,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Error adding dynamic ACL for user"),
}),
]),
});
var msg1676 = match({
dissect: {
tokenizer: "Group %{fld0} User %{username} IP %{saddr} %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1968,
dup2313,
dup2302,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1677 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect session lost connection. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1644,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect session lost connection"),
}),
]),
});
var msg1678 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e AnyConnect session resumed connection from IP \u003c\u003c%{hostip}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup61,
dup1338,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect session resumed connection"),
}),
]),
});
var msg1679 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1297,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1680 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1325,
dup1326,
dup2343,
dup2433,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1681 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup2086,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1682 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup107,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1683 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1358,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1684 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup860,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1685 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1654,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1686 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup243,
dup1955,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all783 = all_match({
processors: [
dup326,
],
on_success: processor_chain([
dup327,
dup328,
dup2343,
dup2433,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1687 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1099,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1688 = match({
dissect: {
tokenizer: "%{action} Issuer: %{dn}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2040,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1689 = match({
dissect: {
tokenizer: "Certificate was successfully validated. %{result} serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1397,
dup1398,
dup2433,
dup2290,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Certificate successfully validated"),
}),
]),
});
var msg1690 = match({
dissect: {
tokenizer: "Checking CRL from trustpoint: %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup493,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1691 = match({
dissect: {
tokenizer: "Validating certificate chain containing %{fld1} certificate(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup221,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Validating certificate chain"),
}),
]),
});
var msg1692 = match({
dissect: {
tokenizer: "Name lookup failed for hostname %{hostname} during PKI operation.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup261,
dup481,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Name lookup failed during PKI operation."),
}),
]),
});
var msg1693 = match({
dissect: {
tokenizer: "Certificate chain failed validation. %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup891,
dup1950,
dup2433,
dup2314,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Certificate chain failed validated"),
}),
]),
});
var msg1694 = match({
dissect: {
tokenizer: "Certificate chain was successfully validated %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1397,
dup2209,
dup2433,
dup2290,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.result",
value: constant("Certificate chain successfully validated"),
}),
]),
});
var msg1695 = match({
dissect: {
tokenizer: "Identified client certificate within certificate chain. serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1477,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Identified client certificate"),
}),
]),
});
var msg1696 = match({
dissect: {
tokenizer: "%{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1022,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1697 = match({
dissect: {
tokenizer: "%{application} response received.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup220,
dup1011,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("application response received"),
}),
]),
});
var msg1698 = match({
dissect: {
tokenizer: "Looking for a tunnel group match based on certificate maps for peer certificate with serial number: %{serial_number}, subject name: %{cert_subject}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup991,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1699 = match({
dissect: {
tokenizer: "Tunnel group search using certificate maps failed for peer certificate: serial number: %{serial_number}, subject name: %{cert_subject} issuer_name: %{dn}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup845,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1700 = match({
dissect: {
tokenizer: "Local CA Server internal error detected: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1708,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Local CA Server internal error detected"),
}),
]),
});
var msg1701 = match({
dissect: {
tokenizer: "Local CA Server CRL error: %{result}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1969,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Local CA Server CRL error"),
}),
]),
});
var msg1702 = match({
dissect: {
tokenizer: "The \u003c\u003c%{fld1}\u003e certificate in the trustpoint \u003c\u003c%{cert_hostname}\u003e has expired. Expiration \u003c\u003c%{fld2}\u003e Subject Name \u003c\u003c%{cert_subject}\u003e Issuer Name \u003c\u003c%{dn}\u003e Serial Number \u003c\u003c%{serial_number}\u003e",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1865,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("The certificate in the trustpoint has expired."),
}),
]),
});
var msg1703 = match({
dissect: {
tokenizer: "Fail to send to %{saddr} port %{sport}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup302,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Fail to send to host"),
}),
]),
});
var msg1704 = match({
dissect: {
tokenizer: "Sent HELLO response to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1898,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Sent HELLO response"),
}),
]),
});
var msg1705 = match({
dissect: {
tokenizer: "Received HELLO request from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup606,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received HELLO request"),
}),
]),
});
var msg1706 = match({
dissect: {
tokenizer: "Received HELLO response from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1763,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received HELLO response"),
}),
]),
});
var msg1707 = match({
dissect: {
tokenizer: "Sent KEEPALIVE response to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup57,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Sent KEEPALIVE response"),
}),
]),
});
var msg1708 = match({
dissect: {
tokenizer: "Received KEEPALIVE request from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup482,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received KEEPALIVE request"),
}),
]),
});
var msg1709 = match({
dissect: {
tokenizer: "Received KEEPALIVE response from [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1565,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Received KEEPALIVE response"),
}),
]),
});
var msg1710 = match({
dissect: {
tokenizer: "Send OOS indicator failure to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1725,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Send OOS indicator failure"),
}),
]),
});
var msg1711 = match({
dissect: {
tokenizer: "Send TOPOLOGY indicator failure to [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1075,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Sent TOPOLOGY indicator failure"),
}),
]),
});
var msg1712 = match({
dissect: {
tokenizer: "Sent TOPOLOGY indicator to %{space} [%{daddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1704,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Sent TOPOLOGY indicator"),
}),
]),
});
var msg1713 = match({
dissect: {
tokenizer: "Process dead peer[%{peer}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1150,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Process dead"),
}),
]),
});
var msg1714 = match({
dissect: {
tokenizer: "Deleted peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2237,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted peer"),
}),
]),
});
var msg1715 = match({
dissect: {
tokenizer: "Created peer %{space}[%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup708,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Created peer"),
}),
]),
});
var msg1716 = match({
dissect: {
tokenizer: "Create group policy [%{policyname}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup155,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Create group policy"),
}),
]),
});
var msg1717 = match({
dissect: {
tokenizer: "Created secure tunnel to peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1124,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Created secure tunnel to peer"),
}),
]),
});
var msg1718 = match({
dissect: {
tokenizer: "Deleted secure tunnel to peer %{space} [%{saddr}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup616,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted secure tunnel to peer"),
}),
]),
});
var msg1719 = match({
dissect: {
tokenizer: "Deleted Master peer, IP %{saddr}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup354,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted Master peer"),
}),
]),
});
var msg1720 = match({
dissect: {
tokenizer: "State machine return code: %{result}, %{resultcode}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1244,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("State machine return code"),
}),
]),
});
var msg1721 = match({
dissect: {
tokenizer: "State machine function trace: state=%{category}, event=%{obj_type}, func=%{application}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2249,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("State machine function trace"),
}),
]),
});
var msg1722 = match({
dissect: {
tokenizer: "%{direction} thread is awake (context=%{context}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1366,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("thread is awake"),
}),
]),
});
var msg1723 = match({
dissect: {
tokenizer: "Start VPN Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1835,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Start VPN Load Balancing"),
}),
]),
});
var msg1724 = match({
dissect: {
tokenizer: "Stop VPN Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup965,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Stop VPN Load Balancing"),
}),
]),
});
var msg1725 = match({
dissect: {
tokenizer: "Becoming master of Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup439,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Becoming master of Load Balancing"),
}),
]),
});
var msg1726 = match({
dissect: {
tokenizer: "Becoming slave of Load Balancing in context %{context}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup981,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Becoming slave of Load Balancing"),
}),
]),
});
var msg1727 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup839,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1728 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1267,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1729 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1169,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1730 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2257,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1731 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1924,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1732 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1051,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1733 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup106,
dup1705,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1734 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1087,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1735 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup247,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1736 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1488,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1737 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup764,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1738 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1298,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1739 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup1300,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1740 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup627,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1741 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2100,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1742 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup1463,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1743 = match({
dissect: {
tokenizer: "Group %{group} User %{username} IP %{saddr} %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup222,
dup223,
dup2313,
dup2302,
dup2316,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1744 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup268,
dup1665,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1745 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1709,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1746 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup2216,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1747 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description} (function=%{fld1}, line=%{fld2}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2146,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1748 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup2025,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1749 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup130,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1750 = match({
dissect: {
tokenizer: "(VPN-%{context}) Sending %{info} to standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup976,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all784 = all_match({
processors: [
dup1566,
dup1567,
dup1568,
],
on_success: processor_chain([
dup767,
dup1569,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1751 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup1088,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1752 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup2101,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1753 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup263,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1754 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1404,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1755 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1772,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1756 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup378,
dup2258,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1757 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup406,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1758 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
dup277,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1759 = match({
dissect: {
tokenizer: "(VPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup2107,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1760 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup709,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1761 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup131,
dup132,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1762 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
dup59,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1763 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1279,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1764 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) %{event_description}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup2090,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1765 = match({
dissect: {
tokenizer: "(WebVPN-%{context}) Enable APCF XML file path %{filename} on the standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1848,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Enable APCF XML file path on standby unit"),
}),
]),
});
var all785 = all_match({
processors: [
dup1319,
dup4,
dup1903,
],
on_success: processor_chain([
dup10,
dup1904,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("session created"),
}),
]),
});
var all786 = all_match({
processors: [
dup1319,
dup4,
dup1320,
],
on_success: processor_chain([
dup767,
dup1321,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("session deleted"),
}),
]),
});
var all787 = all_match({
processors: [
dup494,
dup495,
dup496,
],
on_success: processor_chain([
dup55,
dup497,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all788 = all_match({
processors: [
dup494,
dup495,
dup496,
],
on_success: processor_chain([
dup93,
dup1666,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1766 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e %{event_description}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup678,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1767 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Invalid address \u003c\u003c%{daddr}\u003e assigned to SVC connection",
field: "nwparser.payload",
},
on_success: processor_chain([
dup45,
dup781,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid address assigned to SVC connection"),
}),
]),
});
var msg1768 = match({
dissect: {
tokenizer: "%{info}/%{result}: %{event_description}%{event_description}%{event_description}%{event_description}",
field: "nwparser.p3",
},
});
var all789 = all_match({
processors: [
dup2223,
dup2224,
dup2225,
dup2226,
msg1768,
],
on_success: processor_chain([
dup55,
dup2227,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all790 = all_match({
processors: [
dup127,
dup64,
dup2135,
dup2136,
],
on_success: processor_chain([
dup55,
dup2137,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all791 = all_match({
processors: [
dup359,
dup64,
dup65,
dup360,
dup361,
],
on_success: processor_chain([
dup285,
dup362,
dup2340,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("No address available for SVC connection"),
}),
]),
});
var all792 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup500,
dup501,
dup502,
],
on_success: processor_chain([
dup55,
dup503,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2434,
]),
});
var all793 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup1447,
dup501,
dup1448,
],
on_success: processor_chain([
dup68,
dup1449,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1769 = match({
dissect: {
tokenizer: "SVC Global Compression Disabled%{}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup841,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all794 = all_match({
processors: [
dup127,
dup64,
dup65,
dup66,
dup498,
dup499,
dup1425,
],
on_success: processor_chain([
dup68,
dup1426,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var all795 = all_match({
processors: [
dup127,
dup64,
dup1339,
],
on_success: processor_chain([
dup68,
dup1340,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Stale SVC connection closed"),
}),
]),
});
var all796 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup683,
dup2286,
dup2287,
dup2288,
dup2289,
dup2435,
]),
});
var all797 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup674,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2435,
]),
});
var all798 = all_match({
processors: [
dup127,
dup64,
dup673,
],
on_success: processor_chain([
dup68,
dup1085,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2435,
]),
});
var all799 = all_match({
processors: [
dup127,
dup64,
dup1352,
dup1353,
dup1354,
],
on_success: processor_chain([
dup33,
dup1355,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("replacing old connection"),
}),
]),
});
var all800 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup2048,
dup499,
dup2049,
],
on_success: processor_chain([
dup10,
dup2050,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2434,
]),
});
var all801 = all_match({
processors: [
dup63,
dup64,
dup65,
dup224,
dup225,
],
on_success: processor_chain([
dup93,
dup226,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("transmitting large packet"),
}),
]),
});
var all802 = all_match({
processors: [
dup63,
dup64,
dup65,
dup224,
dup2210,
],
on_success: processor_chain([
dup93,
dup2211,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("transmission error transmitting large packet"),
}),
]),
});
var all803 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup67,
],
on_success: processor_chain([
dup68,
dup69,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("closing connection"),
}),
]),
});
var all804 = all_match({
processors: [
dup1544,
dup64,
dup65,
dup360,
dup1545,
],
on_success: processor_chain([
dup285,
dup1546,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("No IPv6 address available for SVC connection"),
}),
]),
});
var all805 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup944,
],
on_success: processor_chain([
dup285,
dup945,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("DTLS disabled"),
}),
]),
});
var msg1770 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Tunnel terminated: %{result}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup483,
dup484,
dup2288,
dup2289,
dup2286,
dup2287,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel terminated"),
}),
]),
});
var all806 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1594,
],
on_success: processor_chain([
dup68,
dup1595,
dup2286,
dup2287,
dup2288,
dup2289,
dup2436,
]),
});
var msg1771 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003c%{saddr}\u003e Session terminated: %{info}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup29,
dup1147,
dup2286,
dup2287,
dup2288,
dup2289,
dup2436,
]),
});
var all807 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1596,
dup1597,
dup1598,
dup1599,
dup1600,
],
on_success: processor_chain([
dup288,
dup1601,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("specific address is assigned to session"),
}),
]),
});
var all808 = all_match({
processors: [
dup63,
dup64,
dup65,
dup66,
dup1602,
],
on_success: processor_chain([
dup288,
dup1603,
dup2340,
dup2286,
dup2287,
dup2288,
dup2289,
dup2437,
]),
});
var all809 = all_match({
processors: [
dup1400,
dup1401,
dup1402,
],
on_success: processor_chain([
dup14,
dup1403,
dup2286,
dup2287,
dup2288,
dup2289,
set_field({
dest: "nwparser.event_description",
value: constant("Unknown client connection"),
}),
]),
});
var all810 = all_match({
processors: [
dup1478,
dup1479,
],
on_success: processor_chain([
dup14,
dup1480,
dup2286,
dup2287,
dup2288,
dup2289,
]),
});
var msg1772 = match({
dissect: {
tokenizer: "Group \u003c\u003c%{group}\u003e User \u003c\u003c%{username}\u003e IP \u003c\u003
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment