Skip to content

Instantly share code, notes, and snippets.

@adriansr
Created April 22, 2020 14:10
Show Gist options
  • Save adriansr/550c9c9c0105fedd1dbd62472a140247 to your computer and use it in GitHub Desktop.
Save adriansr/550c9c9c0105fedd1dbd62472a140247 to your computer and use it in GitHub Desktop.
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
// Register params from configuration.
function register(params) {
device = new DeviceProcessor();
}
function process(evt) {
return device.process(evt);
}
function DeviceProcessor() {
var builder = new processor.Chain();
builder.Add(save_flags);
builder.Add(chain1);
builder.Add(restore_flags);
var chain = builder.Build();
return {
process: chain.Run,
}
}
var map_srcDirName = {
keyvaluepairs: {
"0": dup477,
"1": dup476,
},
};
var map_dstDirName = {
keyvaluepairs: {
"0": dup476,
"1": dup477,
},
};
var map_dir2SumType = {
keyvaluepairs: {
"0": constant("2"),
"1": constant("3"),
},
"default": constant("0"),
};
var map_dir2Address = {
keyvaluepairs: {
"0": field("saddr"),
"1": field("daddr"),
},
"default": field("saddr"),
};
var map_dir2Port = {
keyvaluepairs: {
"0": field("sport"),
"1": field("dport"),
},
"default": field("sport"),
};
var dup0 = set_field({
dest: "nwparser.messageid",
value: constant("CISCOASA_GENERIC"),
});
var dup1 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601000000"),
});
var dup2 = call({
dest: "nwparser.level",
fn: HDR,
args: [
field("level"),
],
});
var dup3 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dN,dU,dO],
});
var dup4 = set_field({
dest: "nwparser.msg",
value: field("$MSG"),
});
var dup5 = call({
dest: "nwparser.id",
fn: HDR,
args: [
field("messageid"),
],
});
var dup6 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501050100"),
});
var dup7 = set_field({
dest: "nwparser.event_type",
value: constant("VPN"),
});
var dup8 = set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check"),
});
var dup9 = match({
id: "MESSAGE#1042:715077/0",
dissect: {
tokenizer: "%{->}Group = %{p0->}",
field: "nwparser.payload",
},
});
var dup10 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603000000"),
});
var dup11 = set_field({
dest: "nwparser.ec_theme",
value: constant("Encryption"),
});
var dup12 = set_field({
dest: "nwparser.ec_subject",
value: constant("CryptoKey"),
});
var dup13 = set_field({
dest: "nwparser.ec_activity",
value: constant("Modify"),
});
var dup14 = call({
dest: "nwparser.",
fn: SYSVAL,
args: [
field("$MSGID"),
field("$ID1"),
],
});
var dup15 = match({
id: "MESSAGE#192:113015/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
});
var dup16 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301000000"),
});
var dup17 = set_field({
dest: "nwparser.ec_subject",
value: constant("User"),
});
var dup18 = set_field({
dest: "nwparser.ec_theme",
value: constant("Authentication"),
});
var dup19 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Failure"),
});
var dup20 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605000000"),
});
var dup21 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801000000"),
});
var dup22 = match({
id: "MESSAGE#872:713066/0",
dissect: {
tokenizer: "Group = %{group->}, Username = %{p0->}",
field: "nwparser.payload",
},
});
var dup23 = linear_select([
match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "'%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "%{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup24 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204020000"),
});
var dup25 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dH,dT,dS],
});
var dup26 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020100"),
});
var dup27 = call({
dest: "nwparser.inout",
fn: DIRCHK,
args: [
field("saddr"),
],
});
var dup28 = lookup({
dest: "nwparser.src_zone",
map: map_srcDirName,
key: field("inout"),
});
var dup29 = lookup({
dest: "nwparser.dst_zone",
map: map_dstDirName,
key: field("inout"),
});
var dup30 = call({
dest: "nwparser.sigcat",
fn: SYSVAL,
args: [
field("$CATEGORY"),
],
});
var dup31 = match({
id: "MESSAGE#719:602304/0",
dissect: {
tokenizer: "%{service->}: An %{direction->} SA (SPI= %{fld1->}) between %{saddr->} and %{daddr->} %{p0->}",
field: "nwparser.payload",
},
});
var dup32 = linear_select([
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "(user=%{username->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "(%{username->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "'%{username->}' %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "%{username->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup33 = match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "%{action->}",
field: "nwparser.p1",
},
});
var dup34 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030100"),
});
var dup35 = date_times({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmts: [
[dB,dF,dW,dN,dU,dO],
[dB,dF,dN,dU,dO],
],
});
var dup36 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030000"),
});
var dup37 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604000000"),
});
var dup38 = set_field({
dest: "nwparser.ec_theme",
value: constant("Configuration"),
});
var dup39 = set_field({
dest: "nwparser.ec_subject",
value: constant("Configuration"),
});
var dup40 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Success"),
});
var dup41 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010000"),
});
var dup42 = set_field({
dest: "nwparser.ec_theme",
value: constant("ALM"),
});
var dup43 = set_field({
dest: "nwparser.ec_subject",
value: constant("NetworkComm"),
});
var dup44 = match({
id: "MESSAGE#921:713194/0",
dissect: {
tokenizer: "%{->} %{p0->}",
field: "nwparser.payload",
},
});
var dup45 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var dup46 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var dup47 = linear_select([
match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup48 = match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p1",
},
});
var dup49 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603010000"),
});
var dup50 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603040000"),
});
var dup51 = set_field({
dest: "nwparser.eventcategory",
value: constant("1703000000"),
});
var dup52 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020200"),
});
var dup53 = match({
id: "MESSAGE#1250:737031/0",
dissect: {
tokenizer: "%{process->}: %{p0->}",
field: "nwparser.payload",
},
});
var dup54 = linear_select([
match({
id: "MESSAGE#1250:737031/2",
dissect: {
tokenizer: "Session=%{sessionid->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup55 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010100"),
});
var dup56 = set_field({
dest: "nwparser.service",
value: constant("IPSEC"),
});
var dup57 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "%{application->}\", %{info->}",
field: "nwparser.p0",
},
});
var dup58 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605020000"),
});
var dup59 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701060000"),
});
var dup60 = set_field({
dest: "nwparser.ec_activity",
value: constant("Enable"),
});
var dup61 = linear_select([
match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "'%{username->}' from %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "%{username->} from %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup62 = match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.p1",
},
});
var dup63 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401060000"),
});
var dup64 = set_field({
dest: "nwparser.ec_activity",
value: constant("Permit"),
});
var dup65 = set_field({
dest: "nwparser.ec_theme",
value: constant("AccessControl"),
});
var dup66 = linear_select([
match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "'%{username->}' @%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "%{username->} @%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup67 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204010000"),
});
var dup68 = set_field({
dest: "nwparser.event_description",
value: constant("Accessed"),
});
var dup69 = set_field({
dest: "nwparser.protocol",
value: constant("HTTP"),
});
var dup70 = call({
dest: "nwparser.urldomain",
fn: URL,
args: [
field("$DOMAIN"),
field("url"),
],
});
var dup71 = call({
dest: "nwparser.urlroot",
fn: URL,
args: [
field("$ROOT"),
field("url"),
],
});
var dup72 = call({
dest: "nwparser.urlpage",
fn: URL,
args: [
field("$PAGE"),
field("url"),
],
});
var dup73 = call({
dest: "nwparser.urlquery",
fn: URL,
args: [
field("$QUERY"),
field("url"),
],
});
var dup74 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020300"),
});
var dup75 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603110000"),
});
var dup76 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030300"),
});
var dup77 = match({
id: "MESSAGE#1046:716002/0",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User %{p0->}",
field: "nwparser.payload",
},
});
var dup78 = linear_select([
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "'%{username->}' IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "%{username->} IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup79 = match({
id: "MESSAGE#992:715006/0",
dissect: {
tokenizer: "Group = %{group->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup80 = linear_select([
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup81 = match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "%{action->}: SPI = %{dst_spi->}",
field: "nwparser.p1",
},
});
var dup82 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020100"),
});
var dup83 = set_field({
dest: "nwparser.eventcategory",
value: constant("1304000000"),
});
var dup84 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050200"),
});
var dup85 = set_field({
dest: "nwparser.eventcategory",
value: constant("1002000000"),
});
var dup86 = set_field({
dest: "nwparser.eventcategory",
value: constant("1303000000"),
});
var dup87 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Error"),
});
var dup88 = match({
id: "MESSAGE#804:702201:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 delete%{p0->}",
field: "nwparser.payload",
},
});
var dup89 = linear_select([
match({
id: "MESSAGE#804:702201:01/2",
dissect: {
tokenizer: "d%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup90 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete received"),
});
var dup91 = set_field({
dest: "nwparser.event_description",
value: constant("Remote peer has failed user authentication"),
});
var dup92 = linear_select([
match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "server%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "client%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup93 = set_field({
dest: "nwparser.event_description",
value: constant("Device proposes cipher(s)"),
});
var dup94 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805020000"),
});
var dup95 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805000000"),
});
var dup96 = match({
id: "MESSAGE#143:109019/0",
dissect: {
tokenizer: "Downloaded ACL %{p0->}",
field: "nwparser.payload",
},
});
var dup97 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p1",
},
});
var dup98 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501040000"),
});
var dup99 = set_field({
dest: "nwparser.ec_activity",
value: constant("Deny"),
});
var dup100 = set_field({
dest: "nwparser.event_description",
value: constant("Authorization denied"),
});
var dup101 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803010000"),
});
var dup102 = set_field({
dest: "nwparser.ec_theme",
value: constant("Communication"),
});
var dup103 = set_field({
dest: "nwparser.event_description",
value: constant("session limit exceeded"),
});
var dup104 = linear_select([
match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "'%{username->}' at %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "%{username->} at %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup105 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050100"),
});
var dup106 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logon"),
});
var dup107 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701030000"),
});
var dup108 = set_field({
dest: "nwparser.ec_activity",
value: constant("Delete"),
});
var dup109 = set_field({
dest: "nwparser.eventcategory",
value: constant("1103000000"),
});
var dup110 = set_field({
dest: "nwparser.event_description",
value: constant("No translation group found"),
});
var dup111 = set_field({
dest: "nwparser.protocol",
value: constant("icmp"),
});
var dup112 = set_field({
dest: "nwparser.event_description",
value: constant("Web Cache acquired"),
});
var dup113 = set_field({
dest: "nwparser.eventcategory",
value: constant("1002020000"),
});
var dup114 = match({
id: "MESSAGE#291:302012/0",
dissect: {
tokenizer: "%{->}Pre%{p0->}",
field: "nwparser.payload",
},
});
var dup115 = linear_select([
match({
id: "MESSAGE#291:302012/2",
dissect: {
tokenizer: "-%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup116 = set_field({
dest: "nwparser.event_description",
value: constant("Connection pre-allocated"),
});
var dup117 = linear_select([
match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "ed%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "ure%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup118 = match({
id: "MESSAGE#591:405102/0",
dissect: {
tokenizer: "Unable to Pre%{p0->}",
field: "nwparser.payload",
},
});
var dup119 = linear_select([
match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "oreign_address%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup120 = match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "%{->} %{p4->}",
field: "nwparser.p3",
},
});
var dup121 = linear_select([
match({
id: "MESSAGE#591:405102/6",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to l%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#591:405102/6",
dissect: {
tokenizer: "%{saddr->} to l%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup122 = linear_select([
match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "ocal_address%{p6->}",
field: "nwparser.p5",
},
}),
match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "addr%{p6->}",
field: "nwparser.p5",
},
}),
]);
var dup123 = match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "%{->} %{p7->}",
field: "nwparser.p6",
},
});
var dup124 = linear_select([
match({
id: "MESSAGE#591:405102/8",
dissect: {
tokenizer: "%{daddr->}/%{dport->} ",
field: "nwparser.p7",
},
}),
match({
id: "MESSAGE#591:405102/8",
dissect: {
tokenizer: "%{daddr->} ",
field: "nwparser.p7",
},
}),
]);
var dup125 = set_field({
dest: "nwparser.event_description",
value: constant("Unable to create new connection"),
});
var dup126 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501000000"),
});
var dup127 = set_field({
dest: "nwparser.event_description",
value: constant("NAT configured"),
});
var dup128 = match({
id: "MESSAGE#712:602202:01/0",
dissect: {
tokenizer: "ISAKMP session connect%{p0->}",
field: "nwparser.payload",
},
});
var dup129 = linear_select([
match({
id: "MESSAGE#712:602202:01/2",
dissect: {
tokenizer: "ed%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup130 = match({
id: "MESSAGE#712:602202:01/2",
dissect: {
tokenizer: "%{->}(local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var dup131 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session connected"),
});
var dup132 = match({
id: "MESSAGE#713:602202/2",
dissect: {
tokenizer: "%{->}(local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var dup133 = set_field({
dest: "nwparser.ec_subject",
value: constant("Message"),
});
var dup134 = set_field({
dest: "nwparser.ec_activity",
value: constant("Receive"),
});
var dup135 = linear_select([
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "Console end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "console end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "%{hostip->} end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup136 = match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "%{disposition->}",
field: "nwparser.p1",
},
});
var dup137 = set_field({
dest: "nwparser.ec_activity",
value: constant("Stop"),
});
var dup138 = match({
id: "MESSAGE#960:713903/2",
dissect: {
tokenizer: "%{saddr->} , %{action->}",
field: "nwparser.p1",
},
});
var dup139 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup140 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup141 = match({
id: "MESSAGE#963:713903:03/0",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.payload",
},
});
var dup142 = set_field({
dest: "nwparser.eventcategory",
value: constant("1802000000"),
});
var dup143 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logoff"),
});
var dup144 = set_field({
dest: "nwparser.result",
value: constant("Succeeded"),
});
var dup145 = constant("Failed");
var dup146 = match({
id: "MESSAGE#313:302016:05/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var dup147 = linear_select([
match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld7->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup148 = call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N:%U:%O"),
field("duration"),
],
});
var dup149 = set_field({
dest: "nwparser.event_description",
value: constant("teardown connection"),
});
var dup150 = linear_select([
match({
id: "MESSAGE#314:302016:07/1",
dissect: {
tokenizer: "%{bytes->} (%{username->})",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#314:302016:07/1",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p0",
},
}),
]);
var dup151 = linear_select([
match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld5->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup152 = match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{dinterface->}:%{p2->}",
field: "nwparser.p1",
},
});
var dup153 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var dup154 = match({
id: "MESSAGE#317:302016/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->} duration %{p3->}",
field: "nwparser.p2",
},
});
var dup155 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld5->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup156 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
});
var dup157 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701000000"),
});
var dup158 = match({
id: "MESSAGE#1165:722029/2",
dissect: {
tokenizer: "%{saddr->}> SVC Session Termination:%{info->}",
field: "nwparser.p1",
},
});
var dup159 = set_field({
dest: "nwparser.event_description",
value: constant("SVC Session Termination"),
});
var dup160 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613030100"),
});
var dup161 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702030000"),
});
var dup162 = match({
id: "MESSAGE#550:401002/0",
dissect: {
tokenizer: "%{->}Shun%{p0->}",
field: "nwparser.payload",
},
});
var dup163 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701010000"),
});
var dup164 = set_field({
dest: "nwparser.ec_activity",
value: constant("Create"),
});
var dup165 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603020000"),
});
var dup166 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701020000"),
});
var dup167 = set_field({
dest: "nwparser.disposition",
value: constant("Failed"),
});
var dup168 = match({
id: "MESSAGE#1184:724004/2",
dissect: {
tokenizer: "%{hostip->}> Secure Desktop Results: %{info->}",
field: "nwparser.p1",
},
});
var dup169 = set_field({
dest: "nwparser.eventcategory",
value: constant("1704010000"),
});
var dup170 = set_field({
dest: "nwparser.protocol",
value: constant("UDP"),
});
var dup171 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401030000"),
});
var dup172 = set_field({
dest: "nwparser.event_description",
value: constant("login session failure"),
});
var dup173 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{result->}",
field: "nwparser.p1",
},
});
var dup174 = match({
id: "MESSAGE#971:713905/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}",
field: "nwparser.p1",
},
});
var dup175 = linear_select([
match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup176 = match({
id: "MESSAGE#974:713905:03/0",
dissect: {
tokenizer: "Username = %{p0->}",
field: "nwparser.payload",
},
});
var dup177 = set_field({
dest: "nwparser.event_description",
value: constant("Embyonic connection limit exceeded"),
});
var dup178 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Unknown"),
});
var dup179 = match({
id: "MESSAGE#150:109025/0",
dissect: {
tokenizer: "Authorization denied (acl=%{listnum->}) for user %{p0->}",
field: "nwparser.payload",
},
});
var dup180 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803000000"),
});
var dup181 = match({
id: "MESSAGE#1172:722037/0",
dissect: {
tokenizer: "Group \u003c\u003c %{group->} > User %{p0->}",
field: "nwparser.payload",
},
});
var dup182 = linear_select([
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "'%{username->}' IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "%{username->} IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup183 = match({
id: "MESSAGE#475:338005/0",
dissect: {
tokenizer: "Dynamic %{p0->}",
field: "nwparser.payload",
},
});
var dup184 = linear_select([
match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "F%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "f%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup185 = set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed"),
});
var dup186 = set_field({
dest: "nwparser.eventcategory",
value: constant("1608000000"),
});
var dup187 = linear_select([
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "\"%{username->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup188 = constant("Login denied");
var dup189 = match({
id: "MESSAGE#1151:721016/0",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->} user %{p0->}",
field: "nwparser.payload",
},
});
var dup190 = linear_select([
match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "'%{username->}' , IP %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "%{username->} , IP %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup191 = set_field({
dest: "nwparser.result",
value: constant("Authorization denied"),
});
var dup192 = set_field({
dest: "nwparser.direction",
value: constant("inbound"),
});
var dup193 = set_field({
dest: "nwparser.event_description",
value: constant("build connection"),
});
var dup194 = set_field({
dest: "nwparser.direction",
value: constant("outbound"),
});
var dup195 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603050000"),
});
var dup196 = set_field({
dest: "nwparser.event_description",
value: constant("connection denied"),
});
var dup197 = linear_select([
match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{protocol->} for user '%{username->}' %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{protocol->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup198 = match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{sinterface->}/%{p2->}",
field: "nwparser.p1",
},
});
var dup199 = linear_select([
match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{saddr->}(%{sport->}) -> %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{saddr->} %{sport->} %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup200 = match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{dinterface->}/%{p4->}",
field: "nwparser.p3",
},
});
var dup201 = linear_select([
match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{daddr->}(%{dport->}) hit-cnt %{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{daddr->} %{dport->} hit-cnt %{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup202 = match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{dclass_counter1->} %{info->}",
field: "nwparser.p5",
},
});
var dup203 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("HitCount"),
});
var dup204 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020000"),
});
var dup205 = set_field({
dest: "nwparser.result",
value: constant("Freeing local pool address"),
});
var dup206 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030305"),
});
var dup207 = set_field({
dest: "nwparser.eventcategory",
value: constant("1606000000"),
});
var dup208 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup209 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup210 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup211 = match({
id: "MESSAGE#1216:734003:01/0",
dissect: {
tokenizer: "%{process->}: User %{p0->}",
field: "nwparser.payload",
},
});
var dup212 = linear_select([
match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "'%{username->}' , Addr %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "%{username->} , Addr %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup213 = match({
id: "MESSAGE#474:338004/2",
dissect: {
tokenizer: "ilter %{p2->}",
field: "nwparser.p1",
},
});
var dup214 = linear_select([
match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "permitt%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "monitor%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup215 = linear_select([
match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "'%{username->}' Priv: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "%{username->} Priv: %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup216 = match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "%{fld1->} Encpass: %{fld2->}",
field: "nwparser.p1",
},
});
var dup217 = set_field({
dest: "nwparser.ec_theme",
value: constant("UserGroup"),
});
var dup218 = match({
id: "MESSAGE#706:602101/2",
dissect: {
tokenizer: "s%{p1->}",
field: "nwparser.p0",
},
});
var dup219 = match({
id: "MESSAGE#293:302013/0",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var dup220 = linear_select([
match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "%{stransport->})(%{domain->}\\%{fld3->})%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "%{stransport->}) %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup221 = match({
id: "MESSAGE#294:302013:01/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) %{p0->}",
field: "nwparser.payload",
},
});
var dup222 = linear_select([
match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "'%{username->}'%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "(%{username->})%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup223 = match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p1",
},
});
var dup224 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{stransport->}) %{p1->}",
field: "nwparser.p0",
},
});
var dup225 = match({
id: "MESSAGE#299:302013:06/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->})(%{domain->}\\%{username->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup226 = match({
id: "MESSAGE#299:302013:06/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup227 = linear_select([
match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sinterface->}:%{fld2->}:%{saddr->}/%{p2->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{p2->}",
field: "nwparser.p1",
},
}),
]);
var dup228 = match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.p2",
},
});
var dup229 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805010000"),
});
var dup230 = match({
id: "MESSAGE#484:338202/2",
dissect: {
tokenizer: "ilter %{p2->}",
field: "nwparser.p1",
},
});
var dup231 = set_field({
dest: "nwparser.event_description",
value: constant("IKE lost contact with remote peer deleting connection"),
});
var dup232 = set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator New/Rekeying Phase"),
});
var dup233 = set_field({
dest: "nwparser.result",
value: constant("Local pool request succeeded "),
});
var dup234 = set_field({
dest: "nwparser.event_description",
value: constant("Built translation"),
});
var dup235 = linear_select([
match({
id: "MESSAGE#726:603107/2",
dissect: {
tokenizer: ",%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup236 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "i%{p1->}",
field: "nwparser.p0",
},
});
var dup237 = linear_select([
match({
id: "MESSAGE#152:109027/3",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#152:109027/3",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p2",
},
}),
]);
var dup238 = linear_select([
match({
id: "MESSAGE#189:113012/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#189:113012/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup239 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030200"),
});
var dup240 = set_field({
dest: "nwparser.event_description",
value: constant("FTP connection terminated"),
});
var dup241 = match({
id: "MESSAGE#1031:715059/2",
dissect: {
tokenizer: "%{saddr->}, %{action->}",
field: "nwparser.p1",
},
});
var dup242 = linear_select([
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup243 = match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{action->}:%{info->}",
field: "nwparser.p1",
},
});
var dup244 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613040200"),
});
var dup245 = set_field({
dest: "nwparser.event_description",
value: constant("Rekeying duration changed"),
});
var dup246 = match({
id: "MESSAGE#810:702204:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 retransmi%{p0->}",
field: "nwparser.payload",
},
});
var dup247 = linear_select([
match({
id: "MESSAGE#810:702204:01/2",
dissect: {
tokenizer: "ssion%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#810:702204:01/2",
dissect: {
tokenizer: "t%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup248 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 retransmission"),
});
var dup249 = match({
id: "MESSAGE#1187:725002/2",
dissect: {
tokenizer: "%{->} %{interface->}:%{p2->}",
field: "nwparser.p1",
},
});
var dup250 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050100"),
});
var dup251 = linear_select([
match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "static%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "xlate%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup252 = set_field({
dest: "nwparser.event_description",
value: constant("Login session failed"),
});
var dup253 = set_field({
dest: "nwparser.event_description",
value: constant("User Authentication failed"),
});
var dup254 = linear_select([
]);
var dup255 = match({
id: "MESSAGE#1198:725010/2",
dissect: {
tokenizer: ".%{->}",
field: "nwparser.p1",
},
});
var dup256 = set_field({
dest: "nwparser.eventcategory",
value: constant("1207010200"),
});
var dup257 = set_field({
dest: "nwparser.event_description",
value: constant("icmp packet denied"),
});
var dup258 = set_field({
dest: "nwparser.result",
value: constant("to/from mangement-only network"),
});
var dup259 = set_field({
dest: "nwparser.protocol",
value: constant("ICMP"),
});
var dup260 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var dup261 = set_field({
dest: "nwparser.event_description",
value: constant("packet denied"),
});
var dup262 = match({
id: "MESSAGE#174:111010/0",
dissect: {
tokenizer: "User %{p0->}",
field: "nwparser.payload",
},
});
var dup263 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401040000"),
});
var dup264 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605010000"),
});
var dup265 = linear_select([
match({
id: "MESSAGE#1243:737017/2",
dissect: {
tokenizer: "Session=%{sessionid->},%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup266 = linear_select([
match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "I%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "i%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup267 = linear_select([
match({
id: "MESSAGE#1163:722027/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > %{p2->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#1163:722027/3",
dissect: {
tokenizer: "%{saddr->} > %{p2->}",
field: "nwparser.p1",
},
}),
]);
var dup268 = linear_select([
match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "TCP %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "UDP %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup269 = set_field({
dest: "nwparser.event_description",
value: constant("Policy installed"),
});
var dup270 = linear_select([
match({
id: "MESSAGE#1161:722023/6",
dissect: {
tokenizer: "out%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup271 = set_field({
dest: "nwparser.event_description",
value: constant("request discarded"),
});
var dup272 = set_field({
dest: "nwparser.eventcategory",
value: constant("1610000000"),
});
var dup273 = linear_select([
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup274 = linear_select([
match({
id: "MESSAGE#96:106027/1",
dissect: {
tokenizer: "\"%{rule_group->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#96:106027/1",
dissect: {
tokenizer: "%{rule_group->} ",
field: "nwparser.p0",
},
}),
]);
var dup275 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-group"),
});
var dup276 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{sport->}(%{domain->}\\%{username->}) dst %{p1->}",
field: "nwparser.p0",
},
});
var dup277 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{sport->} dst %{p1->}",
field: "nwparser.p0",
},
});
var dup278 = set_field({
dest: "nwparser.result",
value: constant("due to NAT reverse path failure"),
});
var dup279 = linear_select([
match({
id: "MESSAGE#552:401004/2",
dissect: {
tokenizer: "ned%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup280 = linear_select([
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup281 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "%{->} %{result->}",
field: "nwparser.p2",
},
});
var dup282 = match({
id: "MESSAGE#303:302014:02/1",
dissect: {
tokenizer: "(%{result->}) ",
field: "nwparser.p0",
},
});
var dup283 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{domain->}\\%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup284 = linear_select([
match({
id: "MESSAGE#304:302014:04/3",
dissect: {
tokenizer: "%{info->} (%{username->})",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#304:302014:04/3",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p2",
},
}),
]);
var dup285 = match({
id: "MESSAGE#307:302014:01/1",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p0",
},
});
var dup286 = set_field({
dest: "nwparser.event_description",
value: constant("NAT exemption configured"),
});
var dup287 = match({
id: "MESSAGE#824:702211:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 exchange complete%{p0->}",
field: "nwparser.payload",
},
});
var dup288 = match({
id: "MESSAGE#824:702211:01/2",
dissect: {
tokenizer: "%{->} %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var dup289 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange completed"),
});
var dup290 = match({
id: "MESSAGE#825:702211/2",
dissect: {
tokenizer: "%{->} %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var dup291 = set_field({
dest: "nwparser.event_description",
value: constant("authentication failed"),
});
var dup292 = set_field({
dest: "nwparser.eventcategory",
value: constant("1302000000"),
});
var dup293 = set_field({
dest: "nwparser.ec_subject",
value: constant("Certificate"),
});
var dup294 = set_field({
dest: "nwparser.event_description",
value: constant("connection dropped"),
});
var dup295 = set_field({
dest: "nwparser.event_description",
value: constant("teardown translation"),
});
var dup296 = linear_select([
match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{fld51->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup297 = linear_select([
match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{dinterface->}(%{fld52->}):%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{dinterface->}:%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup298 = match({
id: "MESSAGE#629:413003/2",
dissect: {
tokenizer: ".%{p1->}",
field: "nwparser.p0",
},
});
var dup299 = set_field({
dest: "nwparser.event_description",
value: constant("IPS request to drop packet"),
});
var dup300 = match({
id: "MESSAGE#860:713035/2",
dissect: {
tokenizer: "%{saddr->} , %{action->}:%{info->}",
field: "nwparser.p1",
},
});
var dup301 = constant("Routing failed to locate next-hop");
var dup302 = set_field({
dest: "nwparser.disposition",
value: constant("failed"),
});
var dup303 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup304 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p0",
},
});
var dup305 = linear_select([
match({
id: "MESSAGE#1021:715049:01/1",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
}),
match({
id: "MESSAGE#1021:715049:01/1",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
}),
]);
var dup306 = set_field({
dest: "nwparser.event_description",
value: constant("Teardown connection"),
});
var dup307 = match({
id: "MESSAGE#340:302026/0",
dissect: {
tokenizer: "Built %{p0->}",
field: "nwparser.payload",
},
});
var dup308 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "backup%{p1->}",
field: "nwparser.p0",
},
});
var dup309 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "director%{p1->}",
field: "nwparser.p0",
},
});
var dup310 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "%{->}stub %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{fld1->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{fld2->})",
field: "nwparser.p1",
},
});
var dup311 = set_field({
dest: "nwparser.event_description",
value: constant("Built connection"),
});
var dup312 = match({
id: "MESSAGE#559:402116/0",
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{dst_spi->}, sequence number= %{fld2->}) from %{saddr->} %{p0->}",
field: "nwparser.payload",
},
});
var dup313 = linear_select([
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "(user=%{username->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "(%{username->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "'%{username->}' to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "%{username->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup314 = match({
id: "MESSAGE#381:305011:01/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var dup315 = linear_select([
match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "'%{username->}' Type:%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "%{username->} Type:%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup316 = match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "%{fld1->}",
field: "nwparser.p1",
},
});
var dup317 = set_field({
dest: "nwparser.result",
value: constant("User authentication succeeded"),
});
var dup318 = set_field({
dest: "nwparser.event_description",
value: constant("SSL server requesting certificate for authentication"),
});
var dup319 = call({
dest: "nwparser.bytes",
fn: CALC,
args: [
field("sbytes"),
constant("+"),
field("rbytes"),
],
});
var dup320 = set_field({
dest: "nwparser.ec_theme",
value: constant("TEV"),
});
var dup321 = match({
id: "MESSAGE#419:315011/0",
dissect: {
tokenizer: "SSH session from %{saddr->} on interface %{interface->} for user %{p0->}",
field: "nwparser.payload",
},
});
var dup322 = match({
id: "MESSAGE#622:411002/2",
dissect: {
tokenizer: "nterface %{interface->} %{p2->}",
field: "nwparser.p1",
},
});
var dup323 = linear_select([
match({
id: "MESSAGE#622:411002/3",
dissect: {
tokenizer: ", %{result->} ",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#622:411002/3",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p2",
},
}),
]);
var dup324 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603030000"),
});
var dup325 = set_field({
dest: "nwparser.event_description",
value: constant("Denied IPv6-ICMP"),
});
var dup326 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604010000"),
});
var dup327 = set_field({
dest: "nwparser.ec_activity",
value: constant("Read"),
});
var dup328 = set_field({
dest: "nwparser.event_description",
value: constant("Device chooses cipher for the SSL session"),
});
var dup329 = match({
id: "MESSAGE#870:713218/2",
dissect: {
tokenizer: "%{saddr->}, Tunnel Rejected: %{action->}",
field: "nwparser.p1",
},
});
var dup330 = set_field({
dest: "nwparser.result",
value: constant("Tunnel Rejected"),
});
var dup331 = set_field({
dest: "nwparser.eventcategory",
value: constant("1901000000"),
});
var dup332 = set_field({
dest: "nwparser.id",
value: field("p_msgid"),
});
var dup333 = set_field({
dest: "nwparser.msg_id",
value: field("p_msgid"),
});
var dup334 = set_field({
dest: "nwparser.vid",
value: field("p_msgid"),
});
var dup335 = set_field({
dest: "nwparser.event_description",
value: constant("IKEGetUserAttributes"),
});
var dup336 = set_field({
dest: "nwparser.event_description",
value: constant("Invalid destination"),
});
var dup337 = set_field({
dest: "nwparser.result",
value: constant("all servers failed"),
});
var dup338 = set_field({
dest: "nwparser.eventcategory",
value: constant("1607000000"),
});
var dup339 = match({
id: "MESSAGE#975:713906:01/0",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup340 = match({
id: "MESSAGE#975:713906:01/1",
dissect: {
tokenizer: "%{event_description->} Proxy Id:%{fld1->} Remote host: %{hostname->} Protocol %{protocol->} Port %{port->} Local subnet: %{fld2->} mask %{mask->} Protocol %{fld3->} Port %{fld4->} ",
field: "nwparser.p0",
},
});
var dup341 = match({
id: "MESSAGE#976:713906:03/0",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup342 = match({
id: "MESSAGE#977:713906/0",
dissect: {
tokenizer: "IP = %{saddr->},%{p0->}",
field: "nwparser.payload",
},
});
var dup343 = linear_select([
match({
id: "MESSAGE#191:113014/2",
dissect: {
tokenizer: "entic%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#191:113014/2",
dissect: {
tokenizer: "oriz%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup344 = match({
id: "MESSAGE#797:620001:01/2",
dissect: {
tokenizer: "C%{p1->}",
field: "nwparser.p0",
},
});
var dup345 = linear_select([
match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{saddr->} to %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup346 = match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{dinterface->}: %{p4->}",
field: "nwparser.p3",
},
});
var dup347 = set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocate connection"),
});
var dup348 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{hostip->} laddr %{p2->}",
field: "nwparser.p1",
},
});
var dup349 = match({
id: "MESSAGE#326:302020:04/1",
dissect: {
tokenizer: "%{sport->} type %{icmptype->} code %{icmpcode->}",
field: "nwparser.p0",
},
});
var dup350 = match({
id: "MESSAGE#326:302020:04/1",
dissect: {
tokenizer: "%{sport->}",
field: "nwparser.p0",
},
});
var dup351 = set_field({
dest: "nwparser.eventcategory",
value: constant("1611000000"),
});
var dup352 = match({
id: "MESSAGE#1153:722001/0",
dissect: {
tokenizer: "IP %{p0->}",
field: "nwparser.payload",
},
});
var dup353 = linear_select([
match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{saddr->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup354 = match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{event_description->}.",
field: "nwparser.p1",
},
});
var dup355 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601010000"),
});
var dup356 = set_field({
dest: "nwparser.result",
value: constant("hardware accelerator error"),
});
var dup357 = match({
id: "MESSAGE#59:106002/0",
dissect: {
tokenizer: "%{protocol->} %{p0->}",
field: "nwparser.payload",
},
});
var dup358 = linear_select([
match({
id: "MESSAGE#59:106002/2",
dissect: {
tokenizer: "C%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#59:106002/2",
dissect: {
tokenizer: "c%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup359 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803020000"),
});
var dup360 = match({
id: "MESSAGE#814:702206:01/0",
dissect: {
tokenizer: "ISAKMP malform%{p0->}",
field: "nwparser.payload",
},
});
var dup361 = set_field({
dest: "nwparser.event_description",
value: constant("malformed payload received"),
});
var dup362 = set_field({
dest: "nwparser.event_description",
value: constant("User executed command"),
});
var dup363 = set_field({
dest: "nwparser.event_description",
value: constant("Testing Interface"),
});
var dup364 = set_field({
dest: "nwparser.protocol",
value: constant("TCP"),
});
var dup365 = linear_select([
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup366 = match({
id: "MESSAGE#346:303002:02/2",
dissect: {
tokenizer: "'%{username->}' %{p1->}",
field: "nwparser.p0",
},
});
var dup367 = match({
id: "MESSAGE#346:303002:02/2",
dissect: {
tokenizer: "%{username->} %{p1->}",
field: "nwparser.p0",
},
});
var dup368 = match({
id: "MESSAGE#489:338303/2",
dissect: {
tokenizer: ",%{p1->}",
field: "nwparser.p0",
},
});
var dup369 = linear_select([
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{hostip->}/%{fld4->} laddr %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{hostip->} laddr %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup370 = linear_select([
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{username->})",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} %{username->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
}),
]);
var dup371 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-list"),
});
var dup372 = set_field({
dest: "nwparser.event_description",
value: constant("Session terminated"),
});
var dup373 = linear_select([
match({
id: "MESSAGE#133:109012/2",
dissect: {
tokenizer: "'%{username->}' , sid %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#133:109012/2",
dissect: {
tokenizer: "%{username->} , sid %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup374 = match({
id: "MESSAGE#822:702210:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 exchange complete%{p0->}",
field: "nwparser.payload",
},
});
var dup375 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701070000"),
});
var dup376 = set_field({
dest: "nwparser.ec_activity",
value: constant("Disable"),
});
var dup377 = match({
id: "MESSAGE#617:410001/0",
dissect: {
tokenizer: "Dropped UDP DNS re%{p0->}",
field: "nwparser.payload",
},
});
var dup378 = linear_select([
match({
id: "MESSAGE#617:410001/2",
dissect: {
tokenizer: "ply%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#617:410001/2",
dissect: {
tokenizer: "quest%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup379 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "packet%{p3->}",
field: "nwparser.p2",
},
});
var dup380 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "label%{p3->}",
field: "nwparser.p2",
},
});
var dup381 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "%{->}limit of %{fld2->} bytes",
field: "nwparser.p5",
},
});
var dup382 = set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP packet - length exceeded"),
});
var dup383 = match({
id: "MESSAGE#185:113009/0",
dissect: {
tokenizer: "AAA retrieved default group policy %{p0->}",
field: "nwparser.payload",
},
});
var dup384 = linear_select([
match({
id: "MESSAGE#185:113009/4",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p3",
},
}),
match({
id: "MESSAGE#185:113009/4",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p3",
},
}),
]);
var dup385 = set_field({
dest: "nwparser.result",
value: constant("retrieved default group policy"),
});
var dup386 = match({
id: "MESSAGE#878:713075/3",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p2",
},
});
var dup387 = linear_select([
match({
id: "MESSAGE#1008:715036:01/1",
dissect: {
tokenizer: "%{event_description->} (seq number %{fld1->}) ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1008:715036:01/1",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p0",
},
}),
]);
var dup388 = match({
id: "MESSAGE#957:713902/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup389 = match({
id: "MESSAGE#957:713902/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup390 = linear_select([
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup391 = set_field({
dest: "nwparser.event_description",
value: constant("Embryonic limit exceeded"),
});
var dup392 = set_field({
dest: "nwparser.result",
value: constant("for through connections"),
});
var dup393 = set_field({
dest: "nwparser.event_description",
value: constant("duplicate packet detected"),
});
var dup394 = set_field({
dest: "nwparser.result",
value: constant("DHCP configured"),
});
var dup395 = set_field({
dest: "nwparser.event_description",
value: constant("Received an ICMP Destination Unreachable"),
});
var dup396 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Hitcount"),
});
var dup397 = match({
id: "MESSAGE#100:106100:01/0",
dissect: {
tokenizer: "access-list %{listnum->} %{p0->}",
field: "nwparser.payload",
},
});
var dup398 = linear_select([
match({
id: "MESSAGE#100:106100:01/2",
dissect: {
tokenizer: "est-allow%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#100:106100:01/2",
dissect: {
tokenizer: "permitt%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup399 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dport->})(%{fld7->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
});
var dup400 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dport->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
});
var dup401 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dclass_counter1->} %{fld6->}",
field: "nwparser.p3",
},
});
var dup402 = set_field({
dest: "nwparser.event_description",
value: constant("permitted"),
});
var dup403 = linear_select([
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->})(%{domain->}\\%{username->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->})(%{fld7->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup404 = match({
id: "MESSAGE#818:702208:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 exchange start%{p0->}",
field: "nwparser.payload",
},
});
var dup405 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange started"),
});
var dup406 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204000000"),
});
var dup407 = match({
id: "MESSAGE#735:605003/3",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p2",
},
});
var dup408 = match({
id: "MESSAGE#735:605003/3",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p2",
},
});
var dup409 = set_field({
dest: "nwparser.event_description",
value: constant("invalid IPSEC packet"),
});
var dup410 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601020000"),
});
var dup411 = match({
id: "MESSAGE#156:109033:01/0",
dissect: {
tokenizer: "Authentication failed for admin user %{p0->}",
field: "nwparser.payload",
},
});
var dup412 = set_field({
dest: "nwparser.event_description",
value: constant("Authentication Failed"),
});
var dup413 = set_field({
dest: "nwparser.result",
value: constant("Interactive challenge processing not supported"),
});
var dup414 = match({
id: "MESSAGE#181:113005:01/0",
dissect: {
tokenizer: "AAA user auth%{p0->}",
field: "nwparser.payload",
},
});
var dup415 = match({
id: "MESSAGE#181:113005:01/2",
dissect: {
tokenizer: "ation Rejected : reason = %{result->} : server = %{p2->}",
field: "nwparser.p1",
},
});
var dup416 = linear_select([
match({
id: "MESSAGE#181:113005:01/4",
dissect: {
tokenizer: "%{hostip->} :%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#181:113005:01/4",
dissect: {
tokenizer: "%{hostip->},%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup417 = linear_select([
match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "U%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "u%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup418 = match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "ser = %{p6->}",
field: "nwparser.p5",
},
});
var dup419 = set_field({
dest: "nwparser.event_description",
value: constant("user authentication rejected"),
});
var dup420 = set_field({
dest: "nwparser.eventcategory",
value: constant("1602000000"),
});
var dup421 = set_field({
dest: "nwparser.event_description",
value: constant("Client allowed"),
});
var dup422 = match({
id: "MESSAGE#211:199009/3",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p2",
},
});
var dup423 = set_field({
dest: "nwparser.event_description",
value: constant("Translation denied"),
});
var dup424 = set_field({
dest: "nwparser.result",
value: constant("Unable to get address from group-policy or tunnel-group"),
});
var dup425 = linear_select([
match({
id: "MESSAGE#727:603108/2",
dissect: {
tokenizer: "T%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#727:603108/2",
dissect: {
tokenizer: "t%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup426 = linear_select([
match({
id: "MESSAGE#740:606001/2",
dissect: {
tokenizer: "P%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#740:606001/2",
dissect: {
tokenizer: "AS%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup427 = match({
id: "MESSAGE#812:702205:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 retransmi%{p0->}",
field: "nwparser.payload",
},
});
var dup428 = set_field({
dest: "nwparser.event_description",
value: constant("deleting static route for address"),
});
var dup429 = linear_select([
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "\u003c\u003c%{username->}> ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "\"%{username->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup430 = set_field({
dest: "nwparser.dport",
value: constant("23"),
});
var dup431 = set_field({
dest: "nwparser.sport",
value: constant("0"),
});
var dup432 = set_field({
dest: "nwparser.event_description",
value: constant("Denied login session"),
});
var dup433 = constant("Tunnel Rejected");
var dup434 = set_field({
dest: "nwparser.event_description",
value: constant("assigned to session"),
});
var dup435 = match({
id: "MESSAGE#820:702209:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 exchange start%{p0->}",
field: "nwparser.payload",
},
});
var dup436 = match({
id: "MESSAGE#714:602203:01/0",
dissect: {
tokenizer: "ISAKMP session disconnect%{p0->}",
field: "nwparser.payload",
},
});
var dup437 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session disconnected"),
});
var dup438 = match({
id: "MESSAGE#1176:722049/3",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p2",
},
});
var dup439 = linear_select([
match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "quest%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "sponse%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup440 = match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "%{->}from %{sinterface->}: %{p2->}",
field: "nwparser.p1",
},
});
var dup441 = linear_select([
match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{daddr->}/%{dport->} ;%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{daddr->} ;%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup442 = match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p5",
},
});
var dup443 = linear_select([
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "backup%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "director%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "forwarder%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup444 = set_field({
dest: "nwparser.event_description",
value: constant("SVC connection established"),
});
var dup445 = match({
id: "MESSAGE#826:702212:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 initiat%{p0->}",
field: "nwparser.payload",
},
});
var dup446 = linear_select([
match({
id: "MESSAGE#826:702212:01/2",
dissect: {
tokenizer: "ing%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#826:702212:01/2",
dissect: {
tokenizer: "e%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup447 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 initiating rekey"),
});
var dup448 = match({
id: "MESSAGE#866:713049/4",
dissect: {
tokenizer: "User%{p3->}",
field: "nwparser.p2",
},
});
var dup449 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete sent"),
});
var dup450 = linear_select([
match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "addr%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "oreign_address%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup451 = match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "%{->} %{saddr->}/%{sport->} g%{p2->}",
field: "nwparser.p1",
},
});
var dup452 = linear_select([
match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "lobal_address%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup453 = match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "%{->} %{hostip->}/%{network_port->} l%{p4->}",
field: "nwparser.p3",
},
});
var dup454 = linear_select([
match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "addr%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "ocal_address%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup455 = match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "%{->} %{daddr->}/%{dport->}",
field: "nwparser.p5",
},
});
var dup456 = set_field({
dest: "nwparser.event_description",
value: constant("Rebuilt connection"),
});
var dup457 = match({
id: "MESSAGE#278:302004/2",
dissect: {
tokenizer: "allocate %{network_service->} %{protocol->} backconnection for f%{p2->}",
field: "nwparser.p1",
},
});
var dup458 = linear_select([
match({
id: "MESSAGE#278:302004/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#278:302004/4",
dissect: {
tokenizer: "oreign_address%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup459 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050200"),
});
var dup460 = set_field({
dest: "nwparser.event_description",
value: constant("Device failed SSL handshake"),
});
var dup461 = set_field({
dest: "nwparser.event_description",
value: constant("Connection Redirected via Load Balancing"),
});
var dup462 = match({
id: "MESSAGE#808:702203:01/0",
dissect: {
tokenizer: "ISAKMP DPD time%{p0->}",
field: "nwparser.payload",
},
});
var dup463 = set_field({
dest: "nwparser.event_description",
value: constant("DPD timed out"),
});
var dup464 = set_field({
dest: "nwparser.event_description",
value: constant("Monitoring on interface"),
});
var dup465 = match({
id: "MESSAGE#1284:713171/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup466 = match({
id: "MESSAGE#1284:713171/2",
dissect: {
tokenizer: "%{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup467 = set_field({
dest: "nwparser.event_description",
value: constant("Address assignment failed"),
});
var dup468 = match({
id: "MESSAGE#991:715001/1",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p0",
},
});
var dup469 = match({
id: "MESSAGE#1185:725001:01/0",
dissect: {
tokenizer: "Starting SSL handshake with %{p0->}",
field: "nwparser.payload",
},
});
var dup470 = linear_select([
match({
id: "MESSAGE#1185:725001:01/2",
dissect: {
tokenizer: "client%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1185:725001:01/2",
dissect: {
tokenizer: "server%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup471 = set_field({
dest: "nwparser.event_description",
value: constant("Starting SSL handshake"),
});
var dup472 = match({
id: "MESSAGE#951:713259/2",
dissect: {
tokenizer: "%{saddr->}, Session is being torn down. Reason: %{result->}",
field: "nwparser.p1",
},
});
var dup473 = set_field({
dest: "nwparser.event_description",
value: constant("Session is being torn down"),
});
var dup474 = set_field({
dest: "nwparser.context",
value: constant("Content type not found"),
});
var dup475 = match({
id: "MESSAGE#886:713120/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup476 = constant("INSIDE");
var dup477 = constant("OUTSIDE");
var hdr1 = match({
id: "HEADER#0:0001",
dissect: {
tokenizer: "%ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr2 = match({
id: "HEADER#1:0033",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{hostip->} : %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr3 = match({
id: "HEADER#2:0002",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{hhost->}: %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr4 = match({
id: "HEADER#3:0003/0",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{p0->}",
field: "message",
},
});
var msg1 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{hhour->}:%{hmin->}:%{hsec->}: %ASA-%{p1->}",
field: "nwparser.p0",
},
});
var msg2 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{hhour->}:%{hmin->}:%{hsec->} %ASA-%{p1->}",
field: "nwparser.p0",
},
});
var select1 = linear_select([
msg1,
msg2,
]);
var msg3 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{level->}-%{messageid->}: %{payload->}",
field: "nwparser.p1",
},
});
var all1 = all_match({
processors: [
hdr4,
select1,
msg3,
],
});
var hdr5 = match({
id: "HEADER#4:0012",
dissect: {
tokenizer: "%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{hostip->} %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr6 = match({
id: "HEADER#5:0004",
dissect: {
tokenizer: "%{paddr->} %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr7 = match({
id: "HEADER#6:0010",
dissect: {
tokenizer: ":%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{timezone->}: %ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr8 = match({
id: "HEADER#7:0014",
dissect: {
tokenizer: "%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{timezone->}: %ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr9 = match({
id: "HEADER#8:0011",
dissect: {
tokenizer: "%ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr10 = match({
id: "HEADER#9:0005",
dissect: {
tokenizer: "%ASA-%{level->}-%{messageid->} %{payload->}",
field: "message",
},
});
var hdr11 = match({
id: "HEADER#10:0006",
dissect: {
tokenizer: "%FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr12 = match({
id: "HEADER#11:0007",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{paddr->} : %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr13 = match({
id: "HEADER#12:0008",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr14 = match({
id: "HEADER#13:0009",
dissect: {
tokenizer: "%{paddr->} %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr15 = match({
id: "HEADER#14:0013",
dissect: {
tokenizer: ":%ASA-%{group->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr16 = match({
id: "HEADER#15:9999",
dissect: {
tokenizer: "%ASA-%{payload->}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var hdr17 = match({
id: "HEADER#16:9998",
dissect: {
tokenizer: "%{fld->}%ASA-%{payload->}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var select2 = linear_select([
hdr1,
hdr2,
hdr3,
all1,
hdr5,
hdr6,
hdr7,
hdr8,
hdr9,
hdr10,
hdr11,
hdr12,
hdr13,
hdr14,
hdr15,
hdr16,
hdr17,
]);
var msg4 = match({
id: "MESSAGE#17:103005",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
set_field({
dest: "nwparser.msg_id1",
value: constant("103005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg5 = match({
id: "MESSAGE#936:713222",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Static Crypto Map check, map = %{fld1->}, seq = %{fld2->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("713222"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup8,
]),
});
var msg6 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}', IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var msg7 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var msg8 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var select3 = linear_select([
msg6,
msg7,
msg8,
]);
var msg9 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{action->}, spi %{dst_spi->}",
field: "nwparser.p1",
},
});
var all2 = all_match({
processors: [
dup9,
select3,
msg9,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715077"),
}),
dup7,
dup11,
dup12,
dup13,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg10 = match({
id: "MESSAGE#1043:715077:01/0",
dissect: {
tokenizer: "Pitcher: %{result->} %{p0->}",
field: "nwparser.payload",
},
});
var msg11 = match({
id: "MESSAGE#1043:715077:01/2",
dissect: {
tokenizer: ", %{p1->}",
field: "nwparser.p0",
},
});
var select4 = linear_select([
msg11,
]);
var msg12 = match({
id: "MESSAGE#1043:715077:01/2",
dissect: {
tokenizer: "spi %{dst_spi->}",
field: "nwparser.p1",
},
});
var all3 = all_match({
processors: [
msg10,
select4,
msg12,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715077:01"),
}),
dup7,
dup11,
dup12,
dup13,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var select5 = linear_select([
all2,
all3,
]);
var msg13 = match({
id: "MESSAGE#192:113015/0",
dissect: {
tokenizer: "%{action->} : reason = %{result->} : local database : user = %{p0->}",
field: "nwparser.payload",
},
});
var msg14 = match({
id: "MESSAGE#192:113015/1",
dissect: {
tokenizer: "%{username->} : user IP = %{saddr->}",
field: "nwparser.p0",
},
});
var select6 = linear_select([
msg14,
dup15,
]);
var all4 = all_match({
processors: [
msg13,
select6,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113015"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg15 = match({
id: "MESSAGE#241:210001",
dissect: {
tokenizer: "LU SMNAME error = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("210001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg16 = match({
id: "MESSAGE#360:304008/0",
dissect: {
tokenizer: "%{->}L%{p0->}",
field: "nwparser.payload",
},
});
var msg17 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "EAVING%{p1->}",
field: "nwparser.p0",
},
});
var msg18 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "eaving%{p1->}",
field: "nwparser.p0",
},
});
var select7 = linear_select([
msg17,
msg18,
]);
var msg19 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "%{->}ALLOW mode, URL Server",
field: "nwparser.p1",
},
});
var all5 = all_match({
processors: [
msg16,
select7,
msg19,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("304008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg20 = match({
id: "MESSAGE#362:305001",
dissect: {
tokenizer: "Portmapped translation built for gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Portmapped translation built"),
}),
]),
});
var msg21 = match({
id: "MESSAGE#1278:752004",
dissect: {
tokenizer: "Tunnel Manager dispatching a %{fld3->} message to IKEv1. Map Tag = %{fld1->}. Map Sequence Number = %{fld2->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg22 = match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "%{saddr->}, IKE Remote Peer configured for crypto map: %{fld1->}",
field: "nwparser.p1",
},
});
var all6 = all_match({
processors: [
dup22,
dup23,
msg22,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713066"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg23 = match({
id: "MESSAGE#873:713066:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE Remote Peer configured for crypto map: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713066:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select8 = linear_select([
all6,
msg23,
]);
var msg24 = match({
id: "MESSAGE#1294:769004",
dissect: {
tokenizer: "UPDATE: ASA image checksum error copying '%{filename->}' to '%{fld22->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("769004"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("image checksum error"),
}),
]),
});
var msg25 = match({
id: "MESSAGE#498:400001",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400001"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all7 = all_match({
processors: [
dup31,
dup32,
dup33,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("602304"),
}),
dup7,
dup2,
dup35,
dup4,
dup5,
]),
});
var msg26 = match({
id: "MESSAGE#743:606004",
dissect: {
tokenizer: "ASDM logging session number %{sessionid->} from %{hostip->} ended",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("606004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg27 = match({
id: "MESSAGE#839:709006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709006"),
}),
dup38,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg28 = match({
id: "MESSAGE#792:617001",
dissect: {
tokenizer: "GTPv version %{fld1->} from %{sinterface->}:%{saddr->}/%{sport->} not accepted by %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("617001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("GTP version not accepted"),
}),
dup4,
dup5,
]),
});
var msg29 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var msg30 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var select9 = linear_select([
msg29,
msg30,
dup45,
dup46,
]);
var all8 = all_match({
processors: [
dup44,
select9,
dup33,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713194"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all9 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715048"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg31 = match({
id: "MESSAGE#3:101004",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg32 = match({
id: "MESSAGE#225:201009",
dissect: {
tokenizer: "TCP connection limit of %{dclass_counter1->} for host %{hostip->} on %{interface->} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201009"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Number of connections"),
}),
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("TCP connection limit exceeded"),
}),
]),
});
var msg33 = match({
id: "MESSAGE#610:409008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("409008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg34 = match({
id: "MESSAGE#779:611323",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("611323"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg35 = match({
id: "MESSAGE#542:400045",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400045"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg36 = match({
id: "MESSAGE#1250:737031/2",
dissect: {
tokenizer: "Removed%{hostip->} from standby",
field: "nwparser.p1",
},
});
var all10 = all_match({
processors: [
dup53,
dup54,
msg36,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737031"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Removed host from standby"),
}),
]),
});
var msg37 = match({
id: "MESSAGE#561:402118",
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{protocol->}, sequence number=%{fld1->}) from %{saddr->} (user=%{username->}) to %{daddr->} containing an illegal IP fragment of length %{dclass_counter1->} with offset %{dclass_counter2->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402118"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("illegal IP fragment on IPSEC packet"),
}),
dup56,
]),
});
var msg38 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->}, application up \"%{p0->}",
field: "nwparser.payload",
},
});
var msg39 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "Module ips, application up \"%{p0->}",
field: "nwparser.payload",
},
});
var select10 = linear_select([
msg38,
msg39,
]);
var all11 = all_match({
processors: [
select10,
dup57,
],
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("505015"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg40 = match({
id: "MESSAGE#774:611318",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("611318"),
}),
dup7,
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg41 = match({
id: "MESSAGE#1227:737001/2",
dissect: {
tokenizer: "Received message '%{info->}'",
field: "nwparser.p1",
},
});
var all12 = all_match({
processors: [
dup53,
dup54,
msg41,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737001"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Received message"),
}),
dup4,
dup5,
]),
});
var msg42 = match({
id: "MESSAGE#729:604101",
dissect: {
tokenizer: "DHCP client interface %{interface->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg43 = match({
id: "MESSAGE#128:109007/0",
dissect: {
tokenizer: "Authorization permitted for user %{p0->}",
field: "nwparser.payload",
},
});
var all13 = all_match({
processors: [
msg43,
dup61,
dup62,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("109007"),
}),
dup17,
dup64,
dup65,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Successful Authorization"),
}),
]),
});
var msg44 = match({
id: "MESSAGE#160:110002",
dissect: {
tokenizer: "No ARP for host %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("No ARP for host"),
}),
]),
});
var msg45 = match({
id: "MESSAGE#161:110002:01",
dissect: {
tokenizer: "Failed to locate egress interface for %{protocol->} from %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Failed to locate egress interface"),
}),
]),
});
var select11 = linear_select([
msg44,
msg45,
]);
var msg46 = match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "%{saddr->} Accessed %{p2->}",
field: "nwparser.p1",
},
});
var msg47 = match({
id: "MESSAGE#351:304001/4",
dissect: {
tokenizer: "JAVA %{p3->}",
field: "nwparser.p2",
},
});
var select12 = linear_select([
msg47,
]);
var msg48 = match({
id: "MESSAGE#351:304001/4",
dissect: {
tokenizer: "URL %{daddr->}: %{url->}",
field: "nwparser.p3",
},
});
var all14 = all_match({
processors: [
dup44,
dup66,
msg46,
select12,
msg48,
],
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("304001"),
}),
dup2,
dup3,
dup4,
dup5,
dup68,
dup69,
dup70,
dup71,
dup72,
dup73,
]),
});
var msg49 = match({
id: "MESSAGE#352:304001:01/0",
dissect: {
tokenizer: "%{saddr->} Accessed %{p0->}",
field: "nwparser.payload",
},
});
var msg50 = match({
id: "MESSAGE#352:304001:01/2",
dissect: {
tokenizer: "JAVA %{p1->}",
field: "nwparser.p0",
},
});
var select13 = linear_select([
msg50,
]);
var msg51 = match({
id: "MESSAGE#352:304001:01/2",
dissect: {
tokenizer: "URL %{daddr->}: %{url->}",
field: "nwparser.p1",
},
});
var all15 = all_match({
processors: [
msg49,
select13,
msg51,
],
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("304001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup68,
dup69,
dup70,
dup71,
dup72,
dup73,
]),
});
var select14 = linear_select([
all14,
all15,
]);
var msg52 = match({
id: "MESSAGE#545:400048",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400048"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg53 = match({
id: "MESSAGE#256:212003",
dissect: {
tokenizer: "Unable to receive an %{protocol->} request on interface %{interface->}, error code = %{resultcode->}, will try again.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg54 = match({
id: "MESSAGE#589:405002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("405002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg55 = match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} session terminated: %{result->}",
field: "nwparser.p1",
},
});
var all16 = all_match({
processors: [
dup77,
dup78,
msg55,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("716002"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session terminated"),
}),
]),
});
var msg56 = match({
id: "MESSAGE#703:507002",
dissect: {
tokenizer: "Moving connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} to non-proxy mode - %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("507002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Moving connection"),
}),
]),
});
var all17 = all_match({
processors: [
dup79,
dup80,
dup81,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("715006"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg57 = match({
id: "MESSAGE#993:715006:01",
dissect: {
tokenizer: "IKE got SPI from key engine: SPI = %{dst_spi->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715006:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got SPI from key engine"),
}),
]),
});
var select15 = linear_select([
all17,
msg57,
]);
var msg58 = match({
id: "MESSAGE#1064:717003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg59 = match({
id: "MESSAGE#1086:717055",
dissect: {
tokenizer: "The \u003c\u003c%{fld1->}> certificate in the trustpoint \u003c\u003c%{cert_hostname->}> has expired. Expiration \u003c\u003c%{fld2->}> Subject Name \u003c\u003c%{cert_subject->}> Issuer Name \u003c\u003c%{dn->}> Serial Number \u003c\u003c%{serial_number->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717055"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("The certificate in the trustpoint has expired."),
}),
]),
});
var msg60 = match({
id: "MESSAGE#146:109022",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("109022"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg61 = match({
id: "MESSAGE#413:315001",
dissect: {
tokenizer: "Denied SSH session from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Denied session"),
}),
]),
});
var msg62 = match({
id: "MESSAGE#530:400033",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("400033"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg63 = match({
id: "MESSAGE#532:400035",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400035"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg64 = match({
id: "MESSAGE#1119:720021",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720021"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg65 = match({
id: "MESSAGE#197:113020",
dissect: {
tokenizer: "Kerberos error : Clock skew with server %{hostip->} greater than 300 seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("113020"),
}),
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Kerberos error"),
}),
]),
});
var msg66 = match({
id: "MESSAGE#804:702201:01/2",
dissect: {
tokenizer: "%{->}received (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all18 = all_match({
processors: [
dup88,
dup89,
msg66,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702201:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup90,
]),
});
var msg67 = match({
id: "MESSAGE#805:702201/2",
dissect: {
tokenizer: "%{->}received (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all19 = all_match({
processors: [
dup88,
dup89,
msg67,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702201"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup90,
]),
});
var select16 = linear_select([
all18,
all19,
]);
var msg68 = match({
id: "MESSAGE#913:713167/2",
dissect: {
tokenizer: "%{saddr->}, Remote peer has failed user authentication - %{info->}",
field: "nwparser.p1",
},
});
var all20 = all_match({
processors: [
dup22,
dup23,
msg68,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("713167"),
}),
dup7,
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup91,
]),
});
var msg69 = match({
id: "MESSAGE#914:713167:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Remote peer has failed user authentication - %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("713167:01"),
}),
dup7,
dup17,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup91,
]),
});
var select17 = linear_select([
all20,
msg69,
]);
var msg70 = match({
id: "MESSAGE#1196:725009:01/0",
dissect: {
tokenizer: "Device proposes the following %{dclass_counter1->} cipher(s) to %{p0->}",
field: "nwparser.payload",
},
});
var msg71 = match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "%{->} %{interface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all21 = all_match({
processors: [
msg70,
dup92,
msg71,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725009:01"),
}),
dup2,
dup3,
dup4,
dup5,
dup93,
set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("The number of supported ciphers"),
}),
]),
});
var msg72 = match({
id: "MESSAGE#1197:725009",
dissect: {
tokenizer: "Device proposes %{fld1->} cipher(s) to server %{interface->}:%{hostip->}/%{network_port->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725009"),
}),
dup2,
dup3,
dup4,
dup5,
dup93,
]),
});
var select18 = linear_select([
all21,
msg72,
]);
var msg73 = match({
id: "MESSAGE#602:408002/0",
dissect: {
tokenizer: "ospf %{p0->}",
field: "nwparser.payload",
},
});
var msg74 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "E1%{p1->}",
field: "nwparser.p0",
},
});
var msg75 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "E2%{p1->}",
field: "nwparser.p0",
},
});
var msg76 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "IA%{p1->}",
field: "nwparser.p0",
},
});
var select19 = linear_select([
msg74,
msg75,
msg76,
]);
var msg77 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "%{->}update %{stransaddr->} %{fld1->} [%{fld2->}] via %{daddr->}:%{host->} overriding conflict with %{dtransaddr->} %{fld3->} [%{fld4->}] %{interface->}",
field: "nwparser.p1",
},
});
var all22 = all_match({
processors: [
msg73,
select19,
msg77,
],
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("408002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Ospf IA update conflict"),
}),
]),
});
var msg78 = match({
id: "MESSAGE#685:503001",
dissect: {
tokenizer: "Process %{fld1->}, Nbr %{hostip->} on %{interface->} from %{fld2->} to %{fld3->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup95,
set_field({
dest: "nwparser.msg_id1",
value: constant("503001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg79 = match({
id: "MESSAGE#756:611104",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("611104"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg80 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "'%{listnum->}' has parsing error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var msg81 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "%{listnum->} has parsing error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var select20 = linear_select([
msg80,
msg81,
]);
var all23 = all_match({
processors: [
dup96,
select20,
dup97,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109019"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("ACL has parsing error"),
}),
]),
});
var msg82 = match({
id: "MESSAGE#149:109024",
dissect: {
tokenizer: "Authorization denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} (%{result->}) on interface %{interface->} using %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup98,
set_field({
dest: "nwparser.msg_id1",
value: constant("109024"),
}),
dup65,
dup99,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg83 = match({
id: "MESSAGE#427:317005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("317005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg84 = match({
id: "MESSAGE#597:450001",
dissect: {
tokenizer: "Deny traffic for protocol %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}, licensed host limit of %{fld1->} exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("450001"),
}),
dup43,
dup99,
dup102,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg85 = match({
id: "MESSAGE#568:402127/0",
dissect: {
tokenizer: "CRYPTO: The ASA is skipping the writing of latest Crypto Archive File as the maximum # of files (%{fld2->}) allowed have been written to %{p0->}",
field: "nwparser.payload",
},
});
var msg86 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "\u003c\u003c%{filename->}> . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var msg87 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "'%{filename->}' . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var msg88 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "%{filename->} . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var select21 = linear_select([
msg86,
msg87,
msg88,
]);
var msg89 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "%{fld3->} if you want more Crypto Archive Files saved",
field: "nwparser.p1",
},
});
var all24 = all_match({
processors: [
msg85,
select21,
msg89,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402127"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Latest Crypto File not written"),
}),
]),
});
var msg90 = match({
id: "MESSAGE#232:202004",
dissect: {
tokenizer: "Could not build portmap translation for %{saddr->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("202004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg91 = match({
id: "MESSAGE#257:212004",
dissect: {
tokenizer: "Unable to send an %{protocol->} response to IP Address %{daddr->} Port %{dport->} interface %{interface->}, error code = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg92 = match({
id: "MESSAGE#400:309004",
dissect: {
tokenizer: "Manager session limit exceeded. Connection request from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("309004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Manager session limit exceeded"),
}),
]),
});
var msg93 = match({
id: "MESSAGE#418:315005",
dissect: {
tokenizer: "SSH session limit exceeded.%{space->}Connection request from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315005"),
}),
dup2,
dup3,
dup4,
dup5,
dup103,
]),
});
var msg94 = match({
id: "MESSAGE#170:111006/0",
dissect: {
tokenizer: "Console Login from %{p0->}",
field: "nwparser.payload",
},
});
var msg95 = match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "%{saddr->}",
field: "nwparser.p1",
},
});
var all25 = all_match({
processors: [
msg94,
dup104,
msg95,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111006"),
}),
dup17,
dup106,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg96 = match({
id: "MESSAGE#176:112001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("112001"),
}),
dup38,
dup108,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg97 = match({
id: "MESSAGE#835:709002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("709002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg98 = match({
id: "MESSAGE#1283:715071",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715071"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg99 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: "%{hostip->} is attacking%{p1->}",
field: "nwparser.p0",
},
});
var msg100 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: "%{hostip->} is targeted%{p1->}",
field: "nwparser.p0",
},
});
var select22 = linear_select([
msg99,
msg100,
]);
var msg101 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: ". %{info->}",
field: "nwparser.p1",
},
});
var all26 = all_match({
processors: [
dup44,
select22,
msg101,
],
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("733101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg102 = match({
id: "MESSAGE#253:211003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("211003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg103 = match({
id: "MESSAGE#367:305005",
dissect: {
tokenizer: "No translation group found for %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005"),
}),
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var msg104 = match({
id: "MESSAGE#368:305005:01",
dissect: {
tokenizer: "No translation group found for icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
dup111,
]),
});
var msg105 = match({
id: "MESSAGE#369:305005:02",
dissect: {
tokenizer: "No translation group found for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var msg106 = match({
id: "MESSAGE#370:305005:03",
dissect: {
tokenizer: "No translation group found for protocol %{protocol->} src %{saddr->} dst %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:03"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var select23 = linear_select([
msg103,
msg104,
msg105,
msg106,
]);
var msg107 = match({
id: "MESSAGE#465:332003",
dissect: {
tokenizer: "Web Cache %{saddr->}/%{shost->} acquired",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("332003"),
}),
dup2,
dup3,
dup4,
dup5,
dup112,
]),
});
var msg108 = match({
id: "MESSAGE#506:400009",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400009"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg109 = match({
id: "MESSAGE#291:302012/2",
dissect: {
tokenizer: "allocate %{network_service->} Call Signalling Connection for faddr %{saddr->}/%{sport->} to laddr %{daddr->}",
field: "nwparser.p1",
},
});
var all27 = all_match({
processors: [
dup114,
dup115,
msg109,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302012"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup116,
]),
});
var msg110 = match({
id: "MESSAGE#751:610101/0",
dissect: {
tokenizer: "Authorization fail%{p0->}",
field: "nwparser.payload",
},
});
var msg111 = match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "%{->}: Cmd: %{action->} Cmdtype: %{fld1->}",
field: "nwparser.p1",
},
});
var all28 = all_match({
processors: [
msg110,
dup117,
msg111,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("610101"),
}),
dup65,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg112 = match({
id: "MESSAGE#591:405102/2",
dissect: {
tokenizer: "allocate %{service->} Connection for f%{p2->}",
field: "nwparser.p1",
},
});
var all29 = all_match({
processors: [
dup118,
dup115,
msg112,
dup119,
dup120,
dup121,
dup122,
dup123,
dup124,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("405102"),
}),
dup2,
dup3,
dup125,
dup4,
dup5,
]),
});
var msg113 = match({
id: "MESSAGE#759:611303",
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: %{stransaddr->} Split Tunnel Networks:",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611303"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup127,
]),
});
var msg114 = match({
id: "MESSAGE#885:713119",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713119"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg115 = match({
id: "MESSAGE#0:101001",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("101001"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg116 = match({
id: "MESSAGE#188:113011/0",
dissect: {
tokenizer: "AAA retrieved user specific group policy %{p0->}",
field: "nwparser.payload",
},
});
var msg117 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "(%{policyname->}) for user = %{p1->}",
field: "nwparser.p0",
},
});
var msg118 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "%{policyname->} for user = %{p1->}",
field: "nwparser.p0",
},
});
var select24 = linear_select([
msg117,
msg118,
]);
var msg119 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p1",
},
});
var msg120 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p1",
},
});
var select25 = linear_select([
msg119,
msg120,
]);
var all30 = all_match({
processors: [
msg116,
select24,
select25,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("113011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA retrieved user specific group policy"),
}),
]),
});
var msg121 = match({
id: "MESSAGE#237:209002",
dissect: {
tokenizer: "IPFRAG: First Frag have not been seen %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("209002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("First Frag have not been seen"),
}),
]),
});
var msg122 = match({
id: "MESSAGE#403:311003",
dissect: {
tokenizer: "LU recv thread up%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311003"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU recv thread"),
}),
dup4,
dup5,
]),
});
var msg123 = match({
id: "MESSAGE#1146:721002",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("721002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg124 = match({
id: "MESSAGE#539:400042",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400042"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all31 = all_match({
processors: [
dup128,
dup129,
dup130,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602202:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup131,
]),
});
var all32 = all_match({
processors: [
dup128,
dup129,
dup132,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602202"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup131,
]),
});
var select26 = linear_select([
all31,
all32,
]);
var msg125 = match({
id: "MESSAGE#789:615002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("615002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg126 = match({
id: "MESSAGE#874:713068/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, Received non-routine %{p1->}",
field: "nwparser.p0",
},
});
var msg127 = match({
id: "MESSAGE#874:713068/2",
dissect: {
tokenizer: "IP = %{saddr->}, Received non-routine %{p1->}",
field: "nwparser.p0",
},
});
var select27 = linear_select([
msg126,
msg127,
]);
var msg128 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "N%{p2->}",
field: "nwparser.p1",
},
});
var msg129 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "n%{p2->}",
field: "nwparser.p1",
},
});
var select28 = linear_select([
msg128,
msg129,
]);
var msg130 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "otify message: %{p3->}",
field: "nwparser.p2",
},
});
var msg131 = match({
id: "MESSAGE#874:713068/4",
dissect: {
tokenizer: "%{result->} (%{info->}) ",
field: "nwparser.p3",
},
});
var msg132 = match({
id: "MESSAGE#874:713068/4",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p3",
},
});
var select29 = linear_select([
msg131,
msg132,
]);
var all33 = all_match({
processors: [
dup79,
select27,
select28,
msg130,
select29,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713068"),
}),
dup7,
dup133,
dup134,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received non-routine Notify message"),
}),
]),
});
var all34 = all_match({
processors: [
dup44,
dup135,
dup136,
],
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("111004"),
}),
dup38,
dup137,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg133 = match({
id: "MESSAGE#504:400007",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400007"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all35 = all_match({
processors: [
dup22,
dup23,
dup138,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg134 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Group = %{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var select30 = linear_select([
msg134,
dup139,
dup140,
]);
var all36 = all_match({
processors: [
dup44,
select30,
dup138,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg135 = match({
id: "MESSAGE#962:713903:02",
dissect: {
tokenizer: "IP = %{saddr->} , %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg136 = match({
id: "MESSAGE#963:713903:03/0",
dissect: {
tokenizer: "%{event_description->} on Port %{network_port->} from %{saddr->}:%{sport->} ",
field: "nwparser.payload",
},
});
var select31 = linear_select([
msg136,
dup141,
]);
var all37 = all_match({
processors: [
select31,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:03"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Runt ISAKMP packet discarded on Port"),
}),
]),
});
var select32 = linear_select([
all35,
all36,
msg135,
all37,
]);
var msg137 = match({
id: "MESSAGE#1259:746013",
dissect: {
tokenizer: "%{application->}: Delete IP-User mapping %{saddr->} - %{domain->}\\%{username->} Succeeded - %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup142,
set_field({
dest: "nwparser.msg_id1",
value: constant("746013"),
}),
dup17,
dup143,
dup40,
dup4,
dup5,
dup2,
dup3,
dup144,
]),
});
var msg138 = match({
id: "MESSAGE#1260:746013:01",
dissect: {
tokenizer: "%{application->}: Delete IP-User mapping %{saddr->} - %{domain->}\\%{username->} Failed - VPN user logout",
field: "nwparser.payload",
},
on_success: processor_chain([
dup142,
set_field({
dest: "nwparser.msg_id1",
value: constant("746013:01"),
}),
dup17,
dup143,
dup19,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VPN user logout"),
}),
set_field({
dest: "nwparser.result",
value: dup145,
}),
]),
});
var select33 = linear_select([
msg137,
msg138,
]);
var msg139 = match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p2->}",
field: "nwparser.p1",
},
});
var msg140 = match({
id: "MESSAGE#313:302016:05/3",
dissect: {
tokenizer: "%{bytes->} (%{username->})",
field: "nwparser.p2",
},
});
var msg141 = match({
id: "MESSAGE#313:302016:05/3",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p2",
},
});
var select34 = linear_select([
msg140,
msg141,
]);
var all38 = all_match({
processors: [
dup146,
dup147,
msg139,
select34,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:05"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg142 = match({
id: "MESSAGE#314:302016:07/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->}(%{fld1->}) to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p0->}",
field: "nwparser.payload",
},
});
var all39 = all_match({
processors: [
msg142,
dup150,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:07"),
}),
dup42,
dup43,
dup40,
dup14,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg143 = match({
id: "MESSAGE#315:302016:04/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p0->}",
field: "nwparser.payload",
},
});
var all40 = all_match({
processors: [
msg143,
dup150,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:04"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg144 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{fld20->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var select35 = linear_select([
dup153,
msg144,
]);
var msg145 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{duration->} bytes %{p4->}",
field: "nwparser.p3",
},
});
var msg146 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->} '%{username->}' ",
field: "nwparser.p4",
},
});
var msg147 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->} (%{username->}) ",
field: "nwparser.p4",
},
});
var msg148 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p4",
},
});
var select36 = linear_select([
msg146,
msg147,
msg148,
]);
var all41 = all_match({
processors: [
dup146,
dup151,
dup152,
select35,
msg145,
select36,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:06"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select37 = linear_select([
dup153,
dup154,
]);
var msg149 = match({
id: "MESSAGE#317:302016/4",
dissect: {
tokenizer: "%{duration->} bytes %{bytes->} %{p4->}",
field: "nwparser.p3",
},
});
var msg150 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "'%{username->}'%{p5->}",
field: "nwparser.p4",
},
});
var msg151 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "(%{username->})%{p5->}",
field: "nwparser.p4",
},
});
var select38 = linear_select([
msg150,
msg151,
]);
var msg152 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p5",
},
});
var all42 = all_match({
processors: [
dup146,
dup151,
dup152,
select37,
msg149,
select38,
msg152,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg153 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{fld20->}) to %{p1->}",
field: "nwparser.p0",
},
});
var select39 = linear_select([
dup155,
msg153,
dup156,
]);
var msg154 = match({
id: "MESSAGE#318:302016:01/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{c_username->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var select40 = linear_select([
dup153,
msg154,
dup154,
]);
var msg155 = match({
id: "MESSAGE#318:302016:01/4",
dissect: {
tokenizer: "%{duration->} bytes %{bytes->}",
field: "nwparser.p3",
},
});
var all43 = all_match({
processors: [
dup146,
select39,
dup152,
select40,
msg155,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg156 = match({
id: "MESSAGE#319:302016:02",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg157 = match({
id: "MESSAGE#320:302016:03",
dissect: {
tokenizer: "Teardown %{protocol->} connection for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:03"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
]),
});
var select41 = linear_select([
all38,
all39,
all40,
all41,
all42,
all43,
msg156,
msg157,
]);
var msg158 = match({
id: "MESSAGE#389:306001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("306001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg159 = match({
id: "MESSAGE#864:713042",
dissect: {
tokenizer: "IKE Initiator unable to find policy: Intf %{interface->}, Src: %{saddr->}, Dst: %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713042"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all44 = all_match({
processors: [
dup77,
dup78,
dup158,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722029"),
}),
dup2,
dup3,
dup4,
dup5,
dup159,
]),
});
var msg160 = match({
id: "MESSAGE#1083:717037",
dissect: {
tokenizer: "Tunnel group search using certificate maps failed for peer certificate: serial number: %{serial_number->}, subject name: %{cert_subject->} issuer_name: %{dn->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717037"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg161 = match({
id: "MESSAGE#19:103007",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("103007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg162 = match({
id: "MESSAGE#508:400011",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400011"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg163 = match({
id: "MESSAGE#550:401002/1",
dissect: {
tokenizer: "%{->}added: %{result->} ",
field: "nwparser.p0",
},
});
var msg164 = match({
id: "MESSAGE#550:401002/1",
dissect: {
tokenizer: "s added %{->}",
field: "nwparser.p0",
},
});
var select42 = linear_select([
msg163,
msg164,
]);
var all45 = all_match({
processors: [
dup162,
select42,
],
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("401002"),
}),
dup164,
dup38,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shun(s) added"),
}),
]),
});
var msg165 = match({
id: "MESSAGE#1014:715041",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} of type %{event_description->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715041"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg166 = match({
id: "MESSAGE#1069:717008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("717008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg167 = match({
id: "MESSAGE#1303:717041",
dissect: {
tokenizer: "Local CA Server event: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("717041"),
}),
dup14,
dup2,
dup5,
dup3,
]),
});
var msg168 = match({
id: "MESSAGE#16:103004",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
set_field({
dest: "nwparser.msg_id1",
value: constant("103004"),
}),
dup2,
dup3,
dup4,
dup5,
dup167,
]),
});
var msg169 = match({
id: "MESSAGE#583:403504",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403504"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg170 = match({
id: "MESSAGE#1011:715039/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}.",
field: "nwparser.p1",
},
});
var all46 = all_match({
processors: [
dup22,
dup23,
msg170,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("715039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg171 = match({
id: "MESSAGE#1012:715039:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("715039:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select43 = linear_select([
all46,
msg171,
]);
var msg172 = match({
id: "MESSAGE#1150:721012",
dissect: {
tokenizer: "(WebVPN-%{context->}) Enable APCF XML file path %{filename->} on the standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("721012"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Enable APCF XML file path on standby unit"),
}),
]),
});
var all47 = all_match({
processors: [
dup77,
dup78,
dup168,
],
on_success: processor_chain([
dup169,
set_field({
dest: "nwparser.msg_id1",
value: constant("724004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg173 = match({
id: "MESSAGE#36:105011",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("105011"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg174 = match({
id: "MESSAGE#248:210010",
dissect: {
tokenizer: "LU make UDP connection for %{saddr->}:%{sport->} %{daddr->}:%{dport->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate a new record for a UDP connection"),
}),
dup170,
]),
});
var msg175 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}' , IP = %{p0->}",
field: "nwparser.payload",
},
});
var msg176 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, Username = %{username->} , IP = %{p0->}",
field: "nwparser.payload",
},
});
var msg177 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, IP = %{p0->}",
field: "nwparser.payload",
},
});
var select44 = linear_select([
msg175,
msg176,
msg177,
]);
var msg178 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{saddr->}, %{action->} [%{fld1->}]",
field: "nwparser.p0",
},
});
var all48 = all_match({
processors: [
select44,
msg178,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713136"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg179 = match({
id: "MESSAGE#1044:715080",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}: %{duration->} seconds.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("715080"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg180 = match({
id: "MESSAGE#14:120012/0",
dissect: {
tokenizer: "User \"%{username->}\" chose to %{p0->}",
field: "nwparser.payload",
},
});
var msg181 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "disabl%{p1->}",
field: "nwparser.p0",
},
});
var msg182 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "postpon%{p1->}",
field: "nwparser.p0",
},
});
var select45 = linear_select([
msg181,
msg182,
]);
var msg183 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "e call-home anonymous reporting at the prompt.%{->}",
field: "nwparser.p1",
},
});
var all49 = all_match({
processors: [
msg180,
select45,
msg183,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120012"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("User chose to disable or postpone call-home anonymous reporting"),
}),
]),
});
var msg184 = match({
id: "MESSAGE#393:307003",
dissect: {
tokenizer: "telnet login session failed from %{saddr->} (%{result->}) on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("307003"),
}),
dup43,
dup106,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup172,
]),
});
var msg185 = match({
id: "MESSAGE#394:307003:01",
dissect: {
tokenizer: "telnet login session failed from %{saddr->} (%{result->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("307003:01"),
}),
dup43,
dup106,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup172,
]),
});
var select46 = linear_select([
msg184,
msg185,
]);
var msg186 = match({
id: "MESSAGE#723:603104/0",
dissect: {
tokenizer: "PPTP Tunnel created, tunnel_id is %{fld1->}, remote_peer_ip is %{saddr->}, ppp_virtual_interface_id is %{fld2->}, client_dynamic_ip is %{daddr->}, username is %{p0->}",
field: "nwparser.payload",
},
});
var msg187 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "'%{username->}' , MPPE_key_strength is %{p1->}",
field: "nwparser.p0",
},
});
var msg188 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "%{username->} , MPPE_key_strength is %{p1->}",
field: "nwparser.p0",
},
});
var select47 = linear_select([
msg187,
msg188,
]);
var msg189 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "%{fld3->}",
field: "nwparser.p1",
},
});
var all50 = all_match({
processors: [
msg186,
select47,
msg189,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("603104"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP Tunnel created"),
}),
]),
});
var msg190 = match({
id: "MESSAGE#1123:720027",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("720027"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg191 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->}, Old P1 SA is being deleted but new SA is DEAD, %{p1->}",
field: "nwparser.p0",
},
});
var msg192 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Old P1 SA is being deleted but new SA is DEAD, %{p1->}",
field: "nwparser.p0",
},
});
var select48 = linear_select([
msg191,
msg192,
]);
var all51 = all_match({
processors: [
dup9,
select48,
dup173,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715052"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Old P1 SA is being deleted but new SA is DEAD"),
}),
]),
});
var msg193 = match({
id: "MESSAGE#1084:717039",
dissect: {
tokenizer: "Local CA Server internal error detected: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717039"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Local CA Server internal error detected"),
}),
]),
});
var msg194 = match({
id: "MESSAGE#1108:718069",
dissect: {
tokenizer: "Stop VPN Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718069"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Stop VPN Load Balancing"),
}),
]),
});
var msg195 = match({
id: "MESSAGE#109:107001:01",
dissect: {
tokenizer: "%{saddr->} attempted to ping %{daddr->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("107001:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
]),
});
var msg196 = match({
id: "MESSAGE#110:107001",
dissect: {
tokenizer: "RIP auth failed from %{saddr->}: version=%{fld1->}, type=%{fld2->}, mode=%{fld3->}, sequence=%{fld4->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("107001"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("RIP auth failure"),
}),
]),
});
var select49 = linear_select([
msg195,
msg196,
]);
var msg197 = match({
id: "MESSAGE#607:409005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("409005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg198 = match({
id: "MESSAGE#918:713184/2",
dissect: {
tokenizer: "%{saddr->}, Client Type: %{product->} Client Application Version: %{version->}",
field: "nwparser.p1",
},
});
var all52 = all_match({
processors: [
dup22,
dup23,
msg198,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713184"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg199 = match({
id: "MESSAGE#919:713184:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Client Type: %{product->} Client Application Version: %{version->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713184:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select50 = linear_select([
all52,
msg199,
]);
var msg200 = match({
id: "MESSAGE#970:713905:04",
dissect: {
tokenizer: "IKE port %{network_port->} for IPSec UDP already reserved on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:04"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("IKE port for IPSec UDP already reserved on interface"),
}),
]),
});
var all53 = all_match({
processors: [
dup22,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg201 = match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "%{event_description->} from %{fld1->} port %{sport->} to %{daddr->} port %{dport->} ",
field: "nwparser.p1",
},
});
var msg202 = match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p1",
},
});
var select51 = linear_select([
msg201,
msg202,
]);
var all54 = all_match({
processors: [
dup44,
dup175,
select51,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg203 = match({
id: "MESSAGE#973:713905:02",
dissect: {
tokenizer: "INFO: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:02"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var all55 = all_match({
processors: [
dup176,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:03"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var select52 = linear_select([
msg200,
all53,
all54,
msg203,
all55,
]);
var msg204 = match({
id: "MESSAGE#227:201013",
dissect: {
tokenizer: "Per-client connection limit exceeded %{fld1->}/%{fld2->} for %{direction->} packet from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201013"),
}),
dup2,
dup3,
dup4,
dup5,
dup177,
]),
});
var msg205 = match({
id: "MESSAGE#238:209003",
dissect: {
tokenizer: "Fragment database limit of %{fld1->} exceeded: %{space->} src = %{saddr->}, %{space->} dest = %{daddr->}, proto = %{protocol->}, id = %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("209003"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("Fragment database limit exceeded"),
}),
]),
});
var msg206 = match({
id: "MESSAGE#1162:722025",
dissect: {
tokenizer: "SVC Global Compression Disabled%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722025"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg207 = match({
id: "MESSAGE#525:400028",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400028"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg208 = match({
id: "MESSAGE#541:400044",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400044"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg209 = match({
id: "MESSAGE#1050:716009",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> %{result->}. ACL parse error",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("716009"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("ACL parse error"),
}),
]),
});
var msg210 = match({
id: "MESSAGE#1132:720039",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("720039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg211 = match({
id: "MESSAGE#111:107002",
dissect: {
tokenizer: "RIP pkt failed from %{saddr->}: version=%{fld1->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("107002"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("RIP packet failure"),
}),
]),
});
var msg212 = match({
id: "MESSAGE#147:109023",
dissect: {
tokenizer: "User from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} using %{protocol->} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109023"),
}),
dup17,
dup18,
dup178,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg213 = match({
id: "MESSAGE#148:109023:01",
dissect: {
tokenizer: "User from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109023:01"),
}),
dup17,
dup18,
dup178,
dup14,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var select53 = linear_select([
msg212,
msg213,
]);
var msg214 = match({
id: "MESSAGE#150:109025/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} using %{protocol->}",
field: "nwparser.p1",
},
});
var all56 = all_match({
processors: [
dup179,
dup61,
msg214,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("109025"),
}),
dup65,
dup17,
dup99,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg215 = match({
id: "MESSAGE#1282:713177",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received remote Proxy Host FQDN in ID Payload: Host Name: %{hostname->} Address %{hostip->}, Protocol %{protocol->}, Port %{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713177"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received remote Proxy Host"),
}),
]),
});
var msg216 = match({
id: "MESSAGE#745:608001:01",
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1->} secondary channel for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->} from %{info->} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("608001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg217 = match({
id: "MESSAGE#746:608001",
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1->} secondary channel for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}/%{dport->} from %{info->} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("608001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var select54 = linear_select([
msg216,
msg217,
]);
var msg218 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > SVC closing connection: %{p2->}",
field: "nwparser.p1",
},
});
var msg219 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{saddr->} > SVC closing connection: %{p2->}",
field: "nwparser.p1",
},
});
var select55 = linear_select([
msg218,
msg219,
]);
var msg220 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{info->}.",
field: "nwparser.p2",
},
});
var all57 = all_match({
processors: [
dup181,
dup182,
select55,
msg220,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722037"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("closing connection"),
}),
]),
});
var msg221 = match({
id: "MESSAGE#1181:722055/0",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Client Type: %{application->} %{p0->}",
field: "nwparser.payload",
},
});
var msg222 = match({
id: "MESSAGE#1181:722055/1",
dissect: {
tokenizer: "for %{product->} %{version->}",
field: "nwparser.p0",
},
});
var msg223 = match({
id: "MESSAGE#1181:722055/1",
dissect: {
tokenizer: "v%{version->}",
field: "nwparser.p0",
},
});
var select56 = linear_select([
msg222,
msg223,
]);
var all58 = all_match({
processors: [
msg221,
select56,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("722055"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg224 = match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "ilter dropped blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all59 = all_match({
processors: [
dup183,
dup184,
msg224,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338005"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg225 = match({
id: "MESSAGE#537:400040",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400040"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg226 = match({
id: "MESSAGE#949:713255",
dissect: {
tokenizer: "IP = %{saddr->}, Received %{protocol->} Aggressive Mode message %{fld1->} with unknown tunnel group name '%{group->}'.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713255"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg227 = match({
id: "MESSAGE#842:710001",
dissect: {
tokenizer: "%{protocol->} access requested from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("710001"),
}),
dup42,
dup43,
set_field({
dest: "nwparser.ec_activity",
value: constant("Request"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.result",
value: constant("access requested"),
}),
]),
});
var msg228 = match({
id: "MESSAGE#371:305006:02",
dissect: {
tokenizer: "%{service->} translation creation failed for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006:02"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed for protocol"),
}),
]),
});
var msg229 = match({
id: "MESSAGE#372:305006",
dissect: {
tokenizer: "%{service->} translation creation failed for %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup185,
]),
});
var msg230 = match({
id: "MESSAGE#373:305006:01",
dissect: {
tokenizer: "%{service->} translation creation failed for icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup111,
dup185,
]),
});
var select57 = linear_select([
msg228,
msg229,
msg230,
]);
var msg231 = match({
id: "MESSAGE#1168:722032/2",
dissect: {
tokenizer: "%{saddr->}> New %{p2->}",
field: "nwparser.p1",
},
});
var msg232 = match({
id: "MESSAGE#1168:722032/4",
dissect: {
tokenizer: "%{protocol->} %{p3->}",
field: "nwparser.p2",
},
});
var select58 = linear_select([
msg232,
]);
var msg233 = match({
id: "MESSAGE#1168:722032/4",
dissect: {
tokenizer: "SVC connection replacing old connection.%{->}",
field: "nwparser.p3",
},
});
var all60 = all_match({
processors: [
dup77,
dup78,
msg231,
select58,
msg233,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("722032"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("replacing old connection"),
}),
]),
});
var msg234 = match({
id: "MESSAGE#1239:737014",
dissect: {
tokenizer: "%{process->}: Freeing AAA address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Freeing AAA address"),
}),
]),
});
var msg235 = match({
id: "MESSAGE#512:400015",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400015"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg236 = match({
id: "MESSAGE#664:421006",
dissect: {
tokenizer: "There are %{fld1->} users of %{product->} during the past %{fld2->} hours",
field: "nwparser.payload",
},
on_success: processor_chain([
dup186,
set_field({
dest: "nwparser.msg_id1",
value: constant("421006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg237 = match({
id: "MESSAGE#736:605004/0",
dissect: {
tokenizer: "Login denied from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all61 = all_match({
processors: [
msg237,
dup187,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("605004"),
}),
dup17,
dup106,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: dup188,
}),
set_field({
dest: "nwparser.result",
value: dup188,
}),
]),
});
var msg238 = match({
id: "MESSAGE#737:605004:01/0",
dissect: {
tokenizer: "%{action->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all62 = all_match({
processors: [
msg238,
dup187,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("605004:01"),
}),
dup17,
dup106,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select59 = linear_select([
all61,
all62,
]);
var msg239 = match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "%{saddr->} has been created.",
field: "nwparser.p1",
},
});
var all63 = all_match({
processors: [
dup189,
dup190,
msg239,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("721016"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session created"),
}),
]),
});
var msg240 = match({
id: "MESSAGE#130:109009",
dissect: {
tokenizer: "Authorization denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} (not authenticated)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup98,
set_field({
dest: "nwparser.msg_id1",
value: constant("109009"),
}),
dup17,
dup99,
dup65,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var msg241 = match({
id: "MESSAGE#321:302017",
dissect: {
tokenizer: "Built inbound GRE connection %{connectionid->} from %{sinterface->}:%{saddr->} (%{stransaddr->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("302017"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg242 = match({
id: "MESSAGE#322:302017:01",
dissect: {
tokenizer: "Built outbound GRE connection %{connectionid->} from %{dinterface->}:%{daddr->} (%{dtransaddr->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("302017:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var select60 = linear_select([
msg241,
msg242,
]);
var msg243 = match({
id: "MESSAGE#398:309001",
dissect: {
tokenizer: "Denied manager connection from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("309001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied manager connection"),
}),
]),
});
var msg244 = match({
id: "MESSAGE#429:318002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("318002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg245 = match({
id: "MESSAGE#1188:725003/0",
dissect: {
tokenizer: "SSL client %{interface->}:%{hostip->}/%{network_port->} %{p0->}",
field: "nwparser.payload",
},
});
var msg246 = match({
id: "MESSAGE#1188:725003/1",
dissect: {
tokenizer: "to %{daddr->}/%{dport->} %{action->}",
field: "nwparser.p0",
},
});
var msg247 = match({
id: "MESSAGE#1188:725003/1",
dissect: {
tokenizer: "%{action->}.",
field: "nwparser.p0",
},
});
var select61 = linear_select([
msg246,
msg247,
]);
var all64 = all_match({
processors: [
msg245,
select61,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg248 = match({
id: "MESSAGE#1288:752006",
dissect: {
tokenizer: "Tunnel Manager failed to dispatch a %{fld1->} message. Probable mis-configuration of the crypto map or tunnel-group. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752006"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel Manager failed to dispatch a message. Probable mis-configuration of the crypto map or tunnel-group"),
}),
]),
});
var msg249 = match({
id: "MESSAGE#661:421001",
dissect: {
tokenizer: "TCP flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} is skipped because %{application->} has failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("421001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("TCP flow skipped"),
}),
set_field({
dest: "nwparser.result",
value: constant("process failure"),
}),
]),
});
var msg250 = match({
id: "MESSAGE#901:713134",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Mismatch: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713134"),
}),
dup7,
dup38,
dup39,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("algorithm mismatch"),
}),
]),
});
var msg251 = match({
id: "MESSAGE#44:105036",
dissect: {
tokenizer: "(%{context->}) %{event_description->} %{fld1->}, seq = %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("105036"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg252 = match({
id: "MESSAGE#45:105036:01",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("105036:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select62 = linear_select([
msg251,
msg252,
]);
var msg253 = match({
id: "MESSAGE#80:106015",
dissect: {
tokenizer: "Deny %{protocol->} (no connection) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106015"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg254 = match({
id: "MESSAGE#81:106015:01",
dissect: {
tokenizer: "Deny %{protocol->} (no connection) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106015:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select63 = linear_select([
msg253,
msg254,
]);
var msg255 = match({
id: "MESSAGE#104:106102:02/0",
dissect: {
tokenizer: "access-list %{listnum->} denied %{p0->}",
field: "nwparser.payload",
},
});
var all65 = all_match({
processors: [
msg255,
dup197,
dup198,
dup199,
dup200,
dup201,
dup202,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102:02"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup203,
set_field({
dest: "nwparser.event_description",
value: constant("deny"),
}),
]),
});
var msg256 = match({
id: "MESSAGE#105:106102:01/0",
dissect: {
tokenizer: "access-list %{listnum->} permitted %{p0->}",
field: "nwparser.payload",
},
});
var all66 = all_match({
processors: [
msg256,
dup197,
dup198,
dup199,
dup200,
dup201,
dup202,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup203,
set_field({
dest: "nwparser.event_description",
value: constant("permit"),
}),
]),
});
var msg257 = match({
id: "MESSAGE#106:106102",
dissect: {
tokenizer: "access-list %{listnum->} url %{url->} hit-cnt %{dclass_counter1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102"),
}),
dup2,
dup3,
dup203,
dup4,
dup5,
]),
});
var select64 = linear_select([
all65,
all66,
msg257,
]);
var msg258 = match({
id: "MESSAGE#587:404102",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("404102"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg259 = match({
id: "MESSAGE#1241:737016",
dissect: {
tokenizer: "%{process->}: Freeing local pool address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737016"),
}),
dup2,
dup3,
dup205,
dup4,
dup5,
]),
});
var msg260 = match({
id: "MESSAGE#1242:737016:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Freeing local pool address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737016:01"),
}),
dup2,
dup3,
dup205,
dup4,
dup5,
]),
});
var select65 = linear_select([
msg259,
msg260,
]);
var msg261 = match({
id: "MESSAGE#643:415010",
dissect: {
tokenizer: "%{sigid->} HTTP protocol violation detected - %{listnum->} HTTP Protocol not detected from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP protocol violation detected"),
}),
]),
});
var msg262 = match({
id: "MESSAGE#653:419001",
dissect: {
tokenizer: "%{action->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("419001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg263 = match({
id: "MESSAGE#691:505002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("505002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg264 = match({
id: "MESSAGE#1114:720005",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720005"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg265 = match({
id: "MESSAGE#431:318004",
dissect: {
tokenizer: "area %{fld1->} lsid %{fld2->} mask %{fld3->} adv %{fld4->} type %{fld5->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select66 = linear_select([
dup208,
dup209,
dup210,
]);
var msg266 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "%{action->} history (%{fld1->})",
field: "nwparser.p1",
},
});
var all67 = all_match({
processors: [
dup44,
select66,
msg266,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("715065"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg267 = match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.device.hostname=\"%{hostname->}\"",
field: "nwparser.p1",
},
});
var all68 = all_match({
processors: [
dup211,
dup212,
msg267,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg268 = match({
id: "MESSAGE#1217:734003:02/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.device.MAC[\"%{macaddr->}\"]=\"%{fld2->}\"",
field: "nwparser.p1",
},
});
var all69 = all_match({
processors: [
dup211,
dup212,
msg268,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg269 = match({
id: "MESSAGE#1218:734003:03/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.os.version=\"%{version->}\"",
field: "nwparser.p1",
},
});
var all70 = all_match({
processors: [
dup211,
dup212,
msg269,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:03"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg270 = match({
id: "MESSAGE#1219:734003/2",
dissect: {
tokenizer: "%{hostip->}: %{result->}",
field: "nwparser.p1",
},
});
var all71 = all_match({
processors: [
dup211,
dup212,
msg270,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Session Attribute assignment"),
}),
dup4,
dup5,
]),
});
var select67 = linear_select([
all68,
all69,
all70,
all71,
]);
var msg271 = match({
id: "MESSAGE#771:611315",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("611315"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg272 = match({
id: "MESSAGE#838:709005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709005"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg273 = match({
id: "MESSAGE#37:105020",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("105020"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg274 = match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{fld3->} /%{p4->}",
field: "nwparser.p3",
},
});
var msg275 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{mask->}, threat-level: %{p5->}",
field: "nwparser.p4",
},
});
var msg276 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{mask->} threat-level: %{p5->}",
field: "nwparser.p4",
},
});
var select68 = linear_select([
msg275,
msg276,
]);
var msg277 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{severity->}, category: %{result->}",
field: "nwparser.p5",
},
});
var all72 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg274,
select68,
msg277,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg278 = match({
id: "MESSAGE#681:502102/0",
dissect: {
tokenizer: "User deleted from local dbase: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all73 = all_match({
processors: [
msg278,
dup215,
dup216,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402020100"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502102"),
}),
dup17,
dup108,
dup217,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("User deleted from local DB"),
}),
]),
});
var msg279 = match({
id: "MESSAGE#706:602101/0",
dissect: {
tokenizer: "PMTU-D packet %{fld1->} byte%{p0->}",
field: "nwparser.payload",
},
});
var select69 = linear_select([
dup218,
]);
var msg280 = match({
id: "MESSAGE#706:602101/2",
dissect: {
tokenizer: "%{->}greater than effective mtu %{fld2->} dest_addr=%{daddr->}, src_addr=%{saddr->}, prot=%{protocol->}",
field: "nwparser.p1",
},
});
var all74 = all_match({
processors: [
msg279,
select69,
msg280,
],
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("602101"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("PMTU-D packet bytes greater than effective mtu"),
}),
]),
});
var msg281 = match({
id: "MESSAGE#1254:746001",
dissect: {
tokenizer: "%{application->}: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746001"),
}),
dup3,
]),
});
var msg282 = match({
id: "MESSAGE#292:302013:07",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{domain->}\\%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{ddomain->}\\%{c_username->}) (%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:07"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg283 = match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) %{p2->}",
field: "nwparser.p1",
},
});
var msg284 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "'%{username->}'%{p3->}",
field: "nwparser.p2",
},
});
var msg285 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "(%{username->})%{p3->}",
field: "nwparser.p2",
},
});
var select70 = linear_select([
msg284,
msg285,
]);
var msg286 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p3",
},
});
var all75 = all_match({
processors: [
dup219,
dup220,
msg283,
select70,
msg286,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var all76 = all_match({
processors: [
dup221,
dup222,
dup223,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:01"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg287 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{stransport->})(%{domain->}\\%{username->})%{p1->}",
field: "nwparser.p0",
},
});
var select71 = linear_select([
msg287,
dup224,
]);
var msg288 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{->}to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.p1",
},
});
var all77 = all_match({
processors: [
dup219,
select71,
msg288,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:02"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg289 = match({
id: "MESSAGE#296:302013:03/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{p0->}",
field: "nwparser.payload",
},
});
var msg290 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{dinterface->}:%{fld1->} :%{p1->}",
field: "nwparser.p0",
},
});
var msg291 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{dinterface->} :%{p1->}",
field: "nwparser.p0",
},
});
var select72 = linear_select([
msg290,
msg291,
]);
var msg292 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) to %{p2->}",
field: "nwparser.p1",
},
});
var msg293 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sinterface->}:%{fld2->}:%{saddr->}/%{p3->}",
field: "nwparser.p2",
},
});
var msg294 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{p3->}",
field: "nwparser.p2",
},
});
var select73 = linear_select([
msg293,
msg294,
]);
var msg295 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.p3",
},
});
var all78 = all_match({
processors: [
msg289,
select72,
msg292,
select73,
msg295,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:03"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg296 = match({
id: "MESSAGE#297:302013:04",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:04"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg297 = match({
id: "MESSAGE#298:302013:05",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->} %{daddr->}/%{dport->} gaddr %{hostip->}/%{network_port->} %{sinterface->} %{saddr->}/%{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:05"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg298 = match({
id: "MESSAGE#299:302013:06/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->} :%{daddr->}/%{dport->} (%{p0->}",
field: "nwparser.payload",
},
});
var select74 = linear_select([
dup225,
dup226,
]);
var all79 = all_match({
processors: [
msg298,
select74,
dup227,
dup228,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:06"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg299 = match({
id: "MESSAGE#300:302013:09",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{domain->}\\%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:09"),
}),
dup64,
dup102,
dup43,
dup14,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg300 = match({
id: "MESSAGE#301:302013:08",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{fld->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:08"),
}),
dup64,
dup102,
dup43,
dup14,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var select75 = linear_select([
msg282,
all75,
all76,
all77,
all78,
msg296,
msg297,
all79,
msg299,
msg300,
]);
var msg301 = match({
id: "MESSAGE#361:304009",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("304009"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg302 = match({
id: "MESSAGE#614:409012",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409012"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg303 = match({
id: "MESSAGE#638:415006",
dissect: {
tokenizer: "%{sigid->} Content size %{priority->} out of range - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("Content size out of range"),
}),
]),
});
var msg304 = match({
id: "MESSAGE#159:110001",
dissect: {
tokenizer: "No route to %{daddr->} from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("110001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg305 = match({
id: "MESSAGE#472:338002/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all80 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg305,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg306 = match({
id: "MESSAGE#1287:113034/2",
dissect: {
tokenizer: "%{hostip->}> User ACL \u003c\u003c%{info->}> from AAA ignored, AV-PAIR ACL used instead",
field: "nwparser.p1",
},
});
var all81 = all_match({
processors: [
dup77,
dup78,
msg306,
],
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("113034"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("specified ACL was not used because a Cisco AV-PAIR ACL was used"),
}),
]),
});
var msg307 = match({
id: "MESSAGE#484:338202/4",
dissect: {
tokenizer: "ed greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all82 = all_match({
processors: [
dup183,
dup184,
dup230,
dup214,
msg307,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338202"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg308 = match({
id: "MESSAGE#889:713123:01",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713123:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup231,
]),
});
var msg309 = match({
id: "MESSAGE#890:713123",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713123"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup231,
]),
});
var select76 = linear_select([
msg308,
msg309,
]);
var msg310 = match({
id: "MESSAGE#1068:717007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg311 = match({
id: "MESSAGE#1112:720003",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720003"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg312 = match({
id: "MESSAGE#51:105042",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105042"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg313 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg314 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg315 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg316 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var select77 = linear_select([
msg313,
msg314,
msg315,
msg316,
]);
var msg317 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "Rekeying%{p2->}",
field: "nwparser.p1",
},
});
var msg318 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "New%{p2->}",
field: "nwparser.p1",
},
});
var select78 = linear_select([
msg317,
msg318,
]);
var msg319 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "%{->}Phase %{p3->}",
field: "nwparser.p2",
},
});
var msg320 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "1%{p4->}",
field: "nwparser.p3",
},
});
var msg321 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "2%{p4->}",
field: "nwparser.p3",
},
});
var select79 = linear_select([
msg320,
msg321,
]);
var msg322 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "%{->}, Intf %{fld1->}, IKE Peer %{fld2->} %{info->}",
field: "nwparser.p4",
},
});
var all83 = all_match({
processors: [
dup44,
select77,
select78,
msg319,
select79,
msg322,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713041"),
}),
dup7,
dup11,
dup12,
dup13,
dup2,
dup3,
dup4,
dup5,
dup232,
]),
});
var msg323 = match({
id: "MESSAGE#863:713041:01/0",
dissect: {
tokenizer: "IKE Initiator: %{p0->}",
field: "nwparser.payload",
},
});
var msg324 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "Rekeying%{p1->}",
field: "nwparser.p0",
},
});
var msg325 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "New%{p1->}",
field: "nwparser.p0",
},
});
var select80 = linear_select([
msg324,
msg325,
]);
var msg326 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "%{->}Phase 2, Intf %{fld1->}, IKE Peer %{fld2->} %{info->}",
field: "nwparser.p1",
},
});
var all84 = all_match({
processors: [
msg323,
select80,
msg326,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713041:01"),
}),
dup7,
dup11,
dup12,
dup13,
dup14,
dup2,
dup3,
dup4,
dup5,
dup232,
]),
});
var select81 = linear_select([
all83,
all84,
]);
var msg327 = match({
id: "MESSAGE#1107:718068",
dissect: {
tokenizer: "Start VPN Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718068"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Start VPN Load Balancing"),
}),
]),
});
var msg328 = match({
id: "MESSAGE#1311:434002",
dissect: {
tokenizer: "SFR requested to drop %{protocol->} packet from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("434002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SFR requested to drop packet"),
}),
]),
});
var msg329 = match({
id: "MESSAGE#1231:737006",
dissect: {
tokenizer: "%{process->}: Local pool request succeeded for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737006"),
}),
dup2,
dup3,
dup233,
dup4,
dup5,
]),
});
var msg330 = match({
id: "MESSAGE#1232:737006:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Local pool request succeeded for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737006:01"),
}),
dup2,
dup3,
dup233,
dup4,
dup5,
]),
});
var select82 = linear_select([
msg329,
msg330,
]);
var msg331 = match({
id: "MESSAGE#376:305009",
dissect: {
tokenizer: "Built %{context->} translation from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305009"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg332 = match({
id: "MESSAGE#634:415003",
dissect: {
tokenizer: "%{sigid->} HTTP Peer-to-Peer detected - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Peer-to-Peer detected"),
}),
]),
});
var msg333 = match({
id: "MESSAGE#726:603107/0",
dissect: {
tokenizer: "L2TP Tunnel deleted%{p0->}",
field: "nwparser.payload",
},
});
var msg334 = match({
id: "MESSAGE#726:603107/2",
dissect: {
tokenizer: "%{->}tunnel_id = %{fld1->} remote_peer_ip =%{saddr->}",
field: "nwparser.p1",
},
});
var all85 = all_match({
processors: [
msg333,
dup235,
msg334,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("603107"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("L2TP tunnel deleted"),
}),
]),
});
var msg335 = match({
id: "MESSAGE#1158:722012/2",
dissect: {
tokenizer: "%{saddr->}> SVC Message: %{info->}/NOTICE: %{p2->}",
field: "nwparser.p1",
},
});
var msg336 = match({
id: "MESSAGE#1158:722012/3",
dissect: {
tokenizer: "%{event_description->}(%{fld1->}) ",
field: "nwparser.p2",
},
});
var msg337 = match({
id: "MESSAGE#1158:722012/3",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p2",
},
});
var select83 = linear_select([
msg336,
msg337,
]);
var all86 = all_match({
processors: [
dup77,
dup78,
msg335,
select83,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("722012"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg338 = match({
id: "MESSAGE#152:109027/0",
dissect: {
tokenizer: "[%{protocol->}] Unable to dec%{p0->}",
field: "nwparser.payload",
},
});
var msg339 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "y%{p1->}",
field: "nwparser.p0",
},
});
var select84 = linear_select([
dup236,
msg339,
]);
var msg340 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "pher response message Server = %{hostip->}, User = %{p2->}",
field: "nwparser.p1",
},
});
var all87 = all_match({
processors: [
msg338,
select84,
msg340,
dup237,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109027"),
}),
dup17,
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg341 = match({
id: "MESSAGE#189:113012/0",
dissect: {
tokenizer: "AAA user authentication Successful : local database : user = %{p0->}",
field: "nwparser.payload",
},
});
var all88 = all_match({
processors: [
msg341,
dup238,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113012"),
}),
dup17,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA user authentication successful"),
}),
]),
});
var msg342 = match({
id: "MESSAGE#595:406001",
dissect: {
tokenizer: "FTP port command low port: %{saddr->}/%{sport->} to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup239,
set_field({
dest: "nwparser.msg_id1",
value: constant("406001"),
}),
dup2,
dup3,
dup4,
dup5,
dup240,
]),
});
var all89 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715059"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg343 = match({
id: "MESSAGE#1032:715059:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715059:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select85 = linear_select([
all89,
msg343,
]);
var all90 = all_match({
processors: [
dup9,
dup242,
dup243,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713024"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg344 = match({
id: "MESSAGE#876:713073",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Responder forcing change of %{ike->} rekeying duration from %{fld1->} to %{fld2->} seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713073"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg345 = match({
id: "MESSAGE#1053:716039/0",
dissect: {
tokenizer: "Authentication: %{action->}, group = \u003c\u003c%{group->}> user = %{p0->}",
field: "nwparser.payload",
},
});
var msg346 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var msg347 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "'%{username->}' IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var msg348 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "%{username->} IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var select86 = linear_select([
msg346,
msg347,
msg348,
]);
var msg349 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{saddr->} (%{info->}) >, Session Type: %{p2->}",
field: "nwparser.p1",
},
});
var msg350 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{saddr->} >, Session Type: %{p2->}",
field: "nwparser.p1",
},
});
var select87 = linear_select([
msg349,
msg350,
]);
var msg351 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{network_service->}",
field: "nwparser.p2",
},
});
var all91 = all_match({
processors: [
msg345,
select86,
select87,
msg351,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("716039"),
}),
dup18,
dup17,
dup99,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg352 = match({
id: "MESSAGE#1054:716039:01/0",
dissect: {
tokenizer: "Group \u003c\u003c %{group->}> User %{p0->}",
field: "nwparser.payload",
},
});
var msg353 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{saddr->} (%{info->}) > Authentication:%{p2->}",
field: "nwparser.p1",
},
});
var msg354 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{saddr->} > Authentication:%{p2->}",
field: "nwparser.p1",
},
});
var select88 = linear_select([
msg353,
msg354,
]);
var msg355 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{result->} Session Type: %{network_service->}",
field: "nwparser.p2",
},
});
var all92 = all_match({
processors: [
msg352,
dup182,
select88,
msg355,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("716039:01"),
}),
dup18,
dup17,
dup106,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Session connection rejected"),
}),
]),
});
var select89 = linear_select([
all91,
all92,
]);
var msg356 = match({
id: "MESSAGE#363:305002",
dissect: {
tokenizer: "Translation built for gaddr %{hostip->} to laddr %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Translation built"),
}),
]),
});
var msg357 = match({
id: "MESSAGE#722:603103",
dissect: {
tokenizer: "PPP virtual interface %{interface->} - user: %{username->} aaa authentication %{disposition->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("603103"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg358 = match({
id: "MESSAGE#768:611312",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("611312"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all93 = all_match({
processors: [
dup246,
dup247,
dup132,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702204:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var all94 = all_match({
processors: [
dup246,
dup247,
dup130,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702204"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var select90 = linear_select([
all93,
all94,
]);
var msg359 = match({
id: "MESSAGE#103:106101",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("106101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg360 = match({
id: "MESSAGE#439:320001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("320001"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg361 = match({
id: "MESSAGE#548:400051",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1001020205"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("400051"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg362 = match({
id: "MESSAGE#1182:724002",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> %{event_description->}. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("724002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg363 = match({
id: "MESSAGE#514:400017",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400017"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg364 = match({
id: "MESSAGE#644:415011",
dissect: {
tokenizer: "%{sigid->} HTTP URL Length exceeded. Received %{priority->} byte URL - %{listnum->} URI length exceeded from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP URL Length exceeded"),
}),
]),
});
var msg365 = match({
id: "MESSAGE#786:614001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("614001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg366 = match({
id: "MESSAGE#1187:725002/0",
dissect: {
tokenizer: "Device completed SSL handshake with %{p0->}",
field: "nwparser.payload",
},
});
var msg367 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{fld1->}_%{fld2->}_%{saddr->}/%{sport->} to %{daddr->}/%{dport->} for %{version->} session ",
field: "nwparser.p2",
},
});
var msg368 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} for %{version->} session ",
field: "nwparser.p2",
},
});
var msg369 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{hostip->}/%{network_port->}",
field: "nwparser.p2",
},
});
var select91 = linear_select([
msg367,
msg368,
msg369,
]);
var all95 = all_match({
processors: [
msg366,
dup92,
dup249,
select91,
],
on_success: processor_chain([
dup250,
set_field({
dest: "nwparser.msg_id1",
value: constant("725002"),
}),
dup11,
dup43,
dup40,
dup2,
dup35,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Device completed SSL handshake"),
}),
]),
});
var msg370 = match({
id: "MESSAGE#219:201004:01/0",
dissect: {
tokenizer: "Too many %{protocol->} connections on %{p0->}",
field: "nwparser.payload",
},
});
var msg371 = match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "%{->} %{hostip->}! %{fld1->}",
field: "nwparser.p1",
},
});
var all96 = all_match({
processors: [
msg370,
dup251,
msg371,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201004:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg372 = match({
id: "MESSAGE#220:201004",
dissect: {
tokenizer: "Too many embryonic connections on STRING %{hostip->} %{fld1->}/%{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select92 = linear_select([
all96,
msg372,
]);
var msg373 = match({
id: "MESSAGE#415:315003/0",
dissect: {
tokenizer: "SSH login session failed from %{saddr->} on (%{fld1->} attempts) on interface %{interface->} by user %{p0->}",
field: "nwparser.payload",
},
});
var all97 = all_match({
processors: [
msg373,
dup238,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315003"),
}),
dup2,
dup3,
dup4,
dup5,
dup252,
]),
});
var msg374 = match({
id: "MESSAGE#416:315003:01/0",
dissect: {
tokenizer: "SSH login session failed from %{saddr->}(%{fld1->} attempts) on interface %{interface->} by user %{p0->}",
field: "nwparser.payload",
},
});
var all98 = all_match({
processors: [
msg374,
dup187,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup252,
]),
});
var select93 = linear_select([
all97,
all98,
]);
var msg375 = match({
id: "MESSAGE#449:323001",
dissect: {
tokenizer: "Module in slot %{fld1->} experienced a control channel communication failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("323001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg376 = match({
id: "MESSAGE#453:324000/0",
dissect: {
tokenizer: "Drop GTP%{p0->}",
field: "nwparser.payload",
},
});
var msg377 = match({
id: "MESSAGE#453:324000/2",
dissect: {
tokenizer: "v%{p1->}",
field: "nwparser.p0",
},
});
var select94 = linear_select([
msg377,
]);
var msg378 = match({
id: "MESSAGE#453:324000/2",
dissect: {
tokenizer: "%{->} %{misc->} message %{fld1->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} Reason: %{result->}",
field: "nwparser.p1",
},
});
var all99 = all_match({
processors: [
msg376,
select94,
msg378,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("324000"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Drop GTPv"),
}),
]),
});
var msg379 = match({
id: "MESSAGE#1273:752010",
dissect: {
tokenizer: "IKEv2 Doesn't have a proposal specified%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752010"),
}),
dup4,
dup5,
dup2,
dup3,
]),
});
var msg380 = match({
id: "MESSAGE#1310:747016",
dissect: {
tokenizer: "Clustering: Found a split cluster with both %{fld1->} and %{fld2->} as master units. Master role retained by %{fld3->}, %{fld4->} will leave then join as a slave",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("747016"),
}),
dup2,
dup3,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Found a split cluster"),
}),
]),
});
var msg381 = match({
id: "MESSAGE#754:611102/0",
dissect: {
tokenizer: "User authentication failed: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all100 = all_match({
processors: [
msg381,
dup238,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("611102"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
dup253,
]),
});
var msg382 = match({
id: "MESSAGE#1299:611102:01/0",
dissect: {
tokenizer: "User authentication failed: IP address: %{p0->}",
field: "nwparser.payload",
},
});
var msg383 = match({
id: "MESSAGE#1299:611102:01/1",
dissect: {
tokenizer: "%{saddr->}, Uname: %{username->}",
field: "nwparser.p0",
},
});
var msg384 = match({
id: "MESSAGE#1299:611102:01/1",
dissect: {
tokenizer: "%{saddr->}",
field: "nwparser.p0",
},
});
var select95 = linear_select([
msg383,
msg384,
]);
var all101 = all_match({
processors: [
msg382,
select95,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("611102:01"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
dup253,
]),
});
var select96 = linear_select([
all100,
all101,
]);
var msg385 = match({
id: "MESSAGE#1198:725010/0",
dissect: {
tokenizer: "Device supports the following %{fld1->} cipher(s)%{p0->}",
field: "nwparser.payload",
},
});
var all102 = all_match({
processors: [
msg385,
dup254,
dup255,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725010"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg386 = match({
id: "MESSAGE#119:108005:01",
dissect: {
tokenizer: "Out of SMTP connections! %{saddr->}/%{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("108005:01"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Out of SMTP connections"),
}),
]),
});
var msg387 = match({
id: "MESSAGE#120:108005",
dissect: {
tokenizer: "%{network_service->}: Received ESMTP Request from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}; %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESMTP request"),
}),
]),
});
var select97 = linear_select([
msg386,
msg387,
]);
var msg388 = match({
id: "MESSAGE#432:318005",
dissect: {
tokenizer: "lsid %{fld1->} adv %{fld2->} type %{fld3->} gateway %{fld4->} metric %{fld5->} network %{fld6->} mask %{fld7->} protocol %{protocol->} attr %{fld8->} net-metric %{fld9->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg389 = match({
id: "MESSAGE#546:400049",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400049"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg390 = match({
id: "MESSAGE#649:418001:02",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:02"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup257,
dup258,
dup259,
]),
});
var msg391 = match({
id: "MESSAGE#650:418001:03",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:03"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup257,
dup258,
]),
});
var msg392 = match({
id: "MESSAGE#651:418001:01/0",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol->} src %{p0->}",
field: "nwparser.payload",
},
});
var msg393 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{sport->} (%{domain->}\\%{username->}) dst %{p1->}",
field: "nwparser.p0",
},
});
var msg394 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{sport->} dst %{p1->}",
field: "nwparser.p0",
},
});
var select98 = linear_select([
msg393,
msg394,
]);
var all103 = all_match({
processors: [
msg392,
select98,
dup260,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup261,
dup258,
]),
});
var msg395 = match({
id: "MESSAGE#652:418001",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol->} from %{sinterface->} %{saddr->} (%{sport->}) to %{dinterface->} %{daddr->} (%{dport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup261,
dup258,
]),
});
var select99 = linear_select([
msg390,
msg391,
all103,
msg395,
]);
var msg396 = match({
id: "MESSAGE#64:106007",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} due to DNS %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106007"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg397 = match({
id: "MESSAGE#392:307002",
dissect: {
tokenizer: "%{result->} session from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("307002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg398 = match({
id: "MESSAGE#417:315004/0",
dissect: {
tokenizer: "Fail to establish SSH session because%{p0->}",
field: "nwparser.payload",
},
});
var msg399 = match({
id: "MESSAGE#417:315004/1",
dissect: {
tokenizer: "%{->}PIX RSA host key retrieval failed.",
field: "nwparser.p0",
},
});
var msg400 = match({
id: "MESSAGE#417:315004/1",
dissect: {
tokenizer: "%{space->}RSA host key retrieval failed.",
field: "nwparser.p0",
},
});
var select100 = linear_select([
msg399,
msg400,
]);
var all104 = all_match({
processors: [
msg398,
select100,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("315004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg401 = match({
id: "MESSAGE#1006:715034",
dissect: {
tokenizer: "IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715034"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg402 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "'%{username->}' , running '%{p1->}",
field: "nwparser.p0",
},
});
var msg403 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "%{username->} , running '%{p1->}",
field: "nwparser.p0",
},
});
var select101 = linear_select([
msg402,
msg403,
]);
var msg404 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "%{fld1->}' from IP %{saddr->}, executed '%{action->}'",
field: "nwparser.p1",
},
});
var all105 = all_match({
processors: [
dup262,
select101,
msg404,
],
on_success: processor_chain([
dup263,
set_field({
dest: "nwparser.msg_id1",
value: constant("111010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("User executed cmd"),
}),
]),
});
var msg405 = match({
id: "MESSAGE#682:502103/0",
dissect: {
tokenizer: "User priv level changed: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var msg406 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "'%{username->}' From: %{p1->}",
field: "nwparser.p0",
},
});
var msg407 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "%{username->} From: %{p1->}",
field: "nwparser.p0",
},
});
var select102 = linear_select([
msg406,
msg407,
]);
var msg408 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "%{fld1->} To: %{fld2->}",
field: "nwparser.p1",
},
});
var all106 = all_match({
processors: [
msg405,
select102,
msg408,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402020300"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502103"),
}),
dup17,
dup13,
dup217,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("User priv level change"),
}),
]),
});
var msg409 = match({
id: "MESSAGE#1313:199015",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{saddr->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199015"),
}),
dup3,
dup4,
dup5,
]),
});
var msg410 = match({
id: "MESSAGE#47:105038",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("105038"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg411 = match({
id: "MESSAGE#486:338204/2",
dissect: {
tokenizer: "ilter dropped greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all107 = all_match({
processors: [
dup183,
dup184,
msg411,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338204"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg412 = match({
id: "MESSAGE#732:604104",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604104"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg413 = match({
id: "MESSAGE#1243:737017/2",
dissect: {
tokenizer: "%{->}DHCP request attempt %{dclass_counter1->} succeeded",
field: "nwparser.p1",
},
});
var all108 = all_match({
processors: [
dup53,
dup265,
msg413,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737017"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("DHCP request attempt succeeded"),
}),
]),
});
var msg414 = match({
id: "MESSAGE#575:403107",
dissect: {
tokenizer: "PPP virtual interface %{interface->} missing aaa server group info",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403107"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg415 = match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "nterface %{interface->} experienced a hardware transmit hang. %{result->}.",
field: "nwparser.p1",
},
});
var all109 = all_match({
processors: [
dup44,
dup266,
msg415,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("411005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.misc",
value: constant("Interface experienced a hardware transmit hang"),
}),
]),
});
var msg416 = match({
id: "MESSAGE#907:713145",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, Detected Hardware Client in network extension mode, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713145"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Detected Hardware Client in network extension mode"),
}),
]),
});
var msg417 = match({
id: "MESSAGE#1269:751014",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} %{severity->} Configuration Payload request for attribute %{obj_name->} could not be processed. Error: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("751014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Configuration Payload request for attribute could not be processed"),
}),
]),
});
var msg418 = match({
id: "MESSAGE#426:317004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("317004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg419 = match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "SVC decompression history reset%{->}",
field: "nwparser.p3",
},
});
var all110 = all_match({
processors: [
dup77,
dup182,
dup267,
dup268,
msg419,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722027"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg420 = match({
id: "MESSAGE#761:611305",
dissect: {
tokenizer: "VPNClient: DHCP Policy installed:%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611305"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup269,
]),
});
var msg421 = match({
id: "MESSAGE#1225:735011",
dissect: {
tokenizer: "Power Supply %{dclass_counter1->}: Fan OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("735011"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Fan OK"),
}),
]),
});
var msg422 = match({
id: "MESSAGE#1285:746014",
dissect: {
tokenizer: "user-identity: [FQDN] %{domain->} address %{hostip->} obsolete",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("746014"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg423 = match({
id: "MESSAGE#836:709003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709003"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg424 = match({
id: "MESSAGE#895:713129",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} payload type: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713129"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg425 = match({
id: "MESSAGE#1161:722023/4",
dissect: {
tokenizer: "SVC connection terminated with%{p4->}",
field: "nwparser.p3",
},
});
var msg426 = match({
id: "MESSAGE#1161:722023/6",
dissect: {
tokenizer: "%{->}compression",
field: "nwparser.p5",
},
});
var all111 = all_match({
processors: [
dup77,
dup182,
dup267,
dup268,
msg425,
dup270,
msg426,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722023"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg427 = match({
id: "MESSAGE#1214:734001/2",
dissect: {
tokenizer: "%{hostip->}, %{result->}",
field: "nwparser.p1",
},
});
var all112 = all_match({
processors: [
dup211,
dup212,
msg427,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg428 = match({
id: "MESSAGE#254:212001",
dissect: {
tokenizer: "Unable to open %{protocol->} channel (UDP port %{network_port->}) on interface %{interface->}, error code = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg429 = match({
id: "MESSAGE#787:614002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("614002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg430 = match({
id: "MESSAGE#847:710006",
dissect: {
tokenizer: "%{protocol->} request discarded from %{saddr->} to %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("710006"),
}),
dup42,
dup43,
dup99,
dup2,
dup3,
dup4,
dup5,
dup27,
dup271,
]),
});
var msg431 = match({
id: "MESSAGE#1039:715068",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("715068"),
}),
dup7,
dup13,
dup38,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg432 = match({
id: "MESSAGE#2:101003",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg433 = match({
id: "MESSAGE#142:109018/1",
dissect: {
tokenizer: "'%{listnum->}' is empty",
field: "nwparser.p0",
},
});
var msg434 = match({
id: "MESSAGE#142:109018/1",
dissect: {
tokenizer: "%{listnum->} is empty",
field: "nwparser.p0",
},
});
var select103 = linear_select([
msg433,
msg434,
]);
var all113 = all_match({
processors: [
dup96,
select103,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109018"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("ACL is empty"),
}),
]),
});
var msg435 = match({
id: "MESSAGE#695:505006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup272,
set_field({
dest: "nwparser.msg_id1",
value: constant("505006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all114 = all_match({
processors: [
dup79,
dup273,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715021"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg436 = match({
id: "MESSAGE#96:106027/0",
dissect: {
tokenizer: "Deny %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} by access-group %{p0->}",
field: "nwparser.payload",
},
});
var all115 = all_match({
processors: [
msg436,
dup274,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106027"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup275,
dup27,
]),
});
var msg437 = match({
id: "MESSAGE#385:305013/0",
dissect: {
tokenizer: "%{result->}; Connection for %{protocol->} src %{sinterface->}:%{saddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var select104 = linear_select([
dup276,
dup277,
]);
var msg438 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} denied due to NAT reverse path failure",
field: "nwparser.p1",
},
});
var all116 = all_match({
processors: [
msg437,
select104,
msg438,
],
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013"),
}),
dup2,
dup35,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var msg439 = match({
id: "MESSAGE#386:305013:01",
dissect: {
tokenizer: "%{result->}; Connection for %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->}) denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var msg440 = match({
id: "MESSAGE#388:305013:02",
dissect: {
tokenizer: "%{result->}; Connection for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var select105 = linear_select([
all116,
msg439,
msg440,
]);
var msg441 = match({
id: "MESSAGE#796:617004",
dissect: {
tokenizer: "GTP connection created for response from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("617004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("GTP connection created"),
}),
]),
});
var msg442 = match({
id: "MESSAGE#905:713141",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713141"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg443 = match({
id: "MESSAGE#552:401004/2",
dissect: {
tokenizer: "%{->}packet: %{saddr->} ==> %{daddr->} on interface %{interface->}",
field: "nwparser.p1",
},
});
var all117 = all_match({
processors: [
dup162,
dup279,
msg443,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("401004"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Packet dropped"),
}),
]),
});
var msg444 = match({
id: "MESSAGE#569:402130",
dissect: {
tokenizer: "CRYPTO: Received an ESP packet (SPI = %{dst_spi->}, sequence number= %{fld2->}) from %{saddr->} (user= %{username->}) to %{daddr->} with incorrect IPsec padding. (padding: %{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402130"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Received an ESP packet with incorrect IPsec padding"),
}),
]),
});
var msg445 = match({
id: "MESSAGE#944:713235/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}. %{fld1->}",
field: "nwparser.p1",
},
});
var all118 = all_match({
processors: [
dup22,
dup23,
msg445,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713235"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg446 = match({
id: "MESSAGE#945:713235:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}. %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713235:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select106 = linear_select([
all118,
msg446,
]);
var msg447 = match({
id: "MESSAGE#1141:720055",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("720055"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg448 = match({
id: "MESSAGE#349:303004",
dissect: {
tokenizer: "FTP %{action->} command unsupported - failed strict inspection, %{result->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("303004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("FTP command unsupported - failed strict inspection"),
}),
]),
});
var msg449 = match({
id: "MESSAGE#1082:717036",
dissect: {
tokenizer: "Looking for a tunnel group match based on certificate maps for peer certificate with serial number: %{serial_number->}, subject name: %{cert_subject->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("717036"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all119 = all_match({
processors: [
dup44,
dup280,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714011"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg450 = match({
id: "MESSAGE#990:714011:01/0",
dissect: {
tokenizer: "%{->}ID_IPV4_ADDR%{p0->}",
field: "nwparser.payload",
},
});
var msg451 = match({
id: "MESSAGE#990:714011:01/2",
dissect: {
tokenizer: "_SUBNET%{p1->}",
field: "nwparser.p0",
},
});
var select107 = linear_select([
msg451,
]);
var msg452 = match({
id: "MESSAGE#990:714011:01/2",
dissect: {
tokenizer: "%{->}ID %{fld1->}",
field: "nwparser.p1",
},
});
var all120 = all_match({
processors: [
msg450,
select107,
msg452,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("714011:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select108 = linear_select([
all119,
all120,
]);
var msg453 = match({
id: "MESSAGE#302:302014:03/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var msg454 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "\u003c\u003c%{result->}> (%{username->})",
field: "nwparser.p2",
},
});
var msg455 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "%{result->} (%{username->})",
field: "nwparser.p2",
},
});
var msg456 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "(%{result->}) ",
field: "nwparser.p2",
},
});
var select109 = linear_select([
msg454,
msg455,
msg456,
dup281,
]);
var all121 = all_match({
processors: [
dup146,
dup147,
msg453,
select109,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:03"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg457 = match({
id: "MESSAGE#303:302014:02/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var msg458 = match({
id: "MESSAGE#303:302014:02/1",
dissect: {
tokenizer: "%{->} %{result->}",
field: "nwparser.p0",
},
});
var select110 = linear_select([
dup282,
msg458,
]);
var all122 = all_match({
processors: [
msg457,
select110,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg459 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{->} %{saddr->}/%{sport->}(%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var msg460 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to%{p1->}",
field: "nwparser.p0",
},
});
var select111 = linear_select([
dup283,
msg459,
msg460,
]);
var msg461 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{->} %{dinterface->}:%{daddr->}/%{dport->}(%{fld20->}) duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var all123 = all_match({
processors: [
dup146,
select111,
msg461,
dup284,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:04"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg462 = match({
id: "MESSAGE#305:302014:05/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->}(%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var msg463 = match({
id: "MESSAGE#305:302014:05/1",
dissect: {
tokenizer: "%{info->} (%{username->})",
field: "nwparser.p0",
},
});
var msg464 = match({
id: "MESSAGE#305:302014:05/1",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p0",
},
});
var select112 = linear_select([
msg463,
msg464,
]);
var all124 = all_match({
processors: [
msg462,
select112,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:05"),
}),
dup42,
dup43,
dup40,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select113 = linear_select([
dup283,
dup156,
]);
var msg465 = match({
id: "MESSAGE#306:302014/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var all125 = all_match({
processors: [
dup146,
select113,
msg465,
dup284,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg466 = match({
id: "MESSAGE#307:302014:01/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var select114 = linear_select([
dup282,
dup285,
]);
var all126 = all_match({
processors: [
msg466,
select114,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select115 = linear_select([
all121,
all122,
all123,
all124,
all125,
all126,
]);
var msg467 = match({
id: "MESSAGE#760:611304",
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks:%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611304"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup286,
]),
});
var all127 = all_match({
processors: [
dup287,
dup89,
dup288,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702211:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var all128 = all_match({
processors: [
dup287,
dup89,
dup290,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702211"),
}),
dup7,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var select116 = linear_select([
all127,
all128,
]);
var msg468 = match({
id: "MESSAGE#849:711001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("711001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg469 = match({
id: "MESSAGE#12:120008",
dissect: {
tokenizer: "Call-Home client %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120008"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home client activity"),
}),
]),
});
var msg470 = match({
id: "MESSAGE#236:209001",
dissect: {
tokenizer: "IPFRAG: Unable to allocate frag record for %{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("209001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate frag record"),
}),
]),
});
var msg471 = match({
id: "MESSAGE#659:420004",
dissect: {
tokenizer: "Virtual Sensor %{vsys->} was added on the %{product->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("420004"),
}),
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Virtual Sensor added"),
}),
]),
});
var msg472 = match({
id: "MESSAGE#580:403501",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("403501"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg473 = match({
id: "MESSAGE#1095:718033",
dissect: {
tokenizer: "Send TOPOLOGY indicator failure to [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718033"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sent TOPOLOGY indicator failure"),
}),
]),
});
var msg474 = match({
id: "MESSAGE#123:109002/0",
dissect: {
tokenizer: "%{->}Auth %{p0->}",
field: "nwparser.payload",
},
});
var msg475 = match({
id: "MESSAGE#123:109002/2",
dissect: {
tokenizer: "from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} failed (server %{hostip->} failed) on interface %{sinterface->}",
field: "nwparser.p1",
},
});
var all129 = all_match({
processors: [
msg474,
dup254,
msg475,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109002"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup291,
set_field({
dest: "nwparser.result",
value: constant("server failed"),
}),
]),
});
var msg476 = match({
id: "MESSAGE#239:209004",
dissect: {
tokenizer: "Invalid IP fragment, size = %{icmptype->} exceeds maximum size = %{icmpcode->}: %{space->} src = %{saddr->}, dest = %{daddr->}, proto = %{protocol->}, id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("209004"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid IP fragment"),
}),
set_field({
dest: "nwparser.result",
value: constant("size exceeded"),
}),
]),
});
var msg477 = match({
id: "MESSAGE#421:316001",
dissect: {
tokenizer: "Denied new tunnel to %{saddr->} VPN peer limit (%{fld1->}) exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("316001"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied new VPN tunnel"),
}),
set_field({
dest: "nwparser.result",
value: constant("VPN peer limit exceeded"),
}),
]),
});
var msg478 = match({
id: "MESSAGE#422:316001:01/0",
dissect: {
tokenizer: "Cannot %{p0->}",
field: "nwparser.payload",
},
});
var msg479 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "%{->}create%{p1->}",
field: "nwparser.p0",
},
});
var msg480 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "creat%{p1->}",
field: "nwparser.p0",
},
});
var select117 = linear_select([
msg479,
msg480,
]);
var msg481 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "%{->}more isakmp peers, exceeding the limit of %{fld1->} peers",
field: "nwparser.p1",
},
});
var all130 = all_match({
processors: [
msg478,
select117,
msg481,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("316001:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("cannot create isakmp peers"),
}),
set_field({
dest: "nwparser.result",
value: constant("peer limit exceeded"),
}),
]),
});
var select118 = linear_select([
msg477,
all130,
]);
var msg482 = match({
id: "MESSAGE#494:338308",
dissect: {
tokenizer: "Dynamic filter updater server dynamically changed from %{change_old->} to %{change_new->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("338308"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic filter updater server dynamically changed"),
}),
]),
});
var msg483 = match({
id: "MESSAGE#1078:717028",
dissect: {
tokenizer: "Certificate chain was successfully validated %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup292,
set_field({
dest: "nwparser.msg_id1",
value: constant("717028"),
}),
dup293,
dup38,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Certificate chain successfully validated"),
}),
]),
});
var msg484 = match({
id: "MESSAGE#77:106013:01",
dissect: {
tokenizer: "Dropping echo request from %{saddr->} to PAT address %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106013:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup294,
dup4,
dup5,
]),
});
var msg485 = match({
id: "MESSAGE#78:106013",
dissect: {
tokenizer: "Dropping echo request from %{saddr->} to address %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106013"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup294,
dup4,
dup5,
]),
});
var select119 = linear_select([
msg484,
msg485,
]);
var msg486 = match({
id: "MESSAGE#382:305012:02",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->}(%{fld51->}) to %{dinterface->}(%{fld52->}):%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg487 = match({
id: "MESSAGE#383:305012/0",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var msg488 = match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all131 = all_match({
processors: [
msg487,
dup296,
msg488,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg489 = match({
id: "MESSAGE#384:305012:01/0",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{p0->}",
field: "nwparser.payload",
},
});
var msg490 = match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all132 = all_match({
processors: [
msg489,
dup297,
msg490,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select120 = linear_select([
msg486,
all131,
all132,
]);
var msg491 = match({
id: "MESSAGE#401:311001",
dissect: {
tokenizer: "LU loading standby start%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311001"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU loading standby start"),
}),
dup4,
dup5,
]),
});
var msg492 = match({
id: "MESSAGE#455:324002",
dissect: {
tokenizer: "No %{fld1->} exists to process GTPv0 %{fld2->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, TID: %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("nonexistent resource to process GTP request"),
}),
]),
});
var msg493 = match({
id: "MESSAGE#95:106025",
dissect: {
tokenizer: "%{event_description->}: %{interface->} %{protocol->} src %{saddr->}/%{sport->} dest %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106025"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg494 = match({
id: "MESSAGE#629:413003/0",
dissect: {
tokenizer: "Module in slot %{fld1->} is not a recognized type%{p0->}",
field: "nwparser.payload",
},
});
var select121 = linear_select([
dup298,
]);
var all133 = all_match({
processors: [
msg494,
select121,
dup223,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("413003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg495 = match({
id: "MESSAGE#1115:720006",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720006"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg496 = match({
id: "MESSAGE#1246:737026",
dissect: {
tokenizer: "%{process->}: Client assigned %{hostip->} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737026"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg497 = match({
id: "MESSAGE#1247:737026:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Client assigned %{hostip->} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737026:01"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select122 = linear_select([
msg496,
msg497,
]);
var msg498 = match({
id: "MESSAGE#626:412001",
dissect: {
tokenizer: "MAC %{interface->} moved from %{src_zone->} to %{dst_zone->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("412001"),
}),
dup38,
dup13,
dup39,
dup40,
dup3,
dup4,
dup5,
]),
});
var msg499 = match({
id: "MESSAGE#656:420002:01",
dissect: {
tokenizer: "IPS requested to drop %{protocol->} packets %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("420002:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup299,
]),
});
var msg500 = match({
id: "MESSAGE#657:420002",
dissect: {
tokenizer: "%{service->} requested to drop %{protocol->} packet from %{sinterface->}:%{saddr->}/%{sport->} %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("420002"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup299,
]),
});
var select123 = linear_select([
msg499,
msg500,
]);
var msg501 = match({
id: "MESSAGE#676:500003",
dissect: {
tokenizer: "Bad %{protocol->} hdr length (hdrlen=%{fld1->}, pktlen=%{fld2->}) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}, flags: %{fld3->}, on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("500003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Bad hdr length"),
}),
]),
});
var all134 = all_match({
processors: [
dup22,
dup23,
dup300,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713035"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg502 = match({
id: "MESSAGE#861:713035:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{action->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713035:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select124 = linear_select([
all134,
msg502,
]);
var msg503 = match({
id: "MESSAGE#162:110003:01/0",
dissect: {
tokenizer: "Routing failed to locate %{p0->}",
field: "nwparser.payload",
},
});
var msg504 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "next-hop %{p1->}",
field: "nwparser.p0",
},
});
var msg505 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "%{->}next hop%{p1->}",
field: "nwparser.p0",
},
});
var select125 = linear_select([
msg504,
msg505,
]);
var msg506 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "%{->}for %{protocol->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all135 = all_match({
processors: [
msg503,
select125,
msg506,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: dup301,
}),
set_field({
dest: "nwparser.event_description",
value: dup301,
}),
]),
});
var msg507 = match({
id: "MESSAGE#163:110003:02",
dissect: {
tokenizer: "No interface is configured (with %{interface->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003:02"),
}),
dup14,
dup2,
dup4,
dup5,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("No interface configured"),
}),
]),
});
var msg508 = match({
id: "MESSAGE#164:110003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select126 = linear_select([
all135,
msg507,
msg508,
]);
var msg509 = match({
id: "MESSAGE#308:302015:05",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{domain->}\\%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{fld4->}) (%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:05"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg510 = match({
id: "MESSAGE#309:302015/2",
dissect: {
tokenizer: "%{->}to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->} )%{p2->}",
field: "nwparser.p1",
},
});
var msg511 = match({
id: "MESSAGE#309:302015/3",
dissect: {
tokenizer: "%{->}'%{username->}' ",
field: "nwparser.p2",
},
});
var msg512 = match({
id: "MESSAGE#309:302015/3",
dissect: {
tokenizer: "%{->}(%{username->})",
field: "nwparser.p2",
},
});
var select127 = linear_select([
msg511,
msg512,
]);
var all136 = all_match({
processors: [
dup219,
dup220,
msg510,
select127,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var all137 = all_match({
processors: [
dup221,
dup222,
dup223,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:01"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg513 = match({
id: "MESSAGE#311:302015:03/0",
dissect: {
tokenizer: "Built %{fld1->} %{protocol->} connection %{connectionid->} for %{dinterface->}:%{daddr->}/%{dport->} (%{p0->}",
field: "nwparser.payload",
},
});
var msg514 = match({
id: "MESSAGE#311:302015:03/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->})(%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var select128 = linear_select([
dup225,
msg514,
dup226,
]);
var all138 = all_match({
processors: [
msg513,
select128,
dup227,
dup228,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:03"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.direction",
value: field("fld1"),
}),
dup193,
]),
});
var msg515 = match({
id: "MESSAGE#312:302015:04",
dissect: {
tokenizer: "Built %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:04"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var select129 = linear_select([
msg509,
all136,
all137,
all138,
msg515,
]);
var msg516 = match({
id: "MESSAGE#527:400030",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400030"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg517 = match({
id: "MESSAGE#592:405103",
dissect: {
tokenizer: "H225 message from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} contains bad protocol discriminator %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("405103"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("H225 message contains bad protocol discriminator"),
}),
]),
});
var msg518 = match({
id: "MESSAGE#1034:715061",
dissect: {
tokenizer: "Group = %{group->} IP = %{saddr->}, %{action->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715061"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg519 = match({
id: "MESSAGE#1208:730010",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> VLAN Mapping is enabled on VLAN \u003c\u003c%{instance->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("730010"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VLAN Mapping is enabled on VLAN"),
}),
]),
});
var msg520 = match({
id: "MESSAGE#27:105002",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("105002"),
}),
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg521 = match({
id: "MESSAGE#461:325001",
dissect: {
tokenizer: "Router %{hostip_v6->} on %{interface->} has conflicting ND (Neighbor Discovery) settings",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("325001"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg522 = match({
id: "MESSAGE#1013:715040",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715040"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg523 = match({
id: "MESSAGE#1025:715053/2",
dissect: {
tokenizer: "%{saddr->}, MODE_CFG: %{action->}",
field: "nwparser.p1",
},
});
var all139 = all_match({
processors: [
dup22,
dup23,
msg523,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715053"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg524 = match({
id: "MESSAGE#1026:715053:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, MODE_CFG: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715053:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select130 = linear_select([
all139,
msg524,
]);
var msg525 = match({
id: "MESSAGE#1307:776252",
dissect: {
tokenizer: "CTS SGT-MAP: Binding %{saddr->}/%{sport->}->%{fld1->}:%{group->} from %{fld2->} deleted from binding manager.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("776252"),
}),
dup14,
dup3,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("deleted to binding manager"),
}),
]),
});
var msg526 = match({
id: "MESSAGE#7:103002:01",
dissect: {
tokenizer: "(%{context->}) %{event_description->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("103002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup302,
]),
});
var msg527 = match({
id: "MESSAGE#8:103002",
dissect: {
tokenizer: "(%{context->})%{event_description->} OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("103002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.disposition",
value: constant("OK"),
}),
]),
});
var select131 = linear_select([
msg526,
msg527,
]);
var msg528 = match({
id: "MESSAGE#184:113008/0",
dissect: {
tokenizer: "AAA transaction status %{disposition->} : user = %{p0->}",
field: "nwparser.payload",
},
});
var all140 = all_match({
processors: [
msg528,
dup238,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113008"),
}),
dup17,
dup65,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg529 = match({
id: "MESSAGE#374:305007",
dissect: {
tokenizer: "%{fld1->}(): Orphan IP %{hostip->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Orphan IP detected on interface"),
}),
]),
});
var msg530 = match({
id: "MESSAGE#505:400008",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400008"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all141 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713132"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg531 = match({
id: "MESSAGE#364:305003",
dissect: {
tokenizer: "Teardown translation for global %{hostip->} local %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305003"),
}),
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg532 = match({
id: "MESSAGE#365:305003:01",
dissect: {
tokenizer: "Teardown translation for %{hostip->} %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select132 = linear_select([
msg531,
msg532,
]);
var msg533 = match({
id: "MESSAGE#481:338103/2",
dissect: {
tokenizer: "ilter %{action->} whitelisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{hostip->} resolved from %{listnum->} list:%{info->}",
field: "nwparser.p1",
},
});
var all142 = all_match({
processors: [
dup183,
dup184,
msg533,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338103"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg534 = match({
id: "MESSAGE#767:611311",
dissect: {
tokenizer: "VPNClient: XAUTH Failed: Peer: %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("611311"),
}),
dup7,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("XAUTH failed"),
}),
]),
});
var msg535 = match({
id: "MESSAGE#833:703002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("703002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg536 = match({
id: "MESSAGE#1100:718046",
dissect: {
tokenizer: "Create group policy [%{policyname->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718046"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Create group policy"),
}),
]),
});
var msg537 = match({
id: "MESSAGE#264:214001",
dissect: {
tokenizer: "Terminating manager session from %{saddr->} on interface %{interface->}.%{space->}Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("214001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Terminated manager session"),
}),
]),
});
var msg538 = match({
id: "MESSAGE#544:400047",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400047"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg539 = match({
id: "MESSAGE#933:713219/2",
dissect: {
tokenizer: "Group = %{group->} %{p1->}",
field: "nwparser.p0",
},
});
var select133 = linear_select([
msg539,
]);
var msg540 = match({
id: "MESSAGE#933:713219/2",
dissect: {
tokenizer: "IP = %{saddr->} Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete",
field: "nwparser.p1",
},
});
var all143 = all_match({
processors: [
dup44,
select133,
msg540,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713219"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("messages enqueued"),
}),
]),
});
var msg541 = match({
id: "MESSAGE#1066:717005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg542 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "%{->}Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var select134 = linear_select([
dup303,
msg542,
]);
var all144 = all_match({
processors: [
select134,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715046:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all145 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715046"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select135 = linear_select([
all144,
all145,
]);
var msg543 = match({
id: "MESSAGE#1058:716051",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> Error adding dynamic ACL for user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("716051"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Error adding dynamic ACL for user"),
}),
]),
});
var msg544 = match({
id: "MESSAGE#1074:717024",
dissect: {
tokenizer: "Checking CRL from trustpoint: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717024"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg545 = match({
id: "MESSAGE#1136:720044",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720044"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg546 = match({
id: "MESSAGE#1202:725013",
dissect: {
tokenizer: "SSL Server %{interface->}:%{hostip->}/%{network_port->} choose cipher : %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725013"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("SSL Server choose cipher"),
}),
dup4,
dup5,
]),
});
var msg547 = match({
id: "MESSAGE#112:108001/0",
dissect: {
tokenizer: "SMTP made noop: out %{fld1->} in %{fld2->} data%{p0->}",
field: "nwparser.payload",
},
});
var msg548 = match({
id: "MESSAGE#112:108001/2",
dissect: {
tokenizer: ":%{p1->}",
field: "nwparser.p0",
},
});
var select136 = linear_select([
msg548,
]);
var msg549 = match({
id: "MESSAGE#112:108001/2",
dissect: {
tokenizer: "%{->} %{info->}",
field: "nwparser.p1",
},
});
var all146 = all_match({
processors: [
msg547,
select136,
msg549,
],
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("108001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg550 = match({
id: "MESSAGE#573:403104",
dissect: {
tokenizer: "PPP virtual interface %{interface->} requires mschap for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("403104"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg551 = match({
id: "MESSAGE#734:605002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("605002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg552 = match({
id: "MESSAGE#837:709004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709004"),
}),
dup38,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var all147 = all_match({
processors: [
dup305,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715049:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all148 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715049"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select137 = linear_select([
all147,
all148,
]);
var msg553 = match({
id: "MESSAGE#1268:751007",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Configured attribute not supported for IKEv2. Attribute: %{obj_name->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("751007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Configured attribute not supported for IKEv2"),
}),
]),
});
var msg554 = match({
id: "MESSAGE#167:111003",
dissect: {
tokenizer: "%{hostip->} Erase configuration",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("111003"),
}),
dup38,
dup108,
dup39,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Erase configuration"),
}),
]),
});
var msg555 = match({
id: "MESSAGE#536:400039",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400039"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all149 = all_match({
processors: [
dup79,
dup80,
dup81,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("715007"),
}),
dup7,
dup11,
dup12,
dup164,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg556 = match({
id: "MESSAGE#995:715007:01",
dissect: {
tokenizer: "IKE got a KEY_ADD msg for SA: SPI = %{dst_spi->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup250,
set_field({
dest: "nwparser.msg_id1",
value: constant("715007:01"),
}),
dup7,
dup11,
dup12,
dup164,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got a KEY_ADD msg for SA"),
}),
]),
});
var select138 = linear_select([
all149,
msg556,
]);
var msg557 = match({
id: "MESSAGE#1048:716004/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} access DENIED to specified location: %{info->}",
field: "nwparser.p1",
},
});
var all150 = all_match({
processors: [
dup77,
dup78,
msg557,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716004"),
}),
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("access DENIED"),
}),
]),
});
var msg558 = match({
id: "MESSAGE#1206:730001",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> VLAN Mapping to VLAN \u003c\u003c%{instance->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("730001"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VLAN Mapping to VLAN"),
}),
]),
});
var msg559 = match({
id: "MESSAGE#1312:434004",
dissect: {
tokenizer: "SFR requested ASA to bypass further packet redirection and process %{protocol->} flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} locally",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("434004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SFR requested ASA to bypass further packet redirection"),
}),
]),
});
var msg560 = match({
id: "MESSAGE#377:305010",
dissect: {
tokenizer: "Teardown %{context->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305010"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg561 = match({
id: "MESSAGE#378:305010:01",
dissect: {
tokenizer: "Teardown %{context->} translation from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305010:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select139 = linear_select([
msg560,
msg561,
]);
var msg562 = match({
id: "MESSAGE#871:713061",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{action->}:%{info->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("713061"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("no matching crypto map entry"),
}),
]),
});
var msg563 = match({
id: "MESSAGE#89:106021",
dissect: {
tokenizer: "Deny %{protocol->} reverse path check from %{saddr->} to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("106021"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg564 = match({
id: "MESSAGE#122:109001/0",
dissect: {
tokenizer: "Auth start for user %{p0->}",
field: "nwparser.payload",
},
});
var msg565 = match({
id: "MESSAGE#122:109001/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all151 = all_match({
processors: [
msg564,
dup61,
msg565,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109001"),
}),
dup17,
dup60,
dup18,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Start_Session"),
}),
]),
});
var msg566 = match({
id: "MESSAGE#208:199007/0",
dissect: {
tokenizer: "Reload scheduled for %{fld1->} by %{p0->}",
field: "nwparser.payload",
},
});
var msg567 = match({
id: "MESSAGE#208:199007/2",
dissect: {
tokenizer: "%{fld2->}. Reload reason: %{result->}",
field: "nwparser.p1",
},
});
var all152 = all_match({
processors: [
msg566,
dup104,
msg567,
],
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("199007"),
}),
dup13,
dup38,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Reload scheduled"),
}),
dup4,
dup5,
]),
});
var msg568 = match({
id: "MESSAGE#336:302023",
dissect: {
tokenizer: "Teardown IP protocol %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302023"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup306,
]),
});
var msg569 = match({
id: "MESSAGE#337:302023:01",
dissect: {
tokenizer: "Teardown stub %{protocol->} connection for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} forwarded bytes %{bytes->} %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302023:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var select140 = linear_select([
msg568,
msg569,
]);
var msg570 = match({
id: "MESSAGE#1315:199017",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{fld6->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199017"),
}),
dup3,
dup4,
dup5,
]),
});
var select141 = linear_select([
dup308,
dup309,
]);
var all153 = all_match({
processors: [
dup307,
select141,
dup310,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302026"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup311,
]),
});
var msg571 = match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "%{daddr->}. %{result->}",
field: "nwparser.p1",
},
});
var all154 = all_match({
processors: [
dup312,
dup313,
msg571,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402116"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Bad ESP packet"),
}),
dup56,
]),
});
var msg572 = match({
id: "MESSAGE#844:710003",
dissect: {
tokenizer: "%{protocol->} access denied by ACL from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("710003"),
}),
dup42,
dup43,
dup99,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("access denied"),
}),
]),
});
var msg573 = match({
id: "MESSAGE#1143:720063",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("720063"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg574 = match({
id: "MESSAGE#180:113004/0",
dissect: {
tokenizer: "AAA user a%{p0->}",
field: "nwparser.payload",
},
});
var msg575 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "uthentication%{p1->}",
field: "nwparser.p0",
},
});
var msg576 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "uthorization%{p1->}",
field: "nwparser.p0",
},
});
var msg577 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "ccounting%{p1->}",
field: "nwparser.p0",
},
});
var select142 = linear_select([
msg575,
msg576,
msg577,
]);
var msg578 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "%{->}Successful : server = %{hostip->} : user = %{p2->}",
field: "nwparser.p1",
},
});
var all155 = all_match({
processors: [
msg574,
select142,
msg578,
dup237,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113004"),
}),
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA user accounting/authentication successful"),
}),
]),
});
var msg579 = match({
id: "MESSAGE#637:415005",
dissect: {
tokenizer: "%{sigid->} Content type does not match specified type - %{listnum->} Content Verification Failed from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("Content type does not match specified type"),
}),
]),
});
var msg580 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "ud%{p1->}",
field: "nwparser.p0",
},
});
var msg581 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "tc%{p1->}",
field: "nwparser.p0",
},
});
var select143 = linear_select([
msg580,
msg581,
]);
var msg582 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "p flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} terminated by %{service->}, reason - %{result->}",
field: "nwparser.p1",
},
});
var all156 = all_match({
processors: [
dup44,
select143,
msg582,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("507003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("tcp/udp flow terminated"),
}),
]),
});
var msg583 = match({
id: "MESSAGE#1116:720010",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("720010"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg584 = match({
id: "MESSAGE#404:311004",
dissect: {
tokenizer: "LU xmit thread up%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311004"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU xmit thread up"),
}),
dup4,
dup5,
]),
});
var msg585 = match({
id: "MESSAGE#531:400034",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400034"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg586 = match({
id: "MESSAGE#900:713133/2",
dissect: {
tokenizer: "%{saddr->}, Mismatch: %{event_description->}",
field: "nwparser.p1",
},
});
var all157 = all_match({
processors: [
dup22,
dup23,
msg586,
],
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713133"),
}),
dup7,
dup38,
dup39,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg587 = match({
id: "MESSAGE#1113:720004",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720004"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all158 = all_match({
processors: [
dup44,
dup175,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715063"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg588 = match({
id: "MESSAGE#359:304007",
dissect: {
tokenizer: "URL Server %{hostip->} not responding, ENTERING ALLOW mode",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("304007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg589 = match({
id: "MESSAGE#379:305011:02",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->}(%{fld51->}) to %{dinterface->}(%{fld52->}):%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg590 = match({
id: "MESSAGE#380:305011/0",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var all159 = all_match({
processors: [
msg590,
dup296,
dup260,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg591 = match({
id: "MESSAGE#381:305011:01/0",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{p0->}",
field: "nwparser.payload",
},
});
var all160 = all_match({
processors: [
msg591,
dup297,
dup314,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var select144 = linear_select([
msg589,
all159,
all160,
]);
var msg592 = match({
id: "MESSAGE#747:609001",
dissect: {
tokenizer: "Built local-host %{interface->}:%{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("609001"),
}),
dup4,
dup5,
dup2,
dup3,
]),
});
var msg593 = match({
id: "MESSAGE#830:702303",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702303"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg594 = match({
id: "MESSAGE#627:413001",
dissect: {
tokenizer: "Module in slot%{fld1->}is not able to shut down. %{space->} Module Error: %{fld2->} %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("413001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg595 = match({
id: "MESSAGE#748:609002:01/0",
dissect: {
tokenizer: "Teardown local%{p0->}",
field: "nwparser.payload",
},
});
var msg596 = match({
id: "MESSAGE#748:609002:01/2",
dissect: {
tokenizer: "host %{interface->}:%{hostip->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all161 = all_match({
processors: [
msg595,
dup115,
msg596,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("609002:01"),
}),
dup43,
dup42,
dup40,
dup14,
dup4,
dup5,
dup2,
dup3,
dup306,
]),
});
var msg597 = match({
id: "MESSAGE#799:620002:01",
dissect: {
tokenizer: "Unsupported CTIQBE version: %{fld1->}: from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("620002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg598 = match({
id: "MESSAGE#800:620002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("620002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select145 = linear_select([
msg597,
msg598,
]);
var msg599 = match({
id: "MESSAGE#213:199908",
dissect: {
tokenizer: "%{protocol->} detected an attached application using local port %{sport->} and destination port %{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199908"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg600 = match({
id: "MESSAGE#460:324007",
dissect: {
tokenizer: "Unable to create GTP connection for response from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Unable to create GTP connection"),
}),
]),
});
var msg601 = match({
id: "MESSAGE#488:338302/0",
dissect: {
tokenizer: "Address %{hostip->} discovered for domain %{web_domain->} from %{p0->}",
field: "nwparser.payload",
},
});
var msg602 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{category->}.%{p1->}",
field: "nwparser.p0",
},
});
var msg603 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{category->},%{p1->}",
field: "nwparser.p0",
},
});
var select146 = linear_select([
msg602,
msg603,
]);
var msg604 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{->}Adding rule",
field: "nwparser.p1",
},
});
var all162 = all_match({
processors: [
msg601,
select146,
msg604,
],
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("338302"),
}),
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg605 = match({
id: "MESSAGE#501:400004",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400004"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg606 = match({
id: "MESSAGE#688:504002:01",
dissect: {
tokenizer: "Security context %{info->} was removed from the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("504002:01"),
}),
dup108,
dup38,
dup14,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Security context removed"),
}),
dup4,
dup5,
]),
});
var msg607 = match({
id: "MESSAGE#689:504002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("504002"),
}),
dup108,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var select147 = linear_select([
msg606,
msg607,
]);
var msg608 = match({
id: "MESSAGE#1256:746006",
dissect: {
tokenizer: "%{application->}: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746006"),
}),
dup3,
]),
});
var msg609 = match({
id: "MESSAGE#684:502112/0",
dissect: {
tokenizer: "Group policy deleted: name: %{p0->}",
field: "nwparser.payload",
},
});
var all163 = all_match({
processors: [
msg609,
dup315,
dup316,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1502040000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502112"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Group policy deleted"),
}),
]),
});
var msg610 = match({
id: "MESSAGE#752:611101/0",
dissect: {
tokenizer: "User authentication succeeded: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all164 = all_match({
processors: [
msg610,
dup238,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("611101"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
dup317,
]),
});
var msg611 = match({
id: "MESSAGE#753:611101:01/0",
dissect: {
tokenizer: "User authentication succeeded: IP address: %{saddr->}, Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all165 = all_match({
processors: [
msg611,
dup238,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("611101:01"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
dup317,
]),
});
var select148 = linear_select([
all164,
all165,
]);
var msg612 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->} Received Invalid SPI notify (SPI %{p1->}",
field: "nwparser.p0",
},
});
var msg613 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Received Invalid SPI notify (SPI %{p1->}",
field: "nwparser.p0",
},
});
var select149 = linear_select([
msg612,
msg613,
]);
var msg614 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{dst_spi->})!",
field: "nwparser.p1",
},
});
var all166 = all_match({
processors: [
dup9,
select149,
msg614,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713117"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Received Invalid SPI notify"),
}),
]),
});
var msg615 = match({
id: "MESSAGE#1189:725005:01/0",
dissect: {
tokenizer: "SSL server %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->} requesting our device certificate for authentication%{p0->}",
field: "nwparser.payload",
},
});
var all167 = all_match({
processors: [
msg615,
dup254,
dup255,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("725005:01"),
}),
dup2,
dup3,
dup318,
dup4,
dup5,
]),
});
var msg616 = match({
id: "MESSAGE#1190:725005",
dissect: {
tokenizer: "SSL server %{interface->}:%{hostip->}/%{network_port->} requesting our device certificate for authentication.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("725005"),
}),
dup2,
dup3,
dup318,
dup4,
dup5,
]),
});
var select150 = linear_select([
all167,
msg616,
]);
var msg617 = match({
id: "MESSAGE#194:113019:01/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{day->}d %{hour->}h:%{min->}m:%{second->}s, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all168 = all_match({
processors: [
dup22,
dup23,
msg617,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019:01"),
}),
dup14,
dup2,
dup3,
dup319,
dup4,
dup5,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%A%N%T%O"),
field("day"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var msg618 = match({
id: "MESSAGE#195:113019:02/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{hour->}h:%{min->}m:%{second->}s, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all169 = all_match({
processors: [
dup22,
dup23,
msg618,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019:02"),
}),
dup14,
dup2,
dup3,
dup319,
dup4,
dup5,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N%U%O"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var msg619 = match({
id: "MESSAGE#196:113019/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{duration->}, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all170 = all_match({
processors: [
dup22,
dup23,
msg619,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019"),
}),
dup2,
dup3,
dup319,
dup4,
dup5,
]),
});
var select151 = linear_select([
all168,
all169,
all170,
]);
var msg620 = match({
id: "MESSAGE#567:402126/0",
dissect: {
tokenizer: "CRYPTO: The %{product->} File %{p0->}",
field: "nwparser.payload",
},
});
var msg621 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "\u003c\u003c%{filename->}> as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var msg622 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "'%{filename->}' as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var msg623 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "%{filename->} as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var select152 = linear_select([
msg621,
msg622,
msg623,
]);
var all171 = all_match({
processors: [
msg620,
select152,
dup316,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402126"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Crypto archive - soft reset"),
}),
]),
});
var msg624 = match({
id: "MESSAGE#640:415008",
dissect: {
tokenizer: "%{sigid->} HTTP RFC method illegal - %{listnum->} '%{protocol->}' from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415008"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP RFC method illegal"),
}),
]),
});
var msg625 = match({
id: "MESSAGE#641:415008:01",
dissect: {
tokenizer: "%{sigid->} HTTP - matched %{fld1->} in policy-map %{policyname->}, header matched - Resetting connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415008:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select153 = linear_select([
msg624,
msg625,
]);
var msg626 = match({
id: "MESSAGE#663:421005/0",
dissect: {
tokenizer: "%{interface->}:%{hostip->} is counted as a user %{p0->}",
field: "nwparser.payload",
},
});
var msg627 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "for%{p1->}",
field: "nwparser.p0",
},
});
var msg628 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "of%{p1->}",
field: "nwparser.p0",
},
});
var select154 = linear_select([
msg627,
msg628,
]);
var msg629 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "%{->} %{product->}",
field: "nwparser.p1",
},
});
var all172 = all_match({
processors: [
msg626,
select154,
msg629,
],
on_success: processor_chain([
dup186,
set_field({
dest: "nwparser.msg_id1",
value: constant("421005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg630 = match({
id: "MESSAGE#631:414002",
dissect: {
tokenizer: "Failed to save logging buffer to flash:/syslog directory using filename: %{filename->}: [%{result->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("414002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg631 = match({
id: "MESSAGE#35:105010",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("105010"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg632 = match({
id: "MESSAGE#267:219002",
dissect: {
tokenizer: "%{service->} error, slot = %{fld1->}, device = %{fld2->}, address = %{fld3->}, byte count = %{bytes->}. Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("219002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("i2c_read_block_w_suspend() error"),
}),
]),
});
var msg633 = match({
id: "MESSAGE#1126:720032",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720032"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg634 = match({
id: "MESSAGE#1209:731001",
dissect: {
tokenizer: "NAC policy added: name: \u003c\u003c%{policyname->}> Type: \u003c\u003c %{info->} >",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1501020000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("731001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("NAC policy added"),
}),
]),
});
var msg635 = match({
id: "MESSAGE#84:106017",
dissect: {
tokenizer: "Deny IP due to Land Attack from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("106017"),
}),
dup99,
dup320,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg636 = match({
id: "MESSAGE#85:106017:01",
dissect: {
tokenizer: "Packet contains ActiveX content and has been modified src %{saddr->} dest to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1001030000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("106017:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select155 = linear_select([
msg635,
msg636,
]);
var msg637 = match({
id: "MESSAGE#939:713227",
dissect: {
tokenizer: "IP = %{saddr->}, %{action->} for peer %{fld1->}. %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713227"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg638 = match({
id: "MESSAGE#1302:717045",
dissect: {
tokenizer: "Local CA Server CRL info: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("717045"),
}),
dup14,
dup2,
dup5,
dup3,
]),
});
var msg639 = match({
id: "MESSAGE#203:199002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg640 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "\"\"%{username->}\"\" disconnected by SSH server, reason: %{p1->}",
field: "nwparser.p0",
},
});
var msg641 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "\"%{username->}\" disconnected by SSH server, reason: %{p1->}",
field: "nwparser.p0",
},
});
var msg642 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "'%{username->}' disconnected by SSH server, reason: %{p1->}",
field: "nwparser.p0",
},
});
var msg643 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "%{username->} disconnected by SSH server, reason: %{p1->}",
field: "nwparser.p0",
},
});
var select156 = linear_select([
msg640,
msg641,
msg642,
msg643,
]);
var msg644 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "\"\"%{result->}\"\" ",
field: "nwparser.p1",
},
});
var msg645 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "\"%{result->}\" ",
field: "nwparser.p1",
},
});
var msg646 = match({
id: "MESSAGE#419:315011/2",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p1",
},
});
var select157 = linear_select([
msg644,
msg645,
msg646,
]);
var all173 = all_match({
processors: [
dup321,
select156,
select157,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("315011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session disconnected"),
}),
]),
});
var msg647 = match({
id: "MESSAGE#420:315011:01/1",
dissect: {
tokenizer: "\"\"%{username->}\"\" terminated normally",
field: "nwparser.p0",
},
});
var msg648 = match({
id: "MESSAGE#420:315011:01/1",
dissect: {
tokenizer: "\"%{username->}\" terminated normally",
field: "nwparser.p0",
},
});
var msg649 = match({
id: "MESSAGE#420:315011:01/1",
dissect: {
tokenizer: "'%{username->}' terminated normally",
field: "nwparser.p0",
},
});
var msg650 = match({
id: "MESSAGE#420:315011:01/1",
dissect: {
tokenizer: "%{username->} terminated normally",
field: "nwparser.p0",
},
});
var select158 = linear_select([
msg647,
msg648,
msg649,
msg650,
]);
var all174 = all_match({
processors: [
dup321,
select158,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("315011:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("terminated normally"),
}),
]),
});
var select159 = linear_select([
all173,
all174,
]);
var msg651 = match({
id: "MESSAGE#947:713240",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received DH key with bad length: received length=%{observed_val->} expected length=%{expected_val->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713240"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Received DH key with bad length"),
}),
]),
});
var msg652 = match({
id: "MESSAGE#1265:750003",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Negotiation aborted due to ERROR: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("750003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Negotiation aborted due to ERROR"),
}),
]),
});
var msg653 = match({
id: "MESSAGE#801:622001/2",
dissect: {
tokenizer: "Add%{p1->}",
field: "nwparser.p0",
},
});
var msg654 = match({
id: "MESSAGE#801:622001/2",
dissect: {
tokenizer: "Remov%{p1->}",
field: "nwparser.p0",
},
});
var select160 = linear_select([
msg653,
msg654,
]);
var msg655 = match({
id: "MESSAGE#801:622001/2",
dissect: {
tokenizer: "ing tracked route %{info->}, distance %{dclass_counter1->}, table %{filename->}, on interface %{interface->}",
field: "nwparser.p1",
},
});
var all175 = all_match({
processors: [
dup44,
select160,
msg655,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("622001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Adding/Removing tracked route on interface"),
}),
]),
});
var msg656 = match({
id: "MESSAGE#155:109032/0",
dissect: {
tokenizer: "Unable to install ACL '%{listnum->}', downloaded for user %{p0->}",
field: "nwparser.payload",
},
});
var msg657 = match({
id: "MESSAGE#155:109032/2",
dissect: {
tokenizer: "'%{username->}' ; Error in ACE: '%{p1->}",
field: "nwparser.p0",
},
});
var msg658 = match({
id: "MESSAGE#155:109032/2",
dissect: {
tokenizer: "%{username->} ; Error in ACE: '%{p1->}",
field: "nwparser.p0",
},
});
var select161 = linear_select([
msg657,
msg658,
]);
var msg659 = match({
id: "MESSAGE#155:109032/2",
dissect: {
tokenizer: "%{result->}'",
field: "nwparser.p1",
},
});
var all176 = all_match({
processors: [
msg656,
select161,
msg659,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109032"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg660 = match({
id: "MESSAGE#262:213003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("213003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg661 = match({
id: "MESSAGE#411:313005",
dissect: {
tokenizer: "No matching connection for ICMP error message: icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->}) on %{interface->} interface. Original IP payload:%{info->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("313005"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("No matching connection for error message"),
}),
]),
});
var msg662 = match({
id: "MESSAGE#683:502111/0",
dissect: {
tokenizer: "New group policy added: name: %{p0->}",
field: "nwparser.payload",
},
});
var all177 = all_match({
processors: [
msg662,
dup315,
dup316,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1502030000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502111"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("New group policy added"),
}),
]),
});
var msg663 = match({
id: "MESSAGE#158:109039",
dissect: {
tokenizer: "uauth_pickapp: Uauth Unproxy Failed due to the reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("109039"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Uauth Unproxy Failed"),
}),
]),
});
var msg664 = match({
id: "MESSAGE#286:302007",
dissect: {
tokenizer: "Built conduit from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} IP version %{fld1->} protocol %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302007"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var msg665 = match({
id: "MESSAGE#375:305008",
dissect: {
tokenizer: "Free unallocated global IP address.%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("305008"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("trying to free unallocated global address"),
}),
]),
});
var msg666 = match({
id: "MESSAGE#622:411002/0",
dissect: {
tokenizer: "Line protocol on %{p0->}",
field: "nwparser.payload",
},
});
var all178 = all_match({
processors: [
msg666,
dup266,
dup322,
dup323,
],
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("411002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg667 = match({
id: "MESSAGE#648:416001",
dissect: {
tokenizer: "Dropped UDP SNMP packet from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}; %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("416001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("dropped UDP SNMP packet"),
}),
]),
});
var msg668 = match({
id: "MESSAGE#1290:313008:01",
dissect: {
tokenizer: "Denied IPv6-ICMP type=%{icmptype->}, code=%{icmpcode->} from %{saddr->} on interface %{interface->} (where %{fld3->} was an IPv6 source address).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("313008:01"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
dup325,
]),
});
var msg669 = match({
id: "MESSAGE#1291:313008",
dissect: {
tokenizer: "Denied IPv6-ICMP type=%{icmptype->}, code=%{icmpcode->} from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("313008"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
dup325,
]),
});
var select162 = linear_select([
msg668,
msg669,
]);
var msg670 = match({
id: "MESSAGE#1300:769001",
dissect: {
tokenizer: "UPDATE: ASA image %{fld1->} was added to system boot list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("769001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("ASA image was added to system boot list"),
}),
]),
});
var msg671 = match({
id: "MESSAGE#190:113013/0",
dissect: {
tokenizer: "AAA unable to complete the request Error : reason = %{result->}: user = %{p0->}",
field: "nwparser.payload",
},
});
var all179 = all_match({
processors: [
msg671,
dup238,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113013"),
}),
dup17,
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AAA unable to complete the request"),
}),
]),
});
var msg672 = match({
id: "MESSAGE#397:308002",
dissect: {
tokenizer: "static %{fld1->} %{fld2->} %{fld3->} %{fld4->} overlapped with %{fld5->} %{fld6->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("308002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg673 = match({
id: "MESSAGE#402:311002",
dissect: {
tokenizer: "LU loading standby end%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup326,
set_field({
dest: "nwparser.msg_id1",
value: constant("311002"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU loading standby end"),
}),
dup4,
dup5,
]),
});
var msg674 = match({
id: "MESSAGE#510:400013",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400013"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg675 = match({
id: "MESSAGE#166:111002",
dissect: {
tokenizer: "Begin configuration: %{hostip->} reading from %{device->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111002"),
}),
dup38,
dup327,
dup39,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Begin configuration reading from device"),
}),
]),
});
var msg676 = match({
id: "MESSAGE#780:612001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("612001"),
}),
dup13,
dup38,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg677 = match({
id: "MESSAGE#1101:718049",
dissect: {
tokenizer: "Created secure tunnel to peer %{space->} [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718049"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Created secure tunnel to peer"),
}),
]),
});
var msg678 = match({
id: "MESSAGE#249:210020",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("210020"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg679 = match({
id: "MESSAGE#450:323002",
dissect: {
tokenizer: "Module in slot %{fld1->} is not able to shut down, shut down request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("323002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg680 = match({
id: "MESSAGE#1200:725012",
dissect: {
tokenizer: "Device chooses cipher : %{fld1->} for the SSL session with client %{interface->}:%{hostip->}/%{network_port->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725012"),
}),
dup2,
dup3,
dup4,
dup5,
dup328,
]),
});
var msg681 = match({
id: "MESSAGE#1201:725012:01",
dissect: {
tokenizer: "Device chooses cipher %{fld1->} for the SSL session with client %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725012:01"),
}),
dup2,
dup3,
dup4,
dup5,
dup328,
]),
});
var select163 = linear_select([
msg680,
msg681,
]);
var msg682 = match({
id: "MESSAGE#1293:713203",
dissect: {
tokenizer: "IKE Receiver: Error reading from socket.%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("713203"),
}),
dup7,
dup14,
dup2,
dup25,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Receiver: Error"),
}),
]),
});
var msg683 = match({
id: "MESSAGE#222:201006",
dissect: {
tokenizer: "RCMD backconnection failed for %{hostip->}/%{network_port->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("201006"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("RCMD back connection failed"),
}),
dup4,
dup5,
]),
});
var all180 = all_match({
processors: [
dup22,
dup23,
dup329,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713218"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup330,
]),
});
var msg684 = match({
id: "MESSAGE#1322:CISCOASA_GENERIC_02",
dissect: {
tokenizer: "%{group->}-%{level->}-%{p_msgid->}: %{fld->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup331,
set_field({
dest: "nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_02"),
}),
dup4,
dup332,
dup333,
dup334,
]),
});
var msg685 = match({
id: "MESSAGE#1323:CISCOASA_GENERIC_01",
dissect: {
tokenizer: "%{level->}-%{p_msgid->}: %{fld->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup331,
set_field({
dest: "nwparser.msg_id1",
value: constant("CISCOASA_GENERIC_01"),
}),
dup4,
dup332,
dup333,
dup334,
]),
});
var select164 = linear_select([
msg684,
msg685,
]);
var msg686 = match({
id: "MESSAGE#41:105034",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105034"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg687 = match({
id: "MESSAGE#42:105034:01",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105034:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select165 = linear_select([
msg686,
msg687,
]);
var msg688 = match({
id: "MESSAGE#435:318008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("318008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg689 = match({
id: "MESSAGE#731:604103/0",
dissect: {
tokenizer: "%{event_description->} (%{saddr->})",
field: "nwparser.payload",
},
});
var select166 = linear_select([
msg689,
dup141,
]);
var all181 = all_match({
processors: [
select166,
],
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604103"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg690 = match({
id: "MESSAGE#1062:717001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg691 = match({
id: "MESSAGE#572:403103",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("403103"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg692 = match({
id: "MESSAGE#998:715019/2",
dissect: {
tokenizer: "%{saddr->}, IKEGetUserAttributes: %{change_attribute->} = %{change_new->}",
field: "nwparser.p1",
},
});
var all182 = all_match({
processors: [
dup22,
dup23,
msg692,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715019"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup335,
]),
});
var msg693 = match({
id: "MESSAGE#999:715019:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKEGetUserAttributes: %{change_attribute->} = %{change_new->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715019:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup335,
]),
});
var select167 = linear_select([
all182,
msg693,
]);
var msg694 = match({
id: "MESSAGE#1056:716043/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} Java applet started. %{info->}.",
field: "nwparser.p1",
},
});
var all183 = all_match({
processors: [
dup77,
dup78,
msg694,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("716043"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Java applet started"),
}),
]),
});
var msg695 = match({
id: "MESSAGE#1171:722036/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->})> Transmitting large packet %{p2->}",
field: "nwparser.p1",
},
});
var msg696 = match({
id: "MESSAGE#1171:722036/3",
dissect: {
tokenizer: "%{saddr->}> Transmitting large packet %{p2->}",
field: "nwparser.p1",
},
});
var select168 = linear_select([
msg695,
msg696,
]);
var msg697 = match({
id: "MESSAGE#1171:722036/3",
dissect: {
tokenizer: "%{bytes->} (%{info->})",
field: "nwparser.p2",
},
});
var all184 = all_match({
processors: [
dup181,
dup182,
select168,
msg697,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("722036"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("transmission error transmitting large packet"),
}),
]),
});
var msg698 = match({
id: "MESSAGE#9:120001",
dissect: {
tokenizer: "Call-Home Module started%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120001"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home Module started"),
}),
]),
});
var msg699 = match({
id: "MESSAGE#252:211001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("211001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg700 = match({
id: "MESSAGE#407:313003",
dissect: {
tokenizer: "Invalid destination %{result->} destination %{fld1->} on %{interface->} interface. %{space->} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("313003"),
}),
dup2,
dup3,
dup4,
dup5,
dup259,
dup336,
]),
});
var msg701 = match({
id: "MESSAGE#408:313003:01",
dissect: {
tokenizer: "Invalid destination %{result->} on %{interface->} interface. %{space->} Original IP payload",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("313003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup336,
]),
});
var select169 = linear_select([
msg700,
msg701,
]);
var msg702 = match({
id: "MESSAGE#473:338003/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{fld3->}/%{mask->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all185 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg702,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg703 = match({
id: "MESSAGE#22:104002",
dissect: {
tokenizer: "(%{context->})%{event_description->} (cause: %{result->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104002"),
}),
dup38,
dup13,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg704 = match({
id: "MESSAGE#23:104002:01",
dissect: {
tokenizer: "(%{context->})%{event_description->} - %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select170 = linear_select([
msg703,
msg704,
]);
var msg705 = match({
id: "MESSAGE#124:109003",
dissect: {
tokenizer: "Auth from %{saddr->} to %{daddr->}/%{dport->} failed (all servers failed) on interface %{sinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109003"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup291,
dup337,
]),
});
var msg706 = match({
id: "MESSAGE#125:109003:01/0",
dissect: {
tokenizer: "Auth from %{p0->}",
field: "nwparser.payload",
},
});
var msg707 = match({
id: "MESSAGE#125:109003:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
});
var msg708 = match({
id: "MESSAGE#125:109003:01/2",
dissect: {
tokenizer: "%{saddr->} to %{p1->}",
field: "nwparser.p0",
},
});
var select171 = linear_select([
msg707,
msg708,
]);
var msg709 = match({
id: "MESSAGE#125:109003:01/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->} failed (%{p2->}",
field: "nwparser.p1",
},
});
var msg710 = match({
id: "MESSAGE#125:109003:01/3",
dissect: {
tokenizer: "%{daddr->} failed (%{p2->}",
field: "nwparser.p1",
},
});
var select172 = linear_select([
msg709,
msg710,
]);
var msg711 = match({
id: "MESSAGE#125:109003:01/3",
dissect: {
tokenizer: "all servers failed) %{->}",
field: "nwparser.p2",
},
});
var msg712 = match({
id: "MESSAGE#125:109003:01/3",
dissect: {
tokenizer: "server %{hostip->} failed) ",
field: "nwparser.p2",
},
});
var select173 = linear_select([
msg711,
msg712,
]);
var all186 = all_match({
processors: [
msg706,
select171,
select172,
select173,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109003:01"),
}),
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup291,
dup337,
]),
});
var select174 = linear_select([
msg705,
all186,
]);
var msg713 = match({
id: "MESSAGE#854:713020",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->} payload: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("713020"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg714 = match({
id: "MESSAGE#975:713906:01/1",
dissect: {
tokenizer: "%{->} %{event_description->} flags %{fld5->}, refcnt %{fld6->}, tuncnt %{fld7->}",
field: "nwparser.p0",
},
});
var msg715 = match({
id: "MESSAGE#975:713906:01/1",
dissect: {
tokenizer: "%{->} %{event_description->} %{fld9->} flags %{fld5->}, refcnt %{fld6->}, tuncnt %{fld7->}",
field: "nwparser.p0",
},
});
var msg716 = match({
id: "MESSAGE#975:713906:01/1",
dissect: {
tokenizer: "%{event_description->} (%{fld1->}) %{fld2->} ",
field: "nwparser.p0",
},
});
var select175 = linear_select([
dup340,
msg714,
msg715,
msg716,
dup304,
]);
var all187 = all_match({
processors: [
dup339,
select175,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713906:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg717 = match({
id: "MESSAGE#976:713906:03/1",
dissect: {
tokenizer: "%{event_description->} flags %{fld1->}, refcnt %{fld2->}, tuncnt %{fld3->}",
field: "nwparser.p0",
},
});
var msg718 = match({
id: "MESSAGE#976:713906:03/1",
dissect: {
tokenizer: "%{event_description->} for remote peer %{fld1->}",
field: "nwparser.p0",
},
});
var select176 = linear_select([
msg717,
dup340,
msg718,
dup304,
]);
var all188 = all_match({
processors: [
dup341,
select176,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713906:03"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg719 = match({
id: "MESSAGE#977:713906/1",
dissect: {
tokenizer: "%{->}Responder: %{event_description->} TCP port: %{network_port->} peer TCP port: %{fld1->} ",
field: "nwparser.p0",
},
});
var select177 = linear_select([
msg719,
dup304,
]);
var all189 = all_match({
processors: [
dup342,
select177,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713906"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg720 = match({
id: "MESSAGE#978:713906:02",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713906:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select178 = linear_select([
all187,
all188,
all189,
msg720,
]);
var msg721 = match({
id: "MESSAGE#702:507001",
dissect: {
tokenizer: "Terminating TCP-Proxy connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} - %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("507001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("TCP-Proxy connection terminated"),
}),
]),
});
var msg722 = match({
id: "MESSAGE#1023:715050",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715050"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg723 = match({
id: "MESSAGE#191:113014/0",
dissect: {
tokenizer: "AAA auth%{p0->}",
field: "nwparser.payload",
},
});
var msg724 = match({
id: "MESSAGE#191:113014/2",
dissect: {
tokenizer: "ation server not accessible : server = %{hostip->} : user = %{p2->}",
field: "nwparser.p1",
},
});
var all190 = all_match({
processors: [
msg723,
dup343,
msg724,
dup237,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("113014"),
}),
dup17,
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("server not accessible"),
}),
]),
});
var msg725 = match({
id: "MESSAGE#270:302001",
dissect: {
tokenizer: "Built inbound TCP connection %{fld1->} for faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup192,
]),
});
var msg726 = match({
id: "MESSAGE#271:302001:01",
dissect: {
tokenizer: "Built outbound TCP connection %{fld1->} for faddr %{daddr->}/%{dport->} gaddr %{hostip->}/%{network_port->} laddr %{saddr->}/%{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302001:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
]),
});
var msg727 = match({
id: "MESSAGE#272:302001:02",
dissect: {
tokenizer: "Built TCP connection %{fld1->} for faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302001:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg728 = match({
id: "MESSAGE#273:302001:03",
dissect: {
tokenizer: "Built outbound TCP connection %{fld1->} for %{dinterface->}:%{daddr->}/%{dport->} (%{hostip->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302001:03"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg729 = match({
id: "MESSAGE#274:302001:04",
dissect: {
tokenizer: "Built %{direction->} TCP connection %{fld1->} for %{sinterface->}:%{saddr->}/%{sport->} (%{hostip->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302001:04"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select179 = linear_select([
msg725,
msg726,
msg727,
msg728,
msg729,
]);
var msg730 = match({
id: "MESSAGE#464:331001",
dissect: {
tokenizer: "Dynamic DNS Update for '%{domain->}' \u003c\u003c=> %{hostip->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("331001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic DNS Update failed"),
}),
]),
});
var msg731 = match({
id: "MESSAGE#674:500001",
dissect: {
tokenizer: "ActiveX content modified src %{saddr->} dest %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("500001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg732 = match({
id: "MESSAGE#199:113023",
dissect: {
tokenizer: "AAA Marking %{protocol->} server %{hostip->} in aaa-server group %{fld1->} as ACTIVE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("113023"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AAA marking Server as ACTIVE"),
}),
]),
});
var msg733 = match({
id: "MESSAGE#283:313009",
dissect: {
tokenizer: "Denied invalid %{protocol->} code %{icmpcode->}, for %{sinterface->}:%{saddr->}/%{sport->} (%{hostip->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{fld3->}), ICMP id %{fld4->}, ICMP type %{icmptype->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("313009"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
]),
});
var msg734 = match({
id: "MESSAGE#612:409010",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("409010"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg735 = match({
id: "MESSAGE#1125:720029",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720029"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all191 = all_match({
processors: [
dup77,
dup78,
dup168,
],
on_success: processor_chain([
dup169,
set_field({
dest: "nwparser.msg_id1",
value: constant("724003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg736 = match({
id: "MESSAGE#79:106014/0",
dissect: {
tokenizer: "Deny %{direction->} %{p0->}",
field: "nwparser.payload",
},
});
var msg737 = match({
id: "MESSAGE#79:106014/2",
dissect: {
tokenizer: "ICMP%{p1->}",
field: "nwparser.p0",
},
});
var msg738 = match({
id: "MESSAGE#79:106014/2",
dissect: {
tokenizer: "icmp%{p1->}",
field: "nwparser.p0",
},
});
var select180 = linear_select([
msg737,
msg738,
]);
var msg739 = match({
id: "MESSAGE#79:106014/2",
dissect: {
tokenizer: "%{->}src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.p1",
},
});
var all192 = all_match({
processors: [
msg736,
select180,
msg739,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106014"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup259,
dup196,
]),
});
var all193 = all_match({
processors: [
dup22,
dup23,
dup329,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713060"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup330,
]),
});
var msg740 = match({
id: "MESSAGE#1121:720025",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720025"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg741 = match({
id: "MESSAGE#1137:720045",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("720045"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg742 = match({
id: "MESSAGE#350:303005",
dissect: {
tokenizer: "Strict FTP inspection matched Class 25: %{info->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("303005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Strict FTP inspection matched Class 25"),
}),
]),
});
var msg743 = match({
id: "MESSAGE#497:400000",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400000"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg744 = match({
id: "MESSAGE#1226:735012",
dissect: {
tokenizer: "Power Supply %{dclass_counter1->}: Fan Failure Detected",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("735012"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Fan Failure Detected"),
}),
]),
});
var msg745 = match({
id: "MESSAGE#797:620001:01/0",
dissect: {
tokenizer: "Pre-allocate CTIQBE RT%{p0->}",
field: "nwparser.payload",
},
});
var select181 = linear_select([
dup344,
]);
var msg746 = match({
id: "MESSAGE#797:620001:01/2",
dissect: {
tokenizer: "P secondary channel for %{sinterface->}: %{p2->}",
field: "nwparser.p1",
},
});
var msg747 = match({
id: "MESSAGE#797:620001:01/6",
dissect: {
tokenizer: "%{daddr->}/%{dport->} from %{p5->}",
field: "nwparser.p4",
},
});
var msg748 = match({
id: "MESSAGE#797:620001:01/6",
dissect: {
tokenizer: "%{daddr->} from %{p5->}",
field: "nwparser.p4",
},
});
var select182 = linear_select([
msg747,
msg748,
]);
var msg749 = match({
id: "MESSAGE#797:620001:01/6",
dissect: {
tokenizer: "%{fld1->}",
field: "nwparser.p5",
},
});
var all194 = all_match({
processors: [
msg745,
select181,
msg746,
dup345,
dup346,
select182,
msg749,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("620001:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup347,
]),
});
var msg750 = match({
id: "MESSAGE#798:620001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("620001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select183 = linear_select([
all194,
msg750,
]);
var msg751 = match({
id: "MESSAGE#1297:752003",
dissect: {
tokenizer: "Tunnel Manager dispatching a %{info->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel Manager dispatching"),
}),
]),
});
var msg752 = match({
id: "MESSAGE#209:199008/0",
dissect: {
tokenizer: "Scheduled reload for %{fld1->} cancelled by %{p0->}",
field: "nwparser.payload",
},
});
var msg753 = match({
id: "MESSAGE#209:199008/2",
dissect: {
tokenizer: "%{fld2->}",
field: "nwparser.p1",
},
});
var all195 = all_match({
processors: [
msg752,
dup104,
msg753,
],
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("199008"),
}),
dup17,
dup13,
dup38,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Scheduled reload"),
}),
dup4,
dup5,
]),
});
var msg754 = match({
id: "MESSAGE#366:305004",
dissect: {
tokenizer: "Teardown portmap translation for global %{hostip->}/%{network_port->} local %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("teardown portmap translation"),
}),
]),
});
var msg755 = match({
id: "MESSAGE#604:409002",
dissect: {
tokenizer: "%{fld1->}: external LSA %{hostip->} %{fld->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("409002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg756 = match({
id: "MESSAGE#788:615001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("615001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg757 = match({
id: "MESSAGE#1045:716001/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} session started",
field: "nwparser.p1",
},
});
var all196 = all_match({
processors: [
dup77,
dup78,
msg757,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("716001"),
}),
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session started"),
}),
]),
});
var msg758 = match({
id: "MESSAGE#258:212005/0",
dissect: {
tokenizer: "%{direction->} %{protocol->} request (%{bytes->} bytes) %{p0->}",
field: "nwparser.payload",
},
});
var msg759 = match({
id: "MESSAGE#258:212005/2",
dissect: {
tokenizer: "from IP address %{saddr->} Port %{sport->} Interface \"%{interface->}\" exceeds data buffer %{p1->}",
field: "nwparser.p0",
},
});
var msg760 = match({
id: "MESSAGE#258:212005/2",
dissect: {
tokenizer: "on interface %{interface->} exceeds data buffer %{p1->}",
field: "nwparser.p0",
},
});
var select184 = linear_select([
msg759,
msg760,
]);
var msg761 = match({
id: "MESSAGE#258:212005/3",
dissect: {
tokenizer: "SIZE%{p2->}",
field: "nwparser.p1",
},
});
var msg762 = match({
id: "MESSAGE#258:212005/3",
dissect: {
tokenizer: "size%{p2->}",
field: "nwparser.p1",
},
});
var select185 = linear_select([
msg761,
msg762,
]);
var msg763 = match({
id: "MESSAGE#258:212005/3",
dissect: {
tokenizer: ", %{result->}",
field: "nwparser.p2",
},
});
var all197 = all_match({
processors: [
msg758,
select184,
select185,
msg763,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("212005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("incoming request exceeds data buffer size"),
}),
]),
});
var msg764 = match({
id: "MESSAGE#705:508001/0",
dissect: {
tokenizer: "DCERPC %{p0->}",
field: "nwparser.payload",
},
});
var msg765 = match({
id: "MESSAGE#705:508001/2",
dissect: {
tokenizer: "unknown%{p1->}",
field: "nwparser.p0",
},
});
var msg766 = match({
id: "MESSAGE#705:508001/2",
dissect: {
tokenizer: "request%{p1->}",
field: "nwparser.p0",
},
});
var select186 = linear_select([
msg765,
msg766,
]);
var msg767 = match({
id: "MESSAGE#705:508001/2",
dissect: {
tokenizer: "%{->}non-standard major version %{version->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, %{result->}",
field: "nwparser.p1",
},
});
var all198 = all_match({
processors: [
msg764,
select186,
msg767,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("508001"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("DCERPC unknown non-standard major version on connection"),
}),
]),
});
var msg768 = match({
id: "MESSAGE#772:611316",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("611316"),
}),
dup7,
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg769 = match({
id: "MESSAGE#917:713172/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, Automatic NAT Detection Status:%{p1->}",
field: "nwparser.p0",
},
});
var msg770 = match({
id: "MESSAGE#917:713172/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Automatic NAT Detection Status:%{p1->}",
field: "nwparser.p0",
},
});
var msg771 = match({
id: "MESSAGE#917:713172/2",
dissect: {
tokenizer: "IP = %{saddr->}, Automatic NAT Detection Status:%{p1->}",
field: "nwparser.p0",
},
});
var select187 = linear_select([
msg769,
msg770,
msg771,
]);
var all199 = all_match({
processors: [
dup44,
select187,
dup48,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713172"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg772 = match({
id: "MESSAGE#121:108006",
dissect: {
tokenizer: "Detected %{network_service->} size violation from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}; %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Detected ESMTP size violation"),
}),
]),
});
var msg773 = match({
id: "MESSAGE#325:302020/0",
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{p0->}",
field: "nwparser.payload",
},
});
var msg774 = match({
id: "MESSAGE#325:302020/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{domain->}\\%{fld1->}) gaddr %{p1->}",
field: "nwparser.p0",
},
});
var msg775 = match({
id: "MESSAGE#325:302020/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{fld20->}) gaddr %{p1->}",
field: "nwparser.p0",
},
});
var msg776 = match({
id: "MESSAGE#325:302020/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} gaddr %{p1->}",
field: "nwparser.p0",
},
});
var msg777 = match({
id: "MESSAGE#325:302020/2",
dissect: {
tokenizer: "%{saddr->}(%{fld11->}) gaddr %{p1->}",
field: "nwparser.p0",
},
});
var msg778 = match({
id: "MESSAGE#325:302020/2",
dissect: {
tokenizer: "%{saddr->} gaddr %{p1->}",
field: "nwparser.p0",
},
});
var select188 = linear_select([
msg774,
msg775,
msg776,
msg777,
msg778,
]);
var msg779 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{hostip->}/%{fld4->} laddr %{p2->}",
field: "nwparser.p1",
},
});
var select189 = linear_select([
msg779,
dup348,
]);
var msg780 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->} (%{fld12->}) type %{icmptype->} code %{icmpcode->}",
field: "nwparser.p2",
},
});
var msg781 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->} type %{icmptype->} code %{icmpcode->}",
field: "nwparser.p2",
},
});
var msg782 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{username->})",
field: "nwparser.p2",
},
});
var msg783 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p2",
},
});
var msg784 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}(%{fld10->})",
field: "nwparser.p2",
},
});
var msg785 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{daddr->}",
field: "nwparser.p2",
},
});
var select190 = linear_select([
msg780,
msg781,
msg782,
msg783,
msg784,
msg785,
]);
var all200 = all_match({
processors: [
msg773,
select188,
select189,
select190,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020"),
}),
dup42,
dup43,
dup40,
dup2,
dup35,
dup4,
dup5,
dup192,
]),
});
var msg786 = match({
id: "MESSAGE#326:302020:04/0",
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr->}/%{dport->}(%{domain->}\\%{username->}) gaddr %{hostip->}/%{fld4->} laddr %{saddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var msg787 = match({
id: "MESSAGE#326:302020:04/1",
dissect: {
tokenizer: "%{sport->}(%{fld10->})",
field: "nwparser.p0",
},
});
var select191 = linear_select([
msg787,
dup349,
dup350,
]);
var all201 = all_match({
processors: [
msg786,
select191,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020:04"),
}),
dup42,
dup43,
dup40,
dup2,
dup35,
dup4,
dup5,
dup194,
]),
});
var msg788 = match({
id: "MESSAGE#327:302020:03/0",
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{daddr->}/%{dport->} gaddr %{hostip->}/%{fld4->} laddr %{saddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var msg789 = match({
id: "MESSAGE#327:302020:03/1",
dissect: {
tokenizer: "%{sport->}(%{domain->}\\%{username->})",
field: "nwparser.p0",
},
});
var msg790 = match({
id: "MESSAGE#327:302020:03/1",
dissect: {
tokenizer: "%{sport->}(%{fld20->}) type %{icmptype->} code %{icmpcode->}",
field: "nwparser.p0",
},
});
var msg791 = match({
id: "MESSAGE#327:302020:03/1",
dissect: {
tokenizer: "%{sport->}(%{username->})",
field: "nwparser.p0",
},
});
var select192 = linear_select([
msg789,
msg790,
dup349,
msg791,
dup350,
]);
var all202 = all_match({
processors: [
msg788,
select192,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020:03"),
}),
dup42,
dup43,
dup40,
dup2,
dup35,
dup4,
dup5,
dup194,
]),
});
var msg792 = match({
id: "MESSAGE#328:302020:05/0",
dissect: {
tokenizer: "Built inbound ICMP connection for faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{fld4->} laddr %{p0->}",
field: "nwparser.payload",
},
});
var msg793 = match({
id: "MESSAGE#328:302020:05/1",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{fld10->})",
field: "nwparser.p0",
},
});
var msg794 = match({
id: "MESSAGE#328:302020:05/1",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p0",
},
});
var select193 = linear_select([
msg793,
msg794,
]);
var all203 = all_match({
processors: [
msg792,
select193,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020:05"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup192,
]),
});
var msg795 = match({
id: "MESSAGE#329:302020:01/0",
dissect: {
tokenizer: "Built outbound ICMP connection for faddr %{p0->}",
field: "nwparser.payload",
},
});
var msg796 = match({
id: "MESSAGE#329:302020:01/2",
dissect: {
tokenizer: "%{daddr->}(%{fld10->}) gaddr %{p1->}",
field: "nwparser.p0",
},
});
var msg797 = match({
id: "MESSAGE#329:302020:01/2",
dissect: {
tokenizer: "%{daddr->} gaddr %{p1->}",
field: "nwparser.p0",
},
});
var select194 = linear_select([
msg796,
msg797,
]);
var msg798 = match({
id: "MESSAGE#329:302020:01/3",
dissect: {
tokenizer: "%{saddr->}(%{fld11->})",
field: "nwparser.p2",
},
});
var msg799 = match({
id: "MESSAGE#329:302020:01/3",
dissect: {
tokenizer: "%{saddr->}",
field: "nwparser.p2",
},
});
var select195 = linear_select([
msg798,
msg799,
]);
var all204 = all_match({
processors: [
msg795,
select194,
dup348,
select195,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
]),
});
var msg800 = match({
id: "MESSAGE#330:302020:02",
dissect: {
tokenizer: "Built ICMP connection for faddr %{saddr->} gaddr %{hostip->} laddr %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302020:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select196 = linear_select([
all200,
all201,
all202,
all203,
all204,
msg800,
]);
var msg801 = match({
id: "MESSAGE#654:419002",
dissect: {
tokenizer: "%{action->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} with different initial sequence number",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("419002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg802 = match({
id: "MESSAGE#909:713149",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, Hardware client security attribute %{change_attribute->} was enabled but not requested",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713149"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Hardware client security attribute was enabled but not requested"),
}),
]),
});
var msg803 = match({
id: "MESSAGE#1156:722006",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Invalid address \u003c\u003c%{daddr->}> assigned to SVC connection",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("722006"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid address assigned to SVC connection"),
}),
]),
});
var msg804 = match({
id: "MESSAGE#1213:733103",
dissect: {
tokenizer: "Threat-detection removes host %{hostip->} from shun list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("733103"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg805 = match({
id: "MESSAGE#1261:746018",
dissect: {
tokenizer: "%{application->}: Update import-user %{domain->}\\\\%{group->} done",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746018"),
}),
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Update import-user done"),
}),
]),
});
var msg806 = match({
id: "MESSAGE#144:109020/2",
dissect: {
tokenizer: "'%{listnum->}' has config error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var msg807 = match({
id: "MESSAGE#144:109020/2",
dissect: {
tokenizer: "%{listnum->} has config error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var select197 = linear_select([
msg806,
msg807,
]);
var msg808 = match({
id: "MESSAGE#144:109020/2",
dissect: {
tokenizer: ": '%{info->}' ",
field: "nwparser.p1",
},
});
var msg809 = match({
id: "MESSAGE#144:109020/2",
dissect: {
tokenizer: "%{space->} ",
field: "nwparser.p1",
},
});
var select198 = linear_select([
msg808,
msg809,
]);
var all205 = all_match({
processors: [
dup96,
select197,
select198,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109020"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Downloaded ACL has config error"),
}),
]),
});
var msg810 = match({
id: "MESSAGE#782:612003",
dissect: {
tokenizer: "Auto Update failed to contact:%{url->}, reason:%{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("612003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg811 = match({
id: "MESSAGE#1272:752008",
dissect: {
tokenizer: "Duplicate entry already in Tunnel Manager%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752008"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Duplicate entry already in Tunnel Manager"),
}),
]),
});
var msg812 = match({
id: "MESSAGE#234:203001",
dissect: {
tokenizer: "%{info->} Error: No Key SPI %{fld1->} SRC %{saddr->} DEST %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("203001"),
}),
dup11,
dup12,
dup87,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("No Key SPI"),
}),
dup4,
dup5,
]),
});
var msg813 = match({
id: "MESSAGE#493:338307",
dissect: {
tokenizer: "Failed to decrypt downloaded dynamic filter database file%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("338307"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg814 = match({
id: "MESSAGE#693:505004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup351,
set_field({
dest: "nwparser.msg_id1",
value: constant("505004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg815 = match({
id: "MESSAGE#938:713225",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Static Crypto Map check, map %{fld1->}, seq = %{fld2->} is a successful match",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713225"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup8,
]),
});
var msg816 = match({
id: "MESSAGE#495:338309",
dissect: {
tokenizer: "The license on this ASA does not support dynamic filter updater feature.%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("338309"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg817 = match({
id: "MESSAGE#668:444102",
dissect: {
tokenizer: "%{result->}. License server is not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444102"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("License server is not responding"),
}),
]),
});
var all206 = all_match({
processors: [
dup352,
dup353,
dup354,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("722001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg818 = match({
id: "MESSAGE#1220:734004",
dissect: {
tokenizer: "DAP: Processing error: Code %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734004"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("DAP: Processing error"),
}),
dup4,
dup5,
]),
});
var msg819 = match({
id: "MESSAGE#339:302025",
dissect: {
tokenizer: "Teardown stub %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} forwarded bytes %{bytes->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302025"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup306,
]),
});
var msg820 = match({
id: "MESSAGE#601:408001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("408001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg821 = match({
id: "MESSAGE#720:603101",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("603101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg822 = match({
id: "MESSAGE#284:302006",
dissect: {
tokenizer: "Teardown UDP connection for faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302006"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
dup170,
]),
});
var msg823 = match({
id: "MESSAGE#285:302006:01",
dissect: {
tokenizer: "Teardown UDP connection %{fld1->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302006:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
dup170,
]),
});
var select199 = linear_select([
msg822,
msg823,
]);
var msg824 = match({
id: "MESSAGE#553:401005/2",
dissect: {
tokenizer: "%{->}add failed: unable to allocate resources for %{p2->}",
field: "nwparser.p1",
},
});
var msg825 = match({
id: "MESSAGE#553:401005/3",
dissect: {
tokenizer: "%{saddr->} %{daddr->} %{sport->} %{dport->} ",
field: "nwparser.p2",
},
});
var msg826 = match({
id: "MESSAGE#553:401005/3",
dissect: {
tokenizer: "%{hostip->} ",
field: "nwparser.p2",
},
});
var select200 = linear_select([
msg825,
msg826,
]);
var all207 = all_match({
processors: [
dup162,
dup279,
msg824,
select200,
],
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("401005"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Shun add failed"),
}),
dup4,
dup5,
]),
});
var msg827 = match({
id: "MESSAGE#565:402124",
dissect: {
tokenizer: "CRYPTO: The %{product->} encountered an error (%{info->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup355,
set_field({
dest: "nwparser.msg_id1",
value: constant("402124"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup356,
]),
});
var msg828 = match({
id: "MESSAGE#90:106022",
dissect: {
tokenizer: "Deny %{protocol->} connection spoof from %{saddr->} to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("106022"),
}),
dup99,
dup320,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg829 = match({
id: "MESSAGE#179:113003/0",
dissect: {
tokenizer: "AAA group policy for user %{p0->}",
field: "nwparser.payload",
},
});
var msg830 = match({
id: "MESSAGE#179:113003/2",
dissect: {
tokenizer: "'%{username->}' is being set to %{p1->}",
field: "nwparser.p0",
},
});
var msg831 = match({
id: "MESSAGE#179:113003/2",
dissect: {
tokenizer: "%{username->} is being set to %{p1->}",
field: "nwparser.p0",
},
});
var select201 = linear_select([
msg830,
msg831,
]);
var msg832 = match({
id: "MESSAGE#179:113003/2",
dissect: {
tokenizer: "%{policyname->}. ",
field: "nwparser.p1",
},
});
var msg833 = match({
id: "MESSAGE#179:113003/2",
dissect: {
tokenizer: "%{policyname->} ",
field: "nwparser.p1",
},
});
var select202 = linear_select([
msg832,
msg833,
]);
var all208 = all_match({
processors: [
msg829,
select201,
select202,
],
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("113003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AAA group policy set for user"),
}),
]),
});
var msg834 = match({
id: "MESSAGE#221:201005",
dissect: {
tokenizer: "%{protocol->} data connection failed for %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("201005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("data connection failed"),
}),
]),
});
var msg835 = match({
id: "MESSAGE#240:209005",
dissect: {
tokenizer: "Discard IP fragment set with more than %{fld1->} elements: %{space->} src = %{saddr->}, dest = %{daddr->}, proto = %{protocol->}, id = %{policy_id->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("209005"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("Discarded IP fragment"),
}),
set_field({
dest: "nwparser.result",
value: constant("number of elements exceeded"),
}),
]),
});
var msg836 = match({
id: "MESSAGE#10:120003/0",
dissect: {
tokenizer: "Call-Home is processing %{p0->}",
field: "nwparser.payload",
},
});
var msg837 = match({
id: "MESSAGE#10:120003/2",
dissect: {
tokenizer: "configuration%{p1->}",
field: "nwparser.p0",
},
});
var msg838 = match({
id: "MESSAGE#10:120003/2",
dissect: {
tokenizer: "inventory%{p1->}",
field: "nwparser.p0",
},
});
var msg839 = match({
id: "MESSAGE#10:120003/2",
dissect: {
tokenizer: "snapshot%{p1->}",
field: "nwparser.p0",
},
});
var select203 = linear_select([
msg837,
msg838,
msg839,
]);
var msg840 = match({
id: "MESSAGE#10:120003/2",
dissect: {
tokenizer: "%{->}event %{info->}",
field: "nwparser.p1",
},
});
var all209 = all_match({
processors: [
msg836,
select203,
msg840,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120003"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home is processing event"),
}),
]),
});
var msg841 = match({
id: "MESSAGE#543:400046",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400046"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg842 = match({
id: "MESSAGE#579:403500",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("403500"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg843 = match({
id: "MESSAGE#444:321004",
dissect: {
tokenizer: "Resource %{fld1->} rate log level of %{fld2->} %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("321004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg844 = match({
id: "MESSAGE#856:713025/2",
dissect: {
tokenizer: "%{saddr->}, %{action->}:%{info->}",
field: "nwparser.p1",
},
});
var all210 = all_match({
processors: [
dup22,
dup23,
msg844,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713025"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg845 = match({
id: "MESSAGE#857:713025:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713025:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select204 = linear_select([
all210,
msg845,
]);
var msg846 = match({
id: "MESSAGE#950:713257",
dissect: {
tokenizer: "Phase %{fld1->} failure: Mismatched attribute types for class %{process->}: Rcv'd: %{fld2->} Cfg'd: %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713257"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Mismatched attribute types for class"),
}),
]),
});
var msg847 = match({
id: "MESSAGE#1194:725008",
dissect: {
tokenizer: "SSL client %{interface->}:%{hostip->}/%{network_port->} proposes the following %{fld1->} cipher(s).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg848 = match({
id: "MESSAGE#1195:725008:01",
dissect: {
tokenizer: "SSL client %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->} proposes the following %{fld1->} cipher(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725008:01"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select205 = linear_select([
msg847,
msg848,
]);
var msg849 = match({
id: "MESSAGE#49:105040",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("105040"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg850 = match({
id: "MESSAGE#59:106002/2",
dissect: {
tokenizer: "onnection denied by %{direction->} list %{fld1->} src %{saddr->}/%{sport->} dest %{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all211 = all_match({
processors: [
dup357,
dup358,
msg850,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106002"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg851 = match({
id: "MESSAGE#60:106002:01/2",
dissect: {
tokenizer: "onnection denied by %{direction->} list %{fld1->} src %{saddr->} %{sport->} dest %{daddr->} %{dport->}",
field: "nwparser.p1",
},
});
var all212 = all_match({
processors: [
dup357,
dup358,
msg851,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106002:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select206 = linear_select([
all211,
all212,
]);
var msg852 = match({
id: "MESSAGE#224:201008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201008"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("New connections disallowed"),
}),
]),
});
var msg853 = match({
id: "MESSAGE#409:313004",
dissect: {
tokenizer: "Denied ICMP type=%{icmptype->}, from laddr %{saddr->} on interface %{interface->} to %{daddr->}: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup359,
set_field({
dest: "nwparser.msg_id1",
value: constant("313004"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup27,
dup259,
set_field({
dest: "nwparser.event_description",
value: constant("Denied ICMP"),
}),
]),
});
var msg854 = match({
id: "MESSAGE#410:313004:01",
dissect: {
tokenizer: "Denied %{protocol->} type=%{icmptype->}, from %{saddr->} on interface %{interface->} to %{daddr->}:%{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup359,
set_field({
dest: "nwparser.msg_id1",
value: constant("313004:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Denied connection"),
}),
]),
});
var select207 = linear_select([
msg853,
msg854,
]);
var msg855 = match({
id: "MESSAGE#32:105007",
dissect: {
tokenizer: "(%{context->}) Link status 'Down' on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("105007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Link status down"),
}),
]),
});
var msg856 = match({
id: "MESSAGE#1203:725014",
dissect: {
tokenizer: "SSL lib error. Function: %{info->} Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("725014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SSL lib error"),
}),
]),
});
var msg857 = match({
id: "MESSAGE#1296:201012",
dissect: {
tokenizer: "Per-client embryonic connection limit exceeded %{fld1->} for input packet from %{saddr->}/%{sport->} to %{dhost->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("201012"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Per-client embryonic connection limit exceeded"),
}),
]),
});
var msg858 = match({
id: "MESSAGE#6:103001",
dissect: {
tokenizer: "(%{context->})%{event_description->} (reason code = %{resultcode->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup326,
set_field({
dest: "nwparser.msg_id1",
value: constant("103001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg859 = match({
id: "MESSAGE#76:106012/0",
dissect: {
tokenizer: "Deny IP from %{saddr->} %{p0->}",
field: "nwparser.payload",
},
});
var msg860 = match({
id: "MESSAGE#76:106012/2",
dissect: {
tokenizer: "from%{p1->}",
field: "nwparser.p0",
},
});
var msg861 = match({
id: "MESSAGE#76:106012/2",
dissect: {
tokenizer: "to%{p1->}",
field: "nwparser.p0",
},
});
var select208 = linear_select([
msg860,
msg861,
]);
var msg862 = match({
id: "MESSAGE#76:106012/2",
dissect: {
tokenizer: "%{->} %{daddr->}, IP options %{fld1->}",
field: "nwparser.p1",
},
});
var all213 = all_match({
processors: [
msg859,
select208,
msg862,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106012"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("IP connection denied"),
}),
]),
});
var msg863 = match({
id: "MESSAGE#1251:737032/2",
dissect: {
tokenizer: "Unable to remove %{saddr->} from standby: %{result->}",
field: "nwparser.p1",
},
});
var all214 = all_match({
processors: [
dup53,
dup54,
msg863,
],
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("737032"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to remove device from standby"),
}),
]),
});
var msg864 = match({
id: "MESSAGE#442:321002",
dissect: {
tokenizer: "Resource %{fld1->} rate limit of %{fld2->} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("321002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg865 = match({
id: "MESSAGE#814:702206:01/2",
dissect: {
tokenizer: "%{->}payload received (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all215 = all_match({
processors: [
dup360,
dup129,
msg865,
],
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("702206:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup361,
]),
});
var msg866 = match({
id: "MESSAGE#815:702206/2",
dissect: {
tokenizer: "%{->}payload received (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all216 = all_match({
processors: [
dup360,
dup129,
msg866,
],
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("702206"),
}),
dup7,
dup2,
dup3,
dup361,
dup4,
dup5,
]),
});
var select209 = linear_select([
all215,
all216,
]);
var msg867 = match({
id: "MESSAGE#980:714002",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714002"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg868 = match({
id: "MESSAGE#981:714002:01",
dissect: {
tokenizer: "IKE Initiator starting QM: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("714002:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator starting QM"),
}),
]),
});
var select210 = linear_select([
msg867,
msg868,
]);
var msg869 = match({
id: "MESSAGE#459:324006",
dissect: {
tokenizer: "GSN ip_addr tunnel limit %{fld1->} exceeded, PDP Context TID %{fld2->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg870 = match({
id: "MESSAGE#1212:733102",
dissect: {
tokenizer: "Threat-detection adds host %{hostip->} to shun list",
field: "nwparser.payload",
},
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("733102"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg871 = match({
id: "MESSAGE#68:106010",
dissect: {
tokenizer: "Deny %{direction->} protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106010"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg872 = match({
id: "MESSAGE#69:106010:01",
dissect: {
tokenizer: "Deny %{direction->} icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106010:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
dup111,
]),
});
var msg873 = match({
id: "MESSAGE#70:106010:02",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106010:02"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg874 = match({
id: "MESSAGE#71:106010:03",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106010:03"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select211 = linear_select([
msg871,
msg872,
msg873,
msg874,
]);
var msg875 = match({
id: "MESSAGE#1049:716007/1",
dissect: {
tokenizer: "\u003c\u003c%{username->}> WebVPN Unable to create session",
field: "nwparser.p0",
},
});
var msg876 = match({
id: "MESSAGE#1049:716007/1",
dissect: {
tokenizer: "'%{username->}' WebVPN Unable to create session",
field: "nwparser.p0",
},
});
var msg877 = match({
id: "MESSAGE#1049:716007/1",
dissect: {
tokenizer: "%{username->} WebVPN Unable to create session",
field: "nwparser.p0",
},
});
var select212 = linear_select([
msg875,
msg876,
msg877,
]);
var all217 = all_match({
processors: [
dup77,
select212,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716007"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to create session"),
}),
]),
});
var msg878 = match({
id: "MESSAGE#851:711004/0",
dissect: {
tokenizer: "%{event_description->} Process = %{process->}, PC = %{fld1->}, Call stack = %{fld2->}",
field: "nwparser.payload",
},
});
var select213 = linear_select([
msg878,
dup141,
]);
var all218 = all_match({
processors: [
select213,
],
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("711004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg879 = match({
id: "MESSAGE#983:714004",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714004"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg880 = match({
id: "MESSAGE#984:714004:01",
dissect: {
tokenizer: "IKE Initiator sending 1st QM pkt: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("714004:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator sending 1st QM pkt"),
}),
]),
});
var select214 = linear_select([
msg879,
msg880,
]);
var msg881 = match({
id: "MESSAGE#1094:718028",
dissect: {
tokenizer: "Send OOS indicator failure to [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718028"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Send OOS indicator failure"),
}),
]),
});
var msg882 = match({
id: "MESSAGE#201:199001:01/2",
dissect: {
tokenizer: "PIX r%{p1->}",
field: "nwparser.p0",
},
});
var msg883 = match({
id: "MESSAGE#201:199001:01/2",
dissect: {
tokenizer: "R%{p1->}",
field: "nwparser.p0",
},
});
var select215 = linear_select([
msg882,
msg883,
]);
var msg884 = match({
id: "MESSAGE#201:199001:01/2",
dissect: {
tokenizer: "eload command executed from %{p2->}",
field: "nwparser.p1",
},
});
var msg885 = match({
id: "MESSAGE#201:199001:01/3",
dissect: {
tokenizer: "%{process->} (remote %{hostip->}). ",
field: "nwparser.p2",
},
});
var msg886 = match({
id: "MESSAGE#201:199001:01/3",
dissect: {
tokenizer: "%{hostip->}. ",
field: "nwparser.p2",
},
});
var select216 = linear_select([
msg885,
msg886,
]);
var all219 = all_match({
processors: [
dup44,
select215,
msg884,
select216,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("199001:01"),
}),
dup14,
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Reload command executed"),
}),
dup4,
dup5,
]),
});
var msg887 = match({
id: "MESSAGE#202:199001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("199001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select217 = linear_select([
all219,
msg887,
]);
var msg888 = match({
id: "MESSAGE#590:405101/2",
dissect: {
tokenizer: "allocate %{service->} Call Signalling Connection for f%{p2->}",
field: "nwparser.p1",
},
});
var all220 = all_match({
processors: [
dup118,
dup115,
msg888,
dup119,
dup120,
dup121,
dup122,
dup123,
dup124,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("405101"),
}),
dup2,
dup3,
dup125,
dup4,
dup5,
]),
});
var msg889 = match({
id: "MESSAGE#666:444100",
dissect: {
tokenizer: "Shared license register request failed, Reason:%{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444100"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license register request failed"),
}),
]),
});
var msg890 = match({
id: "MESSAGE#770:611314",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("611314"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all221 = all_match({
processors: [
dup77,
dup78,
dup158,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722030"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup159,
]),
});
var msg891 = match({
id: "MESSAGE#1314:199016",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{fld6->}: [%{fld7->}] %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199016"),
}),
dup3,
dup4,
dup5,
]),
});
var msg892 = match({
id: "MESSAGE#56:105047/1",
dissect: {
tokenizer: "Mate%{p0->}",
field: "nwparser.payload",
},
});
var msg893 = match({
id: "MESSAGE#56:105047/1",
dissect: {
tokenizer: "%{info->} %{p0->}",
field: "nwparser.payload",
},
});
var select218 = linear_select([
msg892,
msg893,
]);
var msg894 = match({
id: "MESSAGE#56:105047/2",
dissect: {
tokenizer: "Matehas a %{p1->}",
field: "nwparser.p0",
},
});
var msg895 = match({
id: "MESSAGE#56:105047/2",
dissect: {
tokenizer: "%{space->}has a %{p1->}",
field: "nwparser.p0",
},
});
var select219 = linear_select([
msg894,
msg895,
]);
var msg896 = match({
id: "MESSAGE#56:105047/2",
dissect: {
tokenizer: "%{fld1->} card in slot %{fld2->} which is different from my %{fld3->}",
field: "nwparser.p1",
},
});
var all222 = all_match({
processors: [
select218,
select219,
msg896,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("105047"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Mate card is different"),
}),
]),
});
var msg897 = match({
id: "MESSAGE#173:111009/2",
dissect: {
tokenizer: "'%{username->}' executed cmd:%{p1->}",
field: "nwparser.p0",
},
});
var msg898 = match({
id: "MESSAGE#173:111009/2",
dissect: {
tokenizer: "%{username->} executed cmd:%{p1->}",
field: "nwparser.p0",
},
});
var select220 = linear_select([
msg897,
msg898,
]);
var all223 = all_match({
processors: [
dup262,
select220,
dup33,
],
on_success: processor_chain([
dup263,
set_field({
dest: "nwparser.msg_id1",
value: constant("111009"),
}),
dup2,
dup3,
dup4,
dup5,
dup362,
]),
});
var msg899 = match({
id: "MESSAGE#206:199005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup272,
set_field({
dest: "nwparser.msg_id1",
value: constant("199005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg900 = match({
id: "MESSAGE#451:323003",
dissect: {
tokenizer: "Module in slot %{fld1->} is not able to reload, reload request not answered.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("323003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg901 = match({
id: "MESSAGE#423:317001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("317001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg902 = match({
id: "MESSAGE#776:611320",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("611320"),
}),
dup7,
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg903 = match({
id: "MESSAGE#778:611322",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("611322"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg904 = match({
id: "MESSAGE#883:713107",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, IP address request attempt failed!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713107"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IP address request attempt failed"),
}),
]),
});
var msg905 = match({
id: "MESSAGE#34:105009",
dissect: {
tokenizer: "(%{context->}) Testing on interface %{interface->} %{disposition->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("105009"),
}),
dup2,
dup3,
dup4,
dup5,
dup363,
]),
});
var msg906 = match({
id: "MESSAGE#135:109014",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("109014"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg907 = match({
id: "MESSAGE#165:111001",
dissect: {
tokenizer: "Begin configuration: %{hostip->} writing to %{device->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("111001"),
}),
dup38,
dup13,
dup39,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Begin configuration writing to device"),
}),
]),
});
var msg908 = match({
id: "MESSAGE#275:302002",
dissect: {
tokenizer: "Teardown TCP connection %{connectionid->} faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} (%{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
dup364,
]),
});
var msg909 = match({
id: "MESSAGE#276:302002:01",
dissect: {
tokenizer: "Teardown TCP connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302002:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
dup364,
]),
});
var select221 = linear_select([
msg908,
msg909,
]);
var msg910 = match({
id: "MESSAGE#470:337009",
dissect: {
tokenizer: "Phone Proxy: Unable to create secure phone entry for %{sinterface->}:%{saddr->} with MAC address %{smacaddr->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("337009"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to create secure phone entry for endpoint"),
}),
]),
});
var msg911 = match({
id: "MESSAGE#581:403502",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("403502"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg912 = match({
id: "MESSAGE#584:403505",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403505"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg913 = match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} for peer %{peer->}. Reason: %{result->} %{info->}",
field: "nwparser.p1",
},
});
var all224 = all_match({
processors: [
dup9,
dup365,
msg913,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713050"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg914 = match({
id: "MESSAGE#1067:717006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg915 = match({
id: "MESSAGE#490:338304",
dissect: {
tokenizer: "Successfully downloaded dynamic filter data file from updater server %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("338304"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg916 = match({
id: "MESSAGE#551:401003/0",
dissect: {
tokenizer: "Shun delete%{p0->}",
field: "nwparser.payload",
},
});
var msg917 = match({
id: "MESSAGE#551:401003/2",
dissect: {
tokenizer: ": %{hostip->}",
field: "nwparser.p1",
},
});
var all225 = all_match({
processors: [
msg916,
dup89,
msg917,
],
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("401003"),
}),
dup108,
dup38,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shun deleted"),
}),
dup4,
dup5,
]),
});
var msg918 = match({
id: "MESSAGE#850:711002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("711002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all226 = all_match({
processors: [
dup44,
dup80,
dup243,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715064"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all227 = all_match({
processors: [
dup9,
dup242,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715027"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg919 = match({
id: "MESSAGE#345:303002/2",
dissect: {
tokenizer: "%{daddr->} %{action->} %{saddr->}:%{url->}",
field: "nwparser.p1",
},
});
var all228 = all_match({
processors: [
dup44,
dup66,
msg919,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("303002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup70,
dup71,
dup72,
dup73,
]),
});
var msg920 = match({
id: "MESSAGE#346:303002:02/0",
dissect: {
tokenizer: "FTP connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, user %{p0->}",
field: "nwparser.payload",
},
});
var select222 = linear_select([
dup366,
dup367,
]);
var msg921 = match({
id: "MESSAGE#346:303002:02/2",
dissect: {
tokenizer: "%{action->} file %{filename->}",
field: "nwparser.p1",
},
});
var all229 = all_match({
processors: [
msg920,
select222,
msg921,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("303002:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg922 = match({
id: "MESSAGE#347:303002:01",
dissect: {
tokenizer: "%{daddr->} %{action->} %{saddr->}:%{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("303002:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup70,
dup71,
dup72,
dup73,
]),
});
var select223 = linear_select([
all228,
all229,
msg922,
]);
var msg923 = match({
id: "MESSAGE#466:332004",
dissect: {
tokenizer: "Web Cache %{saddr->}/%{shost->} lost",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("332004"),
}),
dup2,
dup3,
dup4,
dup5,
dup112,
]),
});
var msg924 = match({
id: "MESSAGE#721:603102",
dissect: {
tokenizer: "PPP virtual interface %{interface->} - user: %{username->} aaa authentication started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("603102"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg925 = match({
id: "MESSAGE#988:714007",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE Initiator sending Initial Contact",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714007"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sending initial contact"),
}),
]),
});
var msg926 = match({
id: "MESSAGE#489:338303/0",
dissect: {
tokenizer: "Address %{hostip->} (%{web_domain->}) timed out%{p0->}",
field: "nwparser.payload",
},
});
var select224 = linear_select([
dup298,
dup368,
]);
var msg927 = match({
id: "MESSAGE#489:338303/2",
dissect: {
tokenizer: "%{->}Removing rule",
field: "nwparser.p1",
},
});
var all230 = all_match({
processors: [
msg926,
select224,
msg927,
],
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("338303"),
}),
dup108,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg928 = match({
id: "MESSAGE#803:701002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("701002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg929 = match({
id: "MESSAGE#24:104003",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg930 = match({
id: "MESSAGE#183:113006/2",
dissect: {
tokenizer: "'%{username->}' locked out on %{p1->}",
field: "nwparser.p0",
},
});
var msg931 = match({
id: "MESSAGE#183:113006/2",
dissect: {
tokenizer: "%{username->} locked out on %{p1->}",
field: "nwparser.p0",
},
});
var select225 = linear_select([
msg930,
msg931,
]);
var all231 = all_match({
processors: [
dup262,
select225,
dup173,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113006"),
}),
dup17,
set_field({
dest: "nwparser.ec_activity",
value: constant("Lockout"),
}),
dup18,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("User locked out"),
}),
]),
});
var msg932 = match({
id: "MESSAGE#331:302021/0",
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr->}/%{sport->}(%{sdomain->}\\%{fld5->}) gaddr %{p0->}",
field: "nwparser.payload",
},
});
var all232 = all_match({
processors: [
msg932,
dup369,
dup370,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302021"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup149,
dup259,
]),
});
var msg933 = match({
id: "MESSAGE#332:302021:02/0",
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr->}/%{sport->}(%{fld20->}) gaddr %{p0->}",
field: "nwparser.payload",
},
});
var msg934 = match({
id: "MESSAGE#332:302021:02/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{username->}) type %{p2->}",
field: "nwparser.p1",
},
});
var msg935 = match({
id: "MESSAGE#332:302021:02/3",
dissect: {
tokenizer: "%{daddr->}/%{dport->} type %{p2->}",
field: "nwparser.p1",
},
});
var select226 = linear_select([
msg934,
msg935,
]);
var msg936 = match({
id: "MESSAGE#332:302021:02/3",
dissect: {
tokenizer: "%{icmptype->} code %{icmpcode->}",
field: "nwparser.p2",
},
});
var all233 = all_match({
processors: [
msg933,
dup369,
select226,
msg936,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302021:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup149,
dup259,
]),
});
var msg937 = match({
id: "MESSAGE#333:302021:01/0",
dissect: {
tokenizer: "Teardown ICMP connection for faddr %{saddr->}/%{sport->} gaddr %{p0->}",
field: "nwparser.payload",
},
});
var all234 = all_match({
processors: [
msg937,
dup369,
dup370,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302021:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup149,
dup259,
]),
});
var select227 = linear_select([
all232,
all233,
all234,
]);
var msg938 = match({
id: "MESSAGE#463:326001",
dissect: {
tokenizer: "Unexpected error in the timer library: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("326001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg939 = match({
id: "MESSAGE#1122:720026",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720026"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg940 = match({
id: "MESSAGE#48:105039",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("105039"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg941 = match({
id: "MESSAGE#86:106018",
dissect: {
tokenizer: "%{protocol->} packet type %{fld1->} denied by %{direction->} list %{fld2->} src %{saddr->} dest %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106018"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup371,
]),
});
var msg942 = match({
id: "MESSAGE#540:400043",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400043"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg943 = match({
id: "MESSAGE#694:505005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup272,
set_field({
dest: "nwparser.msg_id1",
value: constant("505005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg944 = match({
id: "MESSAGE#1077:717027",
dissect: {
tokenizer: "Certificate chain failed validation. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("717027"),
}),
dup293,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Certificate chain failed validated"),
}),
]),
});
var msg945 = match({
id: "MESSAGE#1157:722010/0",
dissect: {
tokenizer: "Group %{p0->}",
field: "nwparser.payload",
},
});
var msg946 = match({
id: "MESSAGE#1157:722010/2",
dissect: {
tokenizer: "\u003c\u003c%{group->}> User %{p1->}",
field: "nwparser.p0",
},
});
var msg947 = match({
id: "MESSAGE#1157:722010/2",
dissect: {
tokenizer: "%{group->} User %{p1->}",
field: "nwparser.p0",
},
});
var select228 = linear_select([
msg946,
msg947,
]);
var msg948 = match({
id: "MESSAGE#1157:722010/3",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP %{p2->}",
field: "nwparser.p1",
},
});
var msg949 = match({
id: "MESSAGE#1157:722010/3",
dissect: {
tokenizer: "%{username->} IP %{p2->}",
field: "nwparser.p1",
},
});
var select229 = linear_select([
msg948,
msg949,
]);
var msg950 = match({
id: "MESSAGE#1157:722010/4",
dissect: {
tokenizer: "\u003c\u003c%{saddr->}> SVC Message: %{p3->}",
field: "nwparser.p2",
},
});
var msg951 = match({
id: "MESSAGE#1157:722010/4",
dissect: {
tokenizer: "%{saddr->} SVC Message: %{p3->}",
field: "nwparser.p2",
},
});
var select230 = linear_select([
msg950,
msg951,
]);
var msg952 = match({
id: "MESSAGE#1157:722010/4",
dissect: {
tokenizer: "%{info->}/%{result->}: %{event_description->}",
field: "nwparser.p3",
},
});
var all235 = all_match({
processors: [
msg945,
select228,
select229,
select230,
msg952,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("722010"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg953 = match({
id: "MESSAGE#247:210008",
dissect: {
tokenizer: "LU no xlate for %{saddr->}/%{sport->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("210008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg954 = match({
id: "MESSAGE#399:309002",
dissect: {
tokenizer: "Permitted manager connection from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("309002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("permitted manager connection"),
}),
]),
});
var msg955 = match({
id: "MESSAGE#853:713016",
dissect: {
tokenizer: "Group = %{host->}, IP = %{daddr->}, Unknown identification type, Phase %{fld1->}, Type %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1603060000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("713016"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all236 = all_match({
processors: [
dup305,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715047:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all237 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715047"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select231 = linear_select([
all236,
all237,
]);
var msg956 = match({
id: "MESSAGE#906:713143",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713143"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg957 = match({
id: "MESSAGE#1103:718056",
dissect: {
tokenizer: "Deleted Master peer, IP %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718056"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted Master peer"),
}),
]),
});
var msg958 = match({
id: "MESSAGE#1177:722050",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Session terminated: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("722050"),
}),
dup2,
dup3,
dup4,
dup5,
dup372,
]),
});
var msg959 = match({
id: "MESSAGE#1264:750002",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Received a IKE_INIT_SA request",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("750002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received a IKE_INIT_SA request"),
}),
]),
});
var msg960 = match({
id: "MESSAGE#5:102001",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("102001"),
}),
dup38,
dup39,
dup13,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg961 = match({
id: "MESSAGE#133:109012/0",
dissect: {
tokenizer: "Authen Session End: user %{p0->}",
field: "nwparser.payload",
},
});
var msg962 = match({
id: "MESSAGE#133:109012/2",
dissect: {
tokenizer: "%{sessionid->}, elapsed %{duration->} seconds",
field: "nwparser.p1",
},
});
var all238 = all_match({
processors: [
msg961,
dup373,
msg962,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109012"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Authen Session End"),
}),
]),
});
var msg963 = match({
id: "MESSAGE#438:319004",
dissect: {
tokenizer: "Route update for IP address %{daddr->} to %{fld1->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("319004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("route update failure"),
}),
]),
});
var msg964 = match({
id: "MESSAGE#526:400029",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400029"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all239 = all_match({
processors: [
dup374,
dup89,
dup288,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702210:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var all240 = all_match({
processors: [
dup374,
dup89,
dup290,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702210"),
}),
dup7,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var select232 = linear_select([
all239,
all240,
]);
var msg965 = match({
id: "MESSAGE#26:105001",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("105001"),
}),
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg966 = match({
id: "MESSAGE#40:105032",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("105032"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg967 = match({
id: "MESSAGE#50:105041",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("105041"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg968 = match({
id: "MESSAGE#129:109008/0",
dissect: {
tokenizer: "Authorization denied for user %{p0->}",
field: "nwparser.payload",
},
});
var all241 = all_match({
processors: [
msg968,
dup61,
dup62,
],
on_success: processor_chain([
dup98,
set_field({
dest: "nwparser.msg_id1",
value: constant("109008"),
}),
dup17,
dup99,
dup65,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Authorization failure"),
}),
]),
});
var msg969 = match({
id: "MESSAGE#198:113022",
dissect: {
tokenizer: "AAA Marking %{protocol->} server %{hostip->} in aaa-server group %{fld1->} as FAILED",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("113022"),
}),
set_field({
dest: "nwparser.ec_subject",
value: constant("Service"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AAA marking Server as FAILED"),
}),
]),
});
var msg970 = match({
id: "MESSAGE#244:210005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg971 = match({
id: "MESSAGE#929:713213/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} ,%{p1->}",
field: "nwparser.p0",
},
});
var msg972 = match({
id: "MESSAGE#929:713213/2",
dissect: {
tokenizer: "IP = %{saddr->} ,%{p1->}",
field: "nwparser.p0",
},
});
var select233 = linear_select([
msg971,
msg972,
]);
var all242 = all_match({
processors: [
dup44,
select233,
dup97,
],
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("713213"),
}),
dup7,
dup108,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Deleting static router for peer"),
}),
]),
});
var all243 = all_match({
processors: [
dup44,
dup47,
dup97,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715028"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg973 = match({
id: "MESSAGE#762:611306",
dissect: {
tokenizer: "VPNClient: Perfect Forward Secrecy Policy installed%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611306"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup269,
]),
});
var msg974 = match({
id: "MESSAGE#769:611313",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("611313"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg975 = match({
id: "MESSAGE#1238:737013",
dissect: {
tokenizer: "%{process->}: Error freeing address %{saddr->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737013"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Error freeing address"),
}),
]),
});
var msg976 = match({
id: "MESSAGE#175:111111",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("111111"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg977 = match({
id: "MESSAGE#246:210007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg978 = match({
id: "MESSAGE#603:409001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("409001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg979 = match({
id: "MESSAGE#611:409009",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409009"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg980 = match({
id: "MESSAGE#136:109015/0",
dissect: {
tokenizer: "Authorization denied (acl=\"%{listnum->}\") for user %{p0->}",
field: "nwparser.payload",
},
});
var all244 = all_match({
processors: [
msg980,
dup61,
dup62,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("109015"),
}),
dup17,
dup99,
dup18,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var msg981 = match({
id: "MESSAGE#137:109015:01/0",
dissect: {
tokenizer: "Authorization denied (acl=#%{listnum->}#%{group->}) for user %{p0->}",
field: "nwparser.payload",
},
});
var all245 = all_match({
processors: [
msg981,
dup61,
dup62,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("109015:01"),
}),
dup17,
dup99,
dup18,
dup14,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var all246 = all_match({
processors: [
dup179,
dup61,
dup62,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("109015:02"),
}),
dup17,
dup99,
dup18,
dup14,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var select234 = linear_select([
all244,
all245,
all246,
]);
var msg982 = match({
id: "MESSAGE#521:400024",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400024"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg983 = match({
id: "MESSAGE#617:410001/2",
dissect: {
tokenizer: "%{->}from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}; %{p2->}",
field: "nwparser.p1",
},
});
var msg984 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "domain-name%{p3->}",
field: "nwparser.p2",
},
});
var msg985 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "compression pointer%{p3->}",
field: "nwparser.p2",
},
});
var select235 = linear_select([
dup379,
dup380,
msg984,
msg985,
]);
var msg986 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "%{->}length %{bytes->} bytes exceeds %{p4->}",
field: "nwparser.p3",
},
});
var msg987 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "remaining packet length%{p5->}",
field: "nwparser.p4",
},
});
var msg988 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "%{->}configured%{p5->}",
field: "nwparser.p4",
},
});
var msg989 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "%{->}protocol%{p5->}",
field: "nwparser.p4",
},
});
var msg990 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "%{->}packet length%{p5->}",
field: "nwparser.p4",
},
});
var select236 = linear_select([
msg987,
msg988,
msg989,
msg990,
]);
var all247 = all_match({
processors: [
dup377,
dup378,
msg983,
select235,
msg986,
select236,
dup381,
],
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("410001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup382,
]),
});
var msg991 = match({
id: "MESSAGE#618:410001:02/2",
dissect: {
tokenizer: "%{->}from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}; %{p2->}",
field: "nwparser.p1",
},
});
var select237 = linear_select([
dup379,
dup380,
]);
var msg992 = match({
id: "MESSAGE#618:410001:02/4",
dissect: {
tokenizer: "%{->}length %{bytes->} bytes exceeds %{p4->}",
field: "nwparser.p3",
},
});
var msg993 = match({
id: "MESSAGE#618:410001:02/6",
dissect: {
tokenizer: "configured%{p5->}",
field: "nwparser.p4",
},
});
var msg994 = match({
id: "MESSAGE#618:410001:02/6",
dissect: {
tokenizer: "protocol%{p5->}",
field: "nwparser.p4",
},
});
var select238 = linear_select([
msg993,
msg994,
]);
var all248 = all_match({
processors: [
dup377,
dup378,
msg991,
select237,
msg992,
select238,
dup381,
],
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("410001:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup382,
]),
});
var msg995 = match({
id: "MESSAGE#619:410001:03",
dissect: {
tokenizer: "Dropped UDP DNS reply from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}; compression pointer length %{bytes->} bytes exceeds packet length limit of %{fld2->} bytes",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("410001:03"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP reply packet - length exceeded"),
}),
]),
});
var msg996 = match({
id: "MESSAGE#620:410001:01/0",
dissect: {
tokenizer: "UDP DNS packet dropped due to %{p0->}",
field: "nwparser.payload",
},
});
var msg997 = match({
id: "MESSAGE#620:410001:01/2",
dissect: {
tokenizer: "compression%{p1->}",
field: "nwparser.p0",
},
});
var msg998 = match({
id: "MESSAGE#620:410001:01/2",
dissect: {
tokenizer: "domainname%{p1->}",
field: "nwparser.p0",
},
});
var msg999 = match({
id: "MESSAGE#620:410001:01/2",
dissect: {
tokenizer: "label%{p1->}",
field: "nwparser.p0",
},
});
var msg1000 = match({
id: "MESSAGE#620:410001:01/2",
dissect: {
tokenizer: "packet%{p1->}",
field: "nwparser.p0",
},
});
var select239 = linear_select([
msg997,
msg998,
msg999,
msg1000,
]);
var msg1001 = match({
id: "MESSAGE#620:410001:01/2",
dissect: {
tokenizer: "%{->}length check of %{bytes->} bytes: actual length:%{fld11->} bytes",
field: "nwparser.p1",
},
});
var all249 = all_match({
processors: [
msg996,
select239,
msg1001,
],
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("410001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup382,
]),
});
var select240 = linear_select([
all247,
all248,
msg995,
all249,
]);
var msg1002 = match({
id: "MESSAGE#1099:718045",
dissect: {
tokenizer: "Created peer %{space->}[%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718045"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Created peer"),
}),
]),
});
var msg1003 = match({
id: "MESSAGE#1000:715020/2",
dissect: {
tokenizer: "%{saddr->}, construct_cfg_set: %{action->}",
field: "nwparser.p1",
},
});
var all250 = all_match({
processors: [
dup22,
dup23,
msg1003,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715020"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1004 = match({
id: "MESSAGE#775:611319",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("611319"),
}),
dup7,
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var all251 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713131"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1005 = match({
id: "MESSAGE#898:713131:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received unknown transaction mode attribute: %{change_attribute->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713131:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received unknown transaction mode attribute"),
}),
]),
});
var select241 = linear_select([
all251,
msg1005,
]);
var msg1006 = match({
id: "MESSAGE#229:202001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("202001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1007 = match({
id: "MESSAGE#277:302003",
dissect: {
tokenizer: "Built H245 connection for faddr %{saddr->} laddr %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var msg1008 = match({
id: "MESSAGE#1221:735003",
dissect: {
tokenizer: "Power Supply %{dclass_counter1->}: OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("735003"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply OK"),
}),
]),
});
var msg1009 = match({
id: "MESSAGE#1267:750007",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} SA DOWN. Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("750007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SA DOWN"),
}),
]),
});
var msg1010 = match({
id: "MESSAGE#171:111007/0",
dissect: {
tokenizer: "Begin configuration: %{p0->}",
field: "nwparser.payload",
},
});
var msg1011 = match({
id: "MESSAGE#171:111007/2",
dissect: {
tokenizer: "Console reading from %{p1->}",
field: "nwparser.p0",
},
});
var msg1012 = match({
id: "MESSAGE#171:111007/2",
dissect: {
tokenizer: "console reading from %{p1->}",
field: "nwparser.p0",
},
});
var msg1013 = match({
id: "MESSAGE#171:111007/2",
dissect: {
tokenizer: "%{hostip->} reading from %{p1->}",
field: "nwparser.p0",
},
});
var select242 = linear_select([
msg1011,
msg1012,
msg1013,
]);
var msg1014 = match({
id: "MESSAGE#171:111007/2",
dissect: {
tokenizer: "%{device->}",
field: "nwparser.p1",
},
});
var all252 = all_match({
processors: [
msg1010,
select242,
msg1014,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111007"),
}),
dup38,
dup327,
dup39,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Begin configuration - reading from device"),
}),
]),
});
var msg1015 = match({
id: "MESSAGE#193:113016/0",
dissect: {
tokenizer: "%{action->} : reason = %{result->} : server = %{hostip->} : user = %{p0->}",
field: "nwparser.payload",
},
});
var all253 = all_match({
processors: [
msg1015,
dup238,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113016"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1016 = match({
id: "MESSAGE#462:325002",
dissect: {
tokenizer: "Duplicate address %{hostip_v6->}/%{macaddr->} on %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("325002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1017 = match({
id: "MESSAGE#556:402103/0",
dissect: {
tokenizer: "identity doesn't match negotiated identity %{p0->}",
field: "nwparser.payload",
},
});
var msg1018 = match({
id: "MESSAGE#556:402103/2",
dissect: {
tokenizer: "ip%{p1->}",
field: "nwparser.p0",
},
});
var msg1019 = match({
id: "MESSAGE#556:402103/2",
dissect: {
tokenizer: "(ip)%{p1->}",
field: "nwparser.p0",
},
});
var select243 = linear_select([
msg1018,
msg1019,
]);
var msg1020 = match({
id: "MESSAGE#556:402103/2",
dissect: {
tokenizer: "%{->}dest_addr=%{daddr->}, src_addr=%{saddr->}, prot= %{protocol->}, (ident) %{info->}",
field: "nwparser.p1",
},
});
var all254 = all_match({
processors: [
msg1017,
select243,
msg1020,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402103"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("identity doesn't match"),
}),
dup4,
dup5,
]),
});
var msg1021 = match({
id: "MESSAGE#185:113009/2",
dissect: {
tokenizer: "(%{policyname->}) for user %{p1->}",
field: "nwparser.p0",
},
});
var msg1022 = match({
id: "MESSAGE#185:113009/2",
dissect: {
tokenizer: "%{policyname->} for user %{p1->}",
field: "nwparser.p0",
},
});
var select244 = linear_select([
msg1021,
msg1022,
]);
var msg1023 = match({
id: "MESSAGE#185:113009/3",
dissect: {
tokenizer: "= %{p3->}",
field: "nwparser.p2",
},
});
var all255 = all_match({
processors: [
dup383,
select244,
dup254,
msg1023,
dup384,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("113009"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup385,
]),
});
var msg1024 = match({
id: "MESSAGE#186:113009:01/2",
dissect: {
tokenizer: "(%{policyname->}) for %{p1->}",
field: "nwparser.p0",
},
});
var msg1025 = match({
id: "MESSAGE#186:113009:01/2",
dissect: {
tokenizer: "%{policyname->} for %{p1->}",
field: "nwparser.p0",
},
});
var select245 = linear_select([
msg1024,
msg1025,
]);
var msg1026 = match({
id: "MESSAGE#186:113009:01/2",
dissect: {
tokenizer: "%{daddr->}",
field: "nwparser.p1",
},
});
var all256 = all_match({
processors: [
dup383,
select245,
msg1026,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("113009:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup385,
]),
});
var select246 = linear_select([
all255,
all256,
]);
var msg1027 = match({
id: "MESSAGE#558:402114",
dissect: {
tokenizer: "IPSEC: Received an ESP packet %{space->} (%{result->}) from %{saddr->} to %{daddr->} with an invalid SPI",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402114"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received an ESP packet with an invalid SPI"),
}),
]),
});
var msg1028 = match({
id: "MESSAGE#692:505003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("505003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1029 = match({
id: "MESSAGE#878:713075/2",
dissect: {
tokenizer: "%{saddr->} , %{p2->}",
field: "nwparser.p1",
},
});
var msg1030 = match({
id: "MESSAGE#878:713075/3",
dissect: {
tokenizer: "%{event_description->} duration from %{fld1->} to %{fld2->} seconds",
field: "nwparser.p2",
},
});
var select247 = linear_select([
msg1030,
dup386,
]);
var all257 = all_match({
processors: [
dup22,
dup23,
msg1029,
select247,
],
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713075"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1031 = match({
id: "MESSAGE#879:713075:01/0",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} ,%{p0->}",
field: "nwparser.payload",
},
});
var msg1032 = match({
id: "MESSAGE#879:713075:01/1",
dissect: {
tokenizer: "%{event_description->} from %{fld1->} to %{fld2->} seconds ",
field: "nwparser.p0",
},
});
var select248 = linear_select([
msg1032,
dup304,
]);
var all258 = all_match({
processors: [
msg1031,
select248,
],
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713075:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select249 = linear_select([
all257,
all258,
]);
var msg1033 = match({
id: "MESSAGE#840:709007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("709007"),
}),
dup38,
dup39,
dup19,
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Configuration replication failure"),
}),
dup4,
dup5,
]),
});
var msg1034 = match({
id: "MESSAGE#445:322001",
dissect: {
tokenizer: "Deny MAC address %{daddr->}, possible spoof attempt on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("322001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied mac address"),
}),
set_field({
dest: "nwparser.result",
value: constant("possible spoof attempt"),
}),
]),
});
var msg1035 = match({
id: "MESSAGE#586:404101",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("404101"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1036 = match({
id: "MESSAGE#621:411001/0",
dissect: {
tokenizer: "Line protocol on Interface %{interface->} %{p0->}",
field: "nwparser.payload",
},
});
var msg1037 = match({
id: "MESSAGE#621:411001/1",
dissect: {
tokenizer: ", %{result->} ",
field: "nwparser.p0",
},
});
var select250 = linear_select([
msg1037,
dup285,
]);
var all259 = all_match({
processors: [
msg1036,
select250,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("411001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1038 = match({
id: "MESSAGE#633:415002",
dissect: {
tokenizer: "%{sigid->} HTTP Instant Messenger detected - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Instant Messenger detected"),
}),
]),
});
var msg1039 = match({
id: "MESSAGE#642:415009",
dissect: {
tokenizer: "%{sigid->} HTTP Header length exceeded. Received %{priority->} byte Header - %{listnum->} header length exceeded from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415009"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Header length exceeded"),
}),
]),
});
var msg1040 = match({
id: "MESSAGE#655:419003",
dissect: {
tokenizer: "Cleared TCP urgent flag from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("419003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Cleared TCP urgent flag"),
}),
]),
});
var msg1041 = match({
id: "MESSAGE#412:314001/2",
dissect: {
tokenizer: "-allocated%{p1->}",
field: "nwparser.p0",
},
});
var msg1042 = match({
id: "MESSAGE#412:314001/2",
dissect: {
tokenizer: "-allocate%{p1->}",
field: "nwparser.p0",
},
});
var msg1043 = match({
id: "MESSAGE#412:314001/2",
dissect: {
tokenizer: "allocate%{p1->}",
field: "nwparser.p0",
},
});
var select251 = linear_select([
msg1041,
msg1042,
msg1043,
]);
var msg1044 = match({
id: "MESSAGE#412:314001/2",
dissect: {
tokenizer: "%{->}RTSP %{protocol->} backconnection for %{p2->}",
field: "nwparser.p1",
},
});
var msg1045 = match({
id: "MESSAGE#412:314001/4",
dissect: {
tokenizer: "faddr %{p3->}",
field: "nwparser.p2",
},
});
var msg1046 = match({
id: "MESSAGE#412:314001/4",
dissect: {
tokenizer: "foreign_address %{p3->}",
field: "nwparser.p2",
},
});
var msg1047 = match({
id: "MESSAGE#412:314001/4",
dissect: {
tokenizer: "%{sinterface->}:%{p3->}",
field: "nwparser.p2",
},
});
var select252 = linear_select([
msg1045,
msg1046,
msg1047,
]);
var msg1048 = match({
id: "MESSAGE#412:314001/4",
dissect: {
tokenizer: "%{->} %{saddr->} %{p4->}",
field: "nwparser.p3",
},
});
var msg1049 = match({
id: "MESSAGE#412:314001/6",
dissect: {
tokenizer: "/%{sport->} to %{p5->}",
field: "nwparser.p4",
},
});
var select253 = linear_select([
msg1049,
]);
var msg1050 = match({
id: "MESSAGE#412:314001/7",
dissect: {
tokenizer: "laddr %{p6->}",
field: "nwparser.p5",
},
});
var msg1051 = match({
id: "MESSAGE#412:314001/7",
dissect: {
tokenizer: "local_address %{p6->}",
field: "nwparser.p5",
},
});
var msg1052 = match({
id: "MESSAGE#412:314001/7",
dissect: {
tokenizer: "%{dinterface->}:%{p6->}",
field: "nwparser.p5",
},
});
var select254 = linear_select([
msg1050,
msg1051,
msg1052,
]);
var msg1053 = match({
id: "MESSAGE#412:314001/7",
dissect: {
tokenizer: "%{daddr->}/ %{p7->}",
field: "nwparser.p6",
},
});
var msg1054 = match({
id: "MESSAGE#412:314001/8",
dissect: {
tokenizer: "%{dport->}. ",
field: "nwparser.p7",
},
});
var msg1055 = match({
id: "MESSAGE#412:314001/8",
dissect: {
tokenizer: "%{dport->} ",
field: "nwparser.p7",
},
});
var select255 = linear_select([
msg1054,
msg1055,
]);
var all260 = all_match({
processors: [
dup114,
select251,
msg1044,
select252,
msg1048,
select253,
select254,
msg1053,
select255,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("314001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocated connection"),
}),
]),
});
var all261 = all_match({
processors: [
dup339,
dup387,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715036:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all262 = all_match({
processors: [
dup341,
dup387,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715036"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select256 = linear_select([
all261,
all262,
]);
var msg1056 = match({
id: "MESSAGE#1144:720068",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720068"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1057 = match({
id: "MESSAGE#549:401001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("401001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1058 = match({
id: "MESSAGE#577:403109",
dissect: {
tokenizer: "Rec'd packet not an PPTP packet. (%{service->}) dest_addr=%{daddr->}, src_addr=%{saddr->}, data: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("403109"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("invalid PPTP packet"),
}),
]),
});
var select257 = linear_select([
dup388,
dup389,
dup210,
]);
var all263 = all_match({
processors: [
dup44,
select257,
dup33,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713902"),
}),
dup7,
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1059 = match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} (P2 struct %{fld11->}, mess id %{fld12->})!",
field: "nwparser.p1",
},
});
var all264 = all_match({
processors: [
dup44,
dup390,
msg1059,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713902:02"),
}),
dup7,
dup38,
dup39,
dup87,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all265 = all_match({
processors: [
dup44,
dup390,
dup138,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713902:01"),
}),
dup7,
dup38,
dup39,
dup87,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select258 = linear_select([
all263,
all264,
all265,
]);
var msg1060 = match({
id: "MESSAGE#1276:752015",
dissect: {
tokenizer: "Tunnel Manager has failed to establish an L2L SA. %{result->}. %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("752015"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel Manager has failed to establish an L2L SA"),
}),
]),
});
var msg1061 = match({
id: "MESSAGE#599:407002",
dissect: {
tokenizer: "Embryonic limit %{fld1->}/%{fld2->} for through connections exceeded. %{saddr->}/%{sport->} to %{daddr->} (%{fld3->})/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("407002"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup391,
dup392,
]),
});
var msg1062 = match({
id: "MESSAGE#600:407002:01",
dissect: {
tokenizer: "Embryonic limit for through connections exceeded %{fld1->}. %{saddr->}/%{sport->} to %{daddr->} (%{fld2->})/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("407002:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup391,
dup392,
]),
});
var select259 = linear_select([
msg1061,
msg1062,
]);
var msg1063 = match({
id: "MESSAGE#832:703001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("703001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1064 = match({
id: "MESSAGE#915:713169",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE Received delete for rekeyed SA %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713169"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE received delete message from remote peer"),
}),
]),
});
var msg1065 = match({
id: "MESSAGE#935:713221",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713221"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup8,
]),
});
var msg1066 = match({
id: "MESSAGE#848:710007",
dissect: {
tokenizer: "NAT-T keepalive received from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("710007"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("NAT-T keepalive received"),
}),
]),
});
var msg1067 = match({
id: "MESSAGE#1040:715075",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} of type %{fld1->} (seq number %{fld2->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("715075"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1068 = match({
id: "MESSAGE#1063:717002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1613030000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("717002"),
}),
dup11,
dup293,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1069 = match({
id: "MESSAGE#888:713122",
dissect: {
tokenizer: "IP = %{saddr->}, Keep-alives configured %{fld1->} but peer does not support keep-alives (type = %{fld2->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713122"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1070 = match({
id: "MESSAGE#1090:718016",
dissect: {
tokenizer: "Received HELLO response from [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718016"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received HELLO response"),
}),
]),
});
var msg1071 = match({
id: "MESSAGE#1170:722035/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->})> Received large packet %{p2->}",
field: "nwparser.p1",
},
});
var msg1072 = match({
id: "MESSAGE#1170:722035/3",
dissect: {
tokenizer: "%{saddr->}> Received large packet %{p2->}",
field: "nwparser.p1",
},
});
var select260 = linear_select([
msg1071,
msg1072,
]);
var msg1073 = match({
id: "MESSAGE#1170:722035/3",
dissect: {
tokenizer: "%{bytes->} (%{info->}).",
field: "nwparser.p2",
},
});
var all266 = all_match({
processors: [
dup181,
dup182,
select260,
msg1073,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("722035"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("transmitting large packet"),
}),
]),
});
var msg1074 = match({
id: "MESSAGE#816:702207",
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{saddr->} (initiator), remote %{daddr->}, message-ID %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("702207"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup393,
]),
});
var msg1075 = match({
id: "MESSAGE#817:702207:01",
dissect: {
tokenizer: "ISAKMP duplicate packet detected (local %{daddr->} (responder), remote %{saddr->}, message-ID %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("702207:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup393,
]),
});
var select261 = linear_select([
msg1074,
msg1075,
]);
var msg1076 = match({
id: "MESSAGE#868:713052/2",
dissect: {
tokenizer: "%{saddr->}, User (%{fld1->}) authenticated",
field: "nwparser.p1",
},
});
var all267 = all_match({
processors: [
dup22,
dup23,
msg1076,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("713052"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("User authenticated"),
}),
]),
});
var msg1077 = match({
id: "MESSAGE#1033:715060",
dissect: {
tokenizer: "IP = %{saddr->}, %{action->}. %{space->} Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("715060"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1078 = match({
id: "MESSAGE#11:120007",
dissect: {
tokenizer: "Call-Home %{info->} message to %{web_host->} delivered",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120007"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home message delivered"),
}),
]),
});
var msg1079 = match({
id: "MESSAGE#1228:737003:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, DHCP configured, no viable servers found for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737003:01"),
}),
dup2,
dup3,
dup394,
dup4,
dup5,
]),
});
var msg1080 = match({
id: "MESSAGE#1229:737003",
dissect: {
tokenizer: "%{process->}: DHCP configured, no viable servers found for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737003"),
}),
dup2,
dup3,
dup394,
dup4,
dup5,
]),
});
var select262 = linear_select([
msg1079,
msg1080,
]);
var msg1081 = match({
id: "MESSAGE#1274:752012",
dissect: {
tokenizer: "IKEv1 was unsuccessful at setting up a tunnel. Map Tag = %{info->}. Map Sequence Number = %{dclass_counter1->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("752012"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("IKEv1 was unsuccessful at setting up a tunnel"),
}),
]),
});
var msg1082 = match({
id: "MESSAGE#1275:752012:1",
dissect: {
tokenizer: "%{node->} was unsuccessful at setting up a tunnel. Map Tag = %{info->}. Map Sequence Number = %{dclass_counter1->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("752012:1"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("unsuccessful at setting up a tunnel"),
}),
]),
});
var select263 = linear_select([
msg1081,
msg1082,
]);
var msg1083 = match({
id: "MESSAGE#424:317002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("317002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1084 = match({
id: "MESSAGE#487:338301/0",
dissect: {
tokenizer: "Intercepted DNS reply for %{p0->}",
field: "nwparser.payload",
},
});
var msg1085 = match({
id: "MESSAGE#487:338301/2",
dissect: {
tokenizer: "domain%{p1->}",
field: "nwparser.p0",
},
});
var msg1086 = match({
id: "MESSAGE#487:338301/2",
dissect: {
tokenizer: "name%{p1->}",
field: "nwparser.p0",
},
});
var select264 = linear_select([
msg1085,
msg1086,
]);
var msg1087 = match({
id: "MESSAGE#487:338301/2",
dissect: {
tokenizer: "%{->} %{web_domain->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, %{result->}",
field: "nwparser.p1",
},
});
var all268 = all_match({
processors: [
msg1084,
select264,
msg1087,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338301"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Intercepted DNS reply for name"),
}),
]),
});
var msg1088 = match({
id: "MESSAGE#670:444106",
dissect: {
tokenizer: "Shared license backup server %{hostip->} is not available",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("444106"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license backup server not available"),
}),
]),
});
var msg1089 = match({
id: "MESSAGE#1133:720040",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("720040"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1090 = match({
id: "MESSAGE#1145:721001",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("721001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1091 = match({
id: "MESSAGE#1210:733100",
dissect: {
tokenizer: "[%{obj_name->}] %{action->}. %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("733100"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("drop rate exceded for port"),
}),
]),
});
var msg1092 = match({
id: "MESSAGE#15:103003",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("103003"),
}),
dup2,
dup3,
dup4,
dup5,
dup302,
]),
});
var msg1093 = match({
id: "MESSAGE#630:414001",
dissect: {
tokenizer: "Failed to save logging buffer using file name %{filename->} to FTP server %{hostip->} on interface %{interface->}: [%{result->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("414001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1094 = match({
id: "MESSAGE#645:415012",
dissect: {
tokenizer: "%{sigid->} HTTP Deobfuscation signature detected - %{listnum->} HTTP deobfuscation detected IPS evasion technique from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415012"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Deobfuscation signature detected"),
}),
]),
});
var msg1095 = match({
id: "MESSAGE#708:602103",
dissect: {
tokenizer: "%{product->}: Received an ICMP Destination Unreachable from %{saddr->} with %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("602103"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup395,
]),
});
var msg1096 = match({
id: "MESSAGE#99:106100",
dissect: {
tokenizer: "access-list %{listnum->} denied %{protocol->} %{sinterface->}/%{saddr->}(%{sport->}) -> %{dinterface->}/%{daddr->}(%{dport->}) hit-cnt %{dclass_counter1->} %{fld6->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106100"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup396,
dup371,
]),
});
var msg1097 = match({
id: "MESSAGE#100:106100:01/2",
dissect: {
tokenizer: "ed %{protocol->} %{sinterface->}/%{saddr->}(%{sport->})(%{domain->}\\%{username->}) -> %{dinterface->}/%{daddr->}(%{p2->}",
field: "nwparser.p1",
},
});
var select265 = linear_select([
dup399,
dup400,
]);
var all269 = all_match({
processors: [
dup397,
dup398,
msg1097,
select265,
dup401,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106100:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup396,
dup402,
]),
});
var msg1098 = match({
id: "MESSAGE#101:106100:02/2",
dissect: {
tokenizer: "ed %{protocol->} %{sinterface->}/%{saddr->}(%{sport->})(%{fld5->}) -> %{dinterface->}/%{daddr->}(%{p2->}",
field: "nwparser.p1",
},
});
var all270 = all_match({
processors: [
dup397,
dup398,
msg1098,
dup403,
dup401,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106100:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup396,
dup402,
]),
});
var msg1099 = match({
id: "MESSAGE#102:106100:03/2",
dissect: {
tokenizer: "ed %{protocol->} %{sinterface->}/%{saddr->}(%{sport->}) -> %{dinterface->}/%{daddr->}(%{p2->}",
field: "nwparser.p1",
},
});
var all271 = all_match({
processors: [
dup397,
dup398,
msg1099,
dup403,
dup401,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106100:03"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup396,
dup402,
]),
});
var select266 = linear_select([
msg1096,
all269,
all270,
all271,
]);
var msg1100 = match({
id: "MESSAGE#341:302027",
dissect: {
tokenizer: "Teardown stub %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} duration %{duration->} bytes %{bytes->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302027"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup306,
]),
});
var msg1101 = match({
id: "MESSAGE#457:324004",
dissect: {
tokenizer: "GTP packet with version %{status->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} is not supported",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("GTP version not supported"),
}),
]),
});
var msg1102 = match({
id: "MESSAGE#594:405105/0",
dissect: {
tokenizer: "%{service->} RAS message AdmissionConfirm received from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} without%{p0->}",
field: "nwparser.payload",
},
});
var msg1103 = match({
id: "MESSAGE#594:405105/2",
dissect: {
tokenizer: "%{->} %{p1->}",
field: "nwparser.p0",
},
});
var select267 = linear_select([
msg1103,
]);
var msg1104 = match({
id: "MESSAGE#594:405105/2",
dissect: {
tokenizer: "an %{info->}",
field: "nwparser.p1",
},
});
var all272 = all_match({
processors: [
msg1102,
select267,
msg1104,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("405105"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all273 = all_match({
processors: [
dup77,
dup78,
dup158,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722031"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup159,
]),
});
var msg1105 = match({
id: "MESSAGE#608:409006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("409006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all274 = all_match({
processors: [
dup404,
dup129,
dup132,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702208:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup405,
]),
});
var all275 = all_match({
processors: [
dup404,
dup129,
dup130,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702208"),
}),
dup7,
dup2,
dup3,
dup405,
dup4,
dup5,
]),
});
var select268 = linear_select([
all274,
all275,
]);
var msg1106 = match({
id: "MESSAGE#934:713220",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, De-queuing KEY-ACQUIRE messages that were left pending",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713220"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("pending messages dequeued"),
}),
]),
});
var msg1107 = match({
id: "MESSAGE#1072:717016",
dissect: {
tokenizer: "%{action->} Issuer: %{dn->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717016"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1108 = match({
id: "MESSAGE#677:500004",
dissect: {
tokenizer: "Invalid transport field for protocol=%{protocol->}, from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("500004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid transport field"),
}),
]),
});
var msg1109 = match({
id: "MESSAGE#773:611317",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("611317"),
}),
dup7,
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1110 = match({
id: "MESSAGE#1316:199018",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{saddr->} AP:%{access_point->}: *%{event_time_string->}: %DOT11-6-ASSOC: Interface %{interface->}, Station %{macaddr->} REAP Associated KEY_MGMT[%{fld6->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1111 = match({
id: "MESSAGE#1317:199018:01",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{saddr->} AP:%{access_point->}: *%{event_time_string->}: %DOT11-6-DISASSOC: Interface %{interface->}, Deauthenticating Station %{macaddr->} %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018:01"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1112 = match({
id: "MESSAGE#1318:199018:02",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{agent->}[%{process_id->}]: pam_unix(%{service->}): session opened for user %{username->} by (uid=%{uid->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018:02"),
}),
dup3,
dup4,
dup5,
]),
});
var msg1113 = match({
id: "MESSAGE#1319:199018:03",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{agent->}[%{process_id->}]: pam_unix(%{service->}): session closed for user %{username->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018:03"),
}),
dup3,
dup4,
dup5,
]),
});
var msg1114 = match({
id: "MESSAGE#1320:199018:04",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{agent->}[%{process_id->}]: (%{username->}) CMD (%{action->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018:04"),
}),
dup3,
dup4,
dup5,
]),
});
var msg1115 = match({
id: "MESSAGE#1321:199018:05",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199018:05"),
}),
dup3,
dup4,
dup5,
]),
});
var select269 = linear_select([
msg1110,
msg1111,
msg1112,
msg1113,
msg1114,
msg1115,
]);
var msg1116 = match({
id: "MESSAGE#53:105044",
dissect: {
tokenizer: "(%{context->}) Mate operational mode %{fld1->} is not compatible with my mode %{fld2->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("105044"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Mate operational mode is not compatible"),
}),
]),
});
var msg1117 = match({
id: "MESSAGE#943:713232/2",
dissect: {
tokenizer: "%{event_description->}, %{fld1->}",
field: "nwparser.p1",
},
});
var all276 = all_match({
processors: [
dup79,
dup273,
msg1117,
],
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("713232"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1118 = match({
id: "MESSAGE#1076:717026",
dissect: {
tokenizer: "Name lookup failed for hostname %{hostname->} during PKI operation.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("717026"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Name lookup failed during PKI operation."),
}),
]),
});
var msg1119 = match({
id: "MESSAGE#1207:730002",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> VLAN Mapping to VLAN \u003c\u003c%{instance->}> failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("730002"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VLAN Mapping to VLAN failed"),
}),
]),
});
var msg1120 = match({
id: "MESSAGE#433:318006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1121 = match({
id: "MESSAGE#447:322003",
dissect: {
tokenizer: "ARP inspection check failed for arp response received from host %{smacaddr->} on interface %{interface->}.%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("322003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1122 = match({
id: "MESSAGE#471:338001/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all277 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg1122,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1123 = match({
id: "MESSAGE#515:400018",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400018"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1124 = match({
id: "MESSAGE#517:400020",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400020"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1125 = match({
id: "MESSAGE#1152:721018/2",
dissect: {
tokenizer: "%{saddr->} has been deleted.",
field: "nwparser.p1",
},
});
var all278 = all_match({
processors: [
dup189,
dup190,
msg1125,
],
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("721018"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session deleted"),
}),
]),
});
var msg1126 = match({
id: "MESSAGE#358:304006",
dissect: {
tokenizer: "URL Server %{hostip->} not responding",
field: "nwparser.payload",
},
on_success: processor_chain([
dup406,
set_field({
dest: "nwparser.msg_id1",
value: constant("304006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1127 = match({
id: "MESSAGE#563:402120/2",
dissect: {
tokenizer: "%{daddr->} that failed authentication.",
field: "nwparser.p1",
},
});
var all279 = all_match({
processors: [
dup312,
dup313,
msg1127,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402120"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESP packet that failed authentication"),
}),
]),
});
var msg1128 = match({
id: "MESSAGE#582:403503",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("403503"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1129 = match({
id: "MESSAGE#985:714005/2",
dissect: {
tokenizer: "%{action->}: msg id = %{fld1->}",
field: "nwparser.p1",
},
});
var all280 = all_match({
processors: [
dup9,
dup242,
msg1129,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714005"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1130 = match({
id: "MESSAGE#598:407001",
dissect: {
tokenizer: "Deny traffic for local-host %{interface->}:%{hostip->}, license limit of %{fld1->} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("407001"),
}),
dup43,
dup99,
dup102,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied traffic"),
}),
set_field({
dest: "nwparser.result",
value: constant("license limit exceeded"),
}),
]),
});
var msg1131 = match({
id: "MESSAGE#716:602301",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602301"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all281 = all_match({
processors: [
dup31,
dup32,
dup33,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602303"),
}),
dup7,
dup2,
dup35,
dup4,
dup5,
]),
});
var msg1132 = match({
id: "MESSAGE#735:605003/0",
dissect: {
tokenizer: "%{service->} daemon: Login fail%{p0->}",
field: "nwparser.payload",
},
});
var msg1133 = match({
id: "MESSAGE#735:605003/2",
dissect: {
tokenizer: "%{->}from %{saddr->} for user %{p2->}",
field: "nwparser.p1",
},
});
var msg1134 = match({
id: "MESSAGE#735:605003/3",
dissect: {
tokenizer: "\"%{username->}\" ",
field: "nwparser.p2",
},
});
var select270 = linear_select([
msg1134,
dup407,
dup408,
]);
var all282 = all_match({
processors: [
msg1132,
dup117,
msg1133,
select270,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("605003"),
}),
dup17,
dup106,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Login failed"),
}),
]),
});
var msg1135 = match({
id: "MESSAGE#697:505011/1",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->} data channel communication is UP%{p0->}",
field: "nwparser.payload",
},
});
var msg1136 = match({
id: "MESSAGE#697:505011/1",
dissect: {
tokenizer: "Module ips data channel communication is UP%{p0->}",
field: "nwparser.payload",
},
});
var select271 = linear_select([
msg1135,
msg1136,
]);
var all283 = all_match({
processors: [
select271,
dup254,
dup255,
],
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("505011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("data channel communication is UP"),
}),
]),
});
var msg1137 = match({
id: "MESSAGE#785:613003",
dissect: {
tokenizer: "%{hostip->} changed from area %{fld1->} to area %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("613003"),
}),
dup38,
dup13,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1138 = match({
id: "MESSAGE#1117:720012",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("720012"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1139 = match({
id: "MESSAGE#758:611302",
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with no split tunneling%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611302"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup286,
]),
});
var msg1140 = match({
id: "MESSAGE#926:713204/2",
dissect: {
tokenizer: "%{saddr->}, %{p2->}",
field: "nwparser.p1",
},
});
var msg1141 = match({
id: "MESSAGE#926:713204/3",
dissect: {
tokenizer: "%{event_description->} for client address: %{fld1->} ",
field: "nwparser.p2",
},
});
var select272 = linear_select([
msg1141,
dup386,
]);
var all284 = all_match({
processors: [
dup22,
dup23,
msg1140,
select272,
],
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("713204"),
}),
dup7,
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1142 = match({
id: "MESSAGE#216:201002/0",
dissect: {
tokenizer: "Too many connections on %{p0->}",
field: "nwparser.payload",
},
});
var msg1143 = match({
id: "MESSAGE#216:201002/2",
dissect: {
tokenizer: "%{->} %{hostip->}! %{fld1->} %{fld2->}",
field: "nwparser.p1",
},
});
var all285 = all_match({
processors: [
msg1142,
dup251,
msg1143,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1144 = match({
id: "MESSAGE#217:201002:01/0",
dissect: {
tokenizer: "Too many %{p0->}",
field: "nwparser.payload",
},
});
var msg1145 = match({
id: "MESSAGE#217:201002:01/2",
dissect: {
tokenizer: "TCP%{p1->}",
field: "nwparser.p0",
},
});
var msg1146 = match({
id: "MESSAGE#217:201002:01/2",
dissect: {
tokenizer: "tcp%{p1->}",
field: "nwparser.p0",
},
});
var select273 = linear_select([
msg1145,
msg1146,
]);
var msg1147 = match({
id: "MESSAGE#217:201002:01/2",
dissect: {
tokenizer: "%{->}connections on %{p2->}",
field: "nwparser.p1",
},
});
var msg1148 = match({
id: "MESSAGE#217:201002:01/4",
dissect: {
tokenizer: "static%{p3->}",
field: "nwparser.p2",
},
});
var msg1149 = match({
id: "MESSAGE#217:201002:01/4",
dissect: {
tokenizer: "xlate%{p3->}",
field: "nwparser.p2",
},
});
var select274 = linear_select([
msg1148,
msg1149,
]);
var msg1150 = match({
id: "MESSAGE#217:201002:01/4",
dissect: {
tokenizer: "%{->} %{hostip->}! %{fld1->} %{fld2->}",
field: "nwparser.p3",
},
});
var all286 = all_match({
processors: [
msg1144,
select273,
msg1147,
select274,
msg1150,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select275 = linear_select([
all285,
all286,
]);
var msg1151 = match({
id: "MESSAGE#218:201003",
dissect: {
tokenizer: "Embryonic limit exceeded %{sinterface->}/%{dinterface->} for %{saddr->}/%{sport->} to (%{hostip->}) %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201003"),
}),
dup2,
dup3,
dup4,
dup5,
dup391,
]),
});
var msg1152 = match({
id: "MESSAGE#1240:737015/2",
dissect: {
tokenizer: "%{->}Freeing DHCP address %{hostip->}",
field: "nwparser.p1",
},
});
var all287 = all_match({
processors: [
dup53,
dup265,
msg1152,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737015"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Freeing DHCP address"),
}),
]),
});
var msg1153 = match({
id: "MESSAGE#261:213002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("213002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1154 = match({
id: "MESSAGE#355:304003",
dissect: {
tokenizer: "URL Server %{hostip->} timed out URL %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup406,
set_field({
dest: "nwparser.msg_id1",
value: constant("304003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1155 = match({
id: "MESSAGE#1105:718059",
dissect: {
tokenizer: "State machine function trace: state=%{category->}, event=%{obj_type->}, func=%{application->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718059"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("State machine function trace"),
}),
]),
});
var msg1156 = match({
id: "MESSAGE#223:201007",
dissect: {
tokenizer: "Unable to allocate new %{protocol->} connections (%{saddr->}/%{sport->}-%{daddr->}/%{dport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("201007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate new connections"),
}),
]),
});
var msg1157 = match({
id: "MESSAGE#492:338306",
dissect: {
tokenizer: "Failed to authenticate with dynamic filter updater server %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("338306"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1158 = match({
id: "MESSAGE#554:402101",
dissect: {
tokenizer: "%{fld1->}: rec'd IPSEC packet has invalid spi for destaddr=%{daddr->}, prot=%{protocol->}, spi=%{dst_spi->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402101"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup409,
set_field({
dest: "nwparser.result",
value: constant("invalid spi"),
}),
]),
});
var msg1159 = match({
id: "MESSAGE#690:505001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup351,
set_field({
dest: "nwparser.msg_id1",
value: constant("505001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1160 = match({
id: "MESSAGE#145:109021",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109021"),
}),
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1161 = match({
id: "MESSAGE#925:713202",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713202"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1162 = match({
id: "MESSAGE#882:713105",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713105"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1163 = match({
id: "MESSAGE#891:713124",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received DPD sequence number %{fld1->} in R_U_THERE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713124"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received DPD sequence number"),
}),
]),
});
var msg1164 = match({
id: "MESSAGE#269:301001",
dissect: {
tokenizer: "Denied HTTP configuration attempt from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("301001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("HTTP config denied"),
}),
]),
});
var msg1165 = match({
id: "MESSAGE#564:402123",
dissect: {
tokenizer: "CRYPTO: The %{product->} encountered an error (%{context->}) while executing the command %{process->}(%{info->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402123"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup356,
]),
});
var msg1166 = match({
id: "MESSAGE#777:611321",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("611321"),
}),
dup7,
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1167 = match({
id: "MESSAGE#1308:429002",
dissect: {
tokenizer: "%{service->} requested to drop %{protocol->} packet from %{sinterface->}:%{saddr->}/%{sport->} %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("429002"),
}),
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Request to drop packet"),
}),
]),
});
var msg1168 = match({
id: "MESSAGE#280:302005",
dissect: {
tokenizer: "Built UDP connection for faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302005"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var msg1169 = match({
id: "MESSAGE#281:302005:01",
dissect: {
tokenizer: "Built outbound UDP connection %{fld1->} for %{dinterface->}:%{daddr->}/%{dport->} (%{hostip->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302005:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var msg1170 = match({
id: "MESSAGE#282:302005:02",
dissect: {
tokenizer: "Built %{direction->} UDP connection %{fld1->} for %{sinterface->}:%{saddr->}/%{sport->} (%{hostip->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302005:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var select276 = linear_select([
msg1168,
msg1169,
msg1170,
]);
var msg1171 = match({
id: "MESSAGE#477:338007/2",
dissect: {
tokenizer: "ilter dropped blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{fld3->}/%{mask->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all288 = all_match({
processors: [
dup183,
dup184,
msg1171,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338007"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1172 = match({
id: "MESSAGE#916:713170",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE Received delete for rekeyed centry %{space->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713170"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE received delete for rekeyed centry"),
}),
]),
});
var msg1173 = match({
id: "MESSAGE#920:713193",
dissect: {
tokenizer: "Received packet with missing payload, Expected payload: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("713193"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1174 = match({
id: "MESSAGE#707:602102",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("602102"),
}),
dup7,
dup13,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1175 = match({
id: "MESSAGE#964:713904:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received an un-encrypted AUTH_FAILED notify message, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received an un-encrypted AUTH_FAILED notify message"),
}),
]),
});
var msg1176 = match({
id: "MESSAGE#965:713904:03",
dissect: {
tokenizer: "IP = %{saddr->}, Received encrypted packet with no matching SA, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904:03"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received encrypted packet with no matching SA"),
}),
]),
});
var msg1177 = match({
id: "MESSAGE#966:713904:04",
dissect: {
tokenizer: "IP = %{saddr->}, Received an un-encrypted %{obj_type->} notify message, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904:04"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received an un-encrypted notify message"),
}),
]),
});
var msg1178 = match({
id: "MESSAGE#967:713904:05",
dissect: {
tokenizer: "IP = %{saddr->}, No crypto map bound to interface... %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904:05"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("No crypto map bound to interface"),
}),
]),
});
var msg1179 = match({
id: "MESSAGE#968:713904",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1180 = match({
id: "MESSAGE#969:713904:02/1",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->},%{p0->}",
field: "nwparser.payload",
},
});
var select277 = linear_select([
msg1180,
dup342,
]);
var all289 = all_match({
processors: [
select277,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713904:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select278 = linear_select([
msg1175,
msg1176,
msg1177,
msg1178,
msg1179,
all289,
]);
var msg1181 = match({
id: "MESSAGE#1085:717046",
dissect: {
tokenizer: "Local CA Server CRL error: %{result->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717046"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Local CA Server CRL error"),
}),
]),
});
var msg1182 = match({
id: "MESSAGE#1096:718034",
dissect: {
tokenizer: "Sent TOPOLOGY indicator to %{space->} [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718034"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sent TOPOLOGY indicator"),
}),
]),
});
var msg1183 = match({
id: "MESSAGE#132:109011/0",
dissect: {
tokenizer: "Authen Session Start: user %{p0->}",
field: "nwparser.payload",
},
});
var msg1184 = match({
id: "MESSAGE#132:109011/2",
dissect: {
tokenizer: "%{sessionid->}",
field: "nwparser.p1",
},
});
var all290 = all_match({
processors: [
msg1183,
dup373,
msg1184,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Authen Session Start"),
}),
]),
});
var msg1185 = match({
id: "MESSAGE#151:109026",
dissect: {
tokenizer: "[%{protocol->}] %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109026"),
}),
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1186 = match({
id: "MESSAGE#503:400006",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400006"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1187 = match({
id: "MESSAGE#547:400050",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400050"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1188 = match({
id: "MESSAGE#1262:750001",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Received request to rekey an IPsec tunnel; local traffic selector = %{info->}; remote traffic selector = %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("750001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received request to rekey an IPsec tunnel"),
}),
]),
});
var msg1189 = match({
id: "MESSAGE#1263:750001:01",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} %{fld1->} Received request to establish an IPsec tunnel; local traffic selector = %{info->}; remote traffic selector = %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("750001:01"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received request to establish an IPsec tunnel"),
}),
]),
});
var select279 = linear_select([
msg1188,
msg1189,
]);
var msg1190 = match({
id: "MESSAGE#324:302019",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup410,
set_field({
dest: "nwparser.msg_id1",
value: constant("302019"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1191 = match({
id: "MESSAGE#576:403108",
dissect: {
tokenizer: "PPP virtual interface %{interface->} missing client %{hostip->} option",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403108"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1192 = match({
id: "MESSAGE#156:109033:01/2",
dissect: {
tokenizer: "%{saddr->}. Interactive challenge processing is not supported for %{p2->}",
field: "nwparser.p1",
},
});
var msg1193 = match({
id: "MESSAGE#156:109033:01/3",
dissect: {
tokenizer: "administrative %{protocol->} connections",
field: "nwparser.p2",
},
});
var msg1194 = match({
id: "MESSAGE#156:109033:01/3",
dissect: {
tokenizer: "%{protocol->} %{info->} connections",
field: "nwparser.p2",
},
});
var select280 = linear_select([
msg1193,
msg1194,
]);
var all291 = all_match({
processors: [
dup411,
dup61,
msg1192,
select280,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("109033:01"),
}),
dup17,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup412,
dup413,
]),
});
var msg1195 = match({
id: "MESSAGE#157:109033/2",
dissect: {
tokenizer: "%{saddr->}.",
field: "nwparser.p1",
},
});
var all292 = all_match({
processors: [
dup411,
dup61,
msg1195,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("109033"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup412,
dup413,
]),
});
var select281 = linear_select([
all291,
all292,
]);
var msg1196 = match({
id: "MESSAGE#1138:720046",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("720046"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1197 = match({
id: "MESSAGE#1279:713187",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Tunnel Rejected: %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713187"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup330,
]),
});
var msg1198 = match({
id: "MESSAGE#1079:717029",
dissect: {
tokenizer: "Identified client certificate within certificate chain. serial number: %{serial_number->}, subject name: %{cert_subject->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717029"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Identified client certificate"),
}),
]),
});
var msg1199 = match({
id: "MESSAGE#181:113005:01/8",
dissect: {
tokenizer: "'%{username->}' : %{p7->}",
field: "nwparser.p6",
},
});
var msg1200 = match({
id: "MESSAGE#181:113005:01/8",
dissect: {
tokenizer: "%{username->} : %{p7->}",
field: "nwparser.p6",
},
});
var select282 = linear_select([
msg1199,
msg1200,
]);
var msg1201 = match({
id: "MESSAGE#181:113005:01/9",
dissect: {
tokenizer: "u%{p8->}",
field: "nwparser.p7",
},
});
var msg1202 = match({
id: "MESSAGE#181:113005:01/9",
dissect: {
tokenizer: "U%{p8->}",
field: "nwparser.p7",
},
});
var select283 = linear_select([
msg1201,
msg1202,
]);
var msg1203 = match({
id: "MESSAGE#181:113005:01/9",
dissect: {
tokenizer: "ser IP = %{saddr->}",
field: "nwparser.p8",
},
});
var all293 = all_match({
processors: [
dup414,
dup343,
dup415,
dup416,
dup120,
dup417,
dup418,
select282,
select283,
msg1203,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113005:01"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup419,
]),
});
var msg1204 = match({
id: "MESSAGE#182:113005/7",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p6",
},
});
var msg1205 = match({
id: "MESSAGE#182:113005/7",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p6",
},
});
var select284 = linear_select([
msg1204,
msg1205,
]);
var all294 = all_match({
processors: [
dup414,
dup343,
dup415,
dup416,
dup120,
dup417,
dup418,
select284,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113005"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup419,
]),
});
var select285 = linear_select([
all293,
all294,
]);
var msg1206 = match({
id: "MESSAGE#187:113010/0",
dissect: {
tokenizer: "AAA challenge received for user %{p0->}",
field: "nwparser.payload",
},
});
var msg1207 = match({
id: "MESSAGE#187:113010/2",
dissect: {
tokenizer: "'%{username->}' from server %{p1->}",
field: "nwparser.p0",
},
});
var msg1208 = match({
id: "MESSAGE#187:113010/2",
dissect: {
tokenizer: "%{username->} from server %{p1->}",
field: "nwparser.p0",
},
});
var select286 = linear_select([
msg1207,
msg1208,
]);
var msg1209 = match({
id: "MESSAGE#187:113010/2",
dissect: {
tokenizer: "%{hostip->}",
field: "nwparser.p1",
},
});
var all295 = all_match({
processors: [
msg1206,
select286,
msg1209,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("113010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA challenge received for user"),
}),
]),
});
var msg1210 = match({
id: "MESSAGE#931:713216",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP %{saddr->}, Rule: %{fld1->} Client: %{fld2->} - allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup420,
set_field({
dest: "nwparser.msg_id1",
value: constant("713216"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup421,
]),
});
var msg1211 = match({
id: "MESSAGE#932:713216:01",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP %{saddr->}, Rule: %{fld1->} OS : %{fld3->} Client: %{fld2->} - NOT allowed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup420,
set_field({
dest: "nwparser.msg_id1",
value: constant("713216:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup421,
]),
});
var select287 = linear_select([
msg1210,
msg1211,
]);
var all296 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715057"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1212 = match({
id: "MESSAGE#97:106028/0",
dissect: {
tokenizer: "Dropping invalid echo re%{p0->}",
field: "nwparser.payload",
},
});
var msg1213 = match({
id: "MESSAGE#97:106028/2",
dissect: {
tokenizer: "%{->}from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}, %{p2->}",
field: "nwparser.p1",
},
});
var msg1214 = match({
id: "MESSAGE#97:106028/4",
dissect: {
tokenizer: "destination%{p3->}",
field: "nwparser.p2",
},
});
var msg1215 = match({
id: "MESSAGE#97:106028/4",
dissect: {
tokenizer: "source%{p3->}",
field: "nwparser.p2",
},
});
var select288 = linear_select([
msg1214,
msg1215,
]);
var msg1216 = match({
id: "MESSAGE#97:106028/4",
dissect: {
tokenizer: "%{->}address %{fld1->} should not match dynamic port translation, real %{fld2->}:%{stransaddr->}/%{stransport->}, mapped %{fld3->}:%{dtransaddr->}/%{dtransport->}",
field: "nwparser.p3",
},
});
var all297 = all_match({
processors: [
msg1212,
dup378,
msg1213,
select288,
msg1216,
],
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("106028"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dropping invalid echo reply"),
}),
]),
});
var msg1217 = match({
id: "MESSAGE#98:106028:01",
dissect: {
tokenizer: "Deny %{protocol->} (Connection marked for Deletion) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{network_service->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106028:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup196,
]),
});
var select289 = linear_select([
all297,
msg1217,
]);
var all298 = all_match({
processors: [
dup44,
dup266,
dup322,
dup323,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("411003"),
}),
dup38,
dup13,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1218 = match({
id: "MESSAGE#696:505007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("505007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1219 = match({
id: "MESSAGE#210:199009:01",
dissect: {
tokenizer: "Reloaded at %{event_time_string->} by failover parser thread. Reload reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("199009:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Reload operation by failover parser thread"),
}),
]),
});
var msg1220 = match({
id: "MESSAGE#211:199009/0",
dissect: {
tokenizer: "Reloaded at %{event_time_string->} by %{p0->}",
field: "nwparser.payload",
},
});
var msg1221 = match({
id: "MESSAGE#211:199009/2",
dissect: {
tokenizer: "%{process->}. Reload reason: %{p2->}",
field: "nwparser.p1",
},
});
var msg1222 = match({
id: "MESSAGE#211:199009/3",
dissect: {
tokenizer: "[%{result->}] ",
field: "nwparser.p2",
},
});
var select290 = linear_select([
msg1222,
dup422,
]);
var all299 = all_match({
processors: [
msg1220,
dup61,
msg1221,
select290,
],
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("199009"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Reload operation"),
}),
]),
});
var select291 = linear_select([
msg1219,
all299,
]);
var msg1223 = match({
id: "MESSAGE#440:321001",
dissect: {
tokenizer: "Resource %{fld1->} limit of %{fld2->} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("321001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1224 = match({
id: "MESSAGE#441:321001:01",
dissect: {
tokenizer: "Resource %{fld1->} limit of %{fld2->} reached for context %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("321001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select292 = linear_select([
msg1223,
msg1224,
]);
var msg1225 = match({
id: "MESSAGE#502:400005",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400005"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1226 = match({
id: "MESSAGE#585:403506",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403506"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1227 = match({
id: "MESSAGE#940:713228/2",
dissect: {
tokenizer: "%{saddr->}, Assigned private IP address %{stransaddr->} to remote user",
field: "nwparser.p1",
},
});
var all300 = all_match({
processors: [
dup22,
dup23,
msg1227,
],
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("713228"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1228 = match({
id: "MESSAGE#1097:718039",
dissect: {
tokenizer: "Process dead peer[%{peer->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Process dead"),
}),
]),
});
var msg1229 = match({
id: "MESSAGE#1230:737005",
dissect: {
tokenizer: "%{process->}: %{result->}, request succeeded for tunnel-group '%{group->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("request succeeded for tunnel-group"),
}),
]),
});
var msg1230 = match({
id: "MESSAGE#1233:737007/1",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->} Local pool request failed for tunnel-group '%{p0->}",
field: "nwparser.payload",
},
});
var msg1231 = match({
id: "MESSAGE#1233:737007/1",
dissect: {
tokenizer: "%{process->} Local pool request failed for tunnel-group '%{p0->}",
field: "nwparser.payload",
},
});
var select293 = linear_select([
msg1230,
msg1231,
]);
var msg1232 = match({
id: "MESSAGE#1233:737007/1",
dissect: {
tokenizer: "%{group_object->}'",
field: "nwparser.p0",
},
});
var all301 = all_match({
processors: [
select293,
msg1232,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737007"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Local pool request failed for tunnel-group"),
}),
]),
});
var msg1233 = match({
id: "MESSAGE#65:106008",
dissect: {
tokenizer: "Translation for %{hostip->} denied by %{direction->} (source is denied) %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106008"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup423,
]),
});
var msg1234 = match({
id: "MESSAGE#66:106008:01",
dissect: {
tokenizer: "Translation for %{hostip->} denied by %{direction->} %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106008:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup423,
]),
});
var select294 = linear_select([
msg1233,
msg1234,
]);
var msg1235 = match({
id: "MESSAGE#233:202005",
dissect: {
tokenizer: "Non-embryonic in embryonic list %{saddr->}/%{sport->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("202005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1236 = match({
id: "MESSAGE#405:312001",
dissect: {
tokenizer: "RIP hdr failed from %{saddr->}: cmd=%{fld1->}, version=%{fld2->} domain=%{fld3->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("312001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all302 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713130"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1237 = match({
id: "MESSAGE#1244:737019",
dissect: {
tokenizer: "%{process->}: Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737019"),
}),
dup2,
dup3,
dup424,
dup4,
dup5,
]),
});
var msg1238 = match({
id: "MESSAGE#1245:737019:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Unable to get address from group-policy or tunnel-group local pools",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737019:01"),
}),
dup2,
dup3,
dup424,
dup4,
dup5,
]),
});
var select295 = linear_select([
msg1237,
msg1238,
]);
var msg1239 = match({
id: "MESSAGE#255:212002",
dissect: {
tokenizer: "Unable to open %{protocol->} trap channel (UDP port %{network_port->}) on interface %{interface->}, error code = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1240 = match({
id: "MESSAGE#725:603106/0",
dissect: {
tokenizer: "L2TP Tunnel created%{p0->}",
field: "nwparser.payload",
},
});
var msg1241 = match({
id: "MESSAGE#725:603106/2",
dissect: {
tokenizer: "%{->}tunnel_id is %{fld1->}, remote_peer_ip is %{saddr->}, ppp_virtual_interface_id is %{interface->}, client_dynamic_ip is %{p2->}",
field: "nwparser.p1",
},
});
var msg1242 = match({
id: "MESSAGE#725:603106/4",
dissect: {
tokenizer: "%{daddr->}, username is %{p3->}",
field: "nwparser.p2",
},
});
var msg1243 = match({
id: "MESSAGE#725:603106/4",
dissect: {
tokenizer: "%{daddr->} username is %{p3->}",
field: "nwparser.p2",
},
});
var select296 = linear_select([
msg1242,
msg1243,
]);
var all303 = all_match({
processors: [
msg1240,
dup235,
msg1241,
select296,
dup384,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("603106"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("L2TP tunnel created"),
}),
]),
});
var msg1244 = match({
id: "MESSAGE#727:603108/0",
dissect: {
tokenizer: "Built PPTP %{p0->}",
field: "nwparser.payload",
},
});
var msg1245 = match({
id: "MESSAGE#727:603108/2",
dissect: {
tokenizer: "unnel at %{interface->}, tunnel-id = %{fld1->}, remote-peer = %{saddr->}, virtual-interface = %{vsys->}, client-dynamic-ip = %{daddr->}, username = %{p2->}",
field: "nwparser.p1",
},
});
var msg1246 = match({
id: "MESSAGE#727:603108/4",
dissect: {
tokenizer: "'%{username->}' , MPPE-key-strength = %{p3->}",
field: "nwparser.p2",
},
});
var msg1247 = match({
id: "MESSAGE#727:603108/4",
dissect: {
tokenizer: "%{username->} , MPPE-key-strength = %{p3->}",
field: "nwparser.p2",
},
});
var select297 = linear_select([
msg1246,
msg1247,
]);
var msg1248 = match({
id: "MESSAGE#727:603108/4",
dissect: {
tokenizer: "%{fld2->}",
field: "nwparser.p3",
},
});
var all304 = all_match({
processors: [
msg1244,
dup425,
msg1245,
select297,
msg1248,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("603108"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP tunnel created"),
}),
]),
});
var msg1249 = match({
id: "MESSAGE#1071:717010",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717010"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all305 = all_match({
processors: [
dup352,
dup353,
dup354,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("722003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1250 = match({
id: "MESSAGE#46:105037",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("105037"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1251 = match({
id: "MESSAGE#710:602201",
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{daddr->}/%{dport->} (responder), remote %{saddr->}/%{sport->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602201"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1252 = match({
id: "MESSAGE#711:602201:01",
dissect: {
tokenizer: "ISAKMP Phase 1 SA created (local %{saddr->}/%{sport->} (initiator), remote %{daddr->}/%{dport->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602201:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select298 = linear_select([
msg1251,
msg1252,
]);
var msg1253 = match({
id: "MESSAGE#740:606001/2",
dissect: {
tokenizer: "DM session number %{sessionid->} from %{hostip->} started",
field: "nwparser.p1",
},
});
var all306 = all_match({
processors: [
dup44,
dup426,
msg1253,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("606001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PDM/ASDM session started"),
}),
]),
});
var all307 = all_match({
processors: [
dup427,
dup247,
dup132,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702205:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var all308 = all_match({
processors: [
dup427,
dup247,
dup130,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702205"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var select299 = linear_select([
all307,
all308,
]);
var msg1254 = match({
id: "MESSAGE#728:603109/0",
dissect: {
tokenizer: "Teardown PPPOE %{p0->}",
field: "nwparser.payload",
},
});
var msg1255 = match({
id: "MESSAGE#728:603109/2",
dissect: {
tokenizer: "unnel at %{interface->}, tunnel-id = %{fld1->}, remote-peer = %{saddr->}",
field: "nwparser.p1",
},
});
var all309 = all_match({
processors: [
msg1254,
dup425,
msg1255,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("603109"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Teardown PPPOE tunnel"),
}),
]),
});
var msg1256 = match({
id: "MESSAGE#764:611308",
dissect: {
tokenizer: "VPNClient: Split DNS Policy installed: List of domains:%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("611308"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup269,
]),
});
var msg1257 = match({
id: "MESSAGE#1030:715058",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, NAT-Discovery payloads missing. Aborting NAT-Traversal.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("715058"),
}),
dup7,
dup13,
dup38,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg1258 = match({
id: "MESSAGE#1193:725007/0",
dissect: {
tokenizer: "SSL session with %{p0->}",
field: "nwparser.payload",
},
});
var msg1259 = match({
id: "MESSAGE#1193:725007/4",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} terminated%{p3->}",
field: "nwparser.p2",
},
});
var msg1260 = match({
id: "MESSAGE#1193:725007/4",
dissect: {
tokenizer: "%{hostip->}/%{network_port->} terminated%{p3->}",
field: "nwparser.p2",
},
});
var select300 = linear_select([
msg1259,
msg1260,
]);
var msg1261 = match({
id: "MESSAGE#1193:725007/5",
dissect: {
tokenizer: ".%{->}",
field: "nwparser.p4",
},
});
var all310 = all_match({
processors: [
msg1258,
dup92,
dup249,
select300,
dup254,
msg1261,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("725007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1262 = match({
id: "MESSAGE#215:201001",
dissect: {
tokenizer: "Out of connections! %{fld1->}/%{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1263 = match({
id: "MESSAGE#266:216001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("216001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1264 = match({
id: "MESSAGE#887:713121",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713121"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1265 = match({
id: "MESSAGE#910:713273",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713273"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup428,
]),
});
var msg1266 = match({
id: "MESSAGE#911:713273:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713273:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup428,
]),
});
var msg1267 = match({
id: "MESSAGE#912:713273:02",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713273:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup428,
]),
});
var select301 = linear_select([
msg1265,
msg1266,
msg1267,
]);
var msg1268 = match({
id: "MESSAGE#593:405104",
dissect: {
tokenizer: "H225 message %{fld->} received from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} before SETUP",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("405104"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("H225 message received from before SETUP"),
}),
]),
});
var msg1269 = match({
id: "MESSAGE#738:605005/0",
dissect: {
tokenizer: "Login permitted from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all311 = all_match({
processors: [
msg1269,
dup429,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("605005"),
}),
dup17,
dup106,
dup18,
dup40,
dup2,
dup35,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Login permitted"),
}),
]),
});
var msg1270 = match({
id: "MESSAGE#739:605005:01/0",
dissect: {
tokenizer: "%{result->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all312 = all_match({
processors: [
msg1270,
dup429,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("605005:01"),
}),
dup17,
dup106,
dup18,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select302 = linear_select([
all311,
all312,
]);
var msg1271 = match({
id: "MESSAGE#250:210021",
dissect: {
tokenizer: "LU create static xlate %{hostip->} ifc %{interface->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("210021"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1272 = match({
id: "MESSAGE#265:215001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("215001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1273 = match({
id: "MESSAGE#390:307001",
dissect: {
tokenizer: "Denied %{protocol->} login session from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("307001"),
}),
dup2,
dup3,
dup4,
dup5,
dup430,
dup431,
dup432,
]),
});
var msg1274 = match({
id: "MESSAGE#391:307001:01",
dissect: {
tokenizer: "Denied %{protocol->} login session from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("307001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup430,
dup431,
dup432,
]),
});
var select303 = linear_select([
msg1273,
msg1274,
]);
var msg1275 = match({
id: "MESSAGE#469:337005",
dissect: {
tokenizer: "Phone Proxy SRTP: Media session not found for %{hostip->}/%{network_port->} for packet from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("337005"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Phone Proxy SRTP: Media session not found"),
}),
]),
});
var msg1276 = match({
id: "MESSAGE#287:302008",
dissect: {
tokenizer: "Teardown conduit from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} IP version %{fld1->} protocol %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302008"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup306,
]),
});
var msg1277 = match({
id: "MESSAGE#1252:737033",
dissect: {
tokenizer: "%{process->}: Unable to assign AAA provided IP address (%{hostip->}) to Client. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737033"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to assign AAA provided IP address to Client"),
}),
]),
});
var msg1278 = match({
id: "MESSAGE#877:713074",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713074"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg1279 = match({
id: "MESSAGE#1075:717025",
dissect: {
tokenizer: "Validating certificate chain containing %{fld1->} certificate(s)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717025"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Validating certificate chain"),
}),
]),
});
var msg1280 = match({
id: "MESSAGE#230:202002",
dissect: {
tokenizer: "Unable to find translation for SRC=%{saddr->} DEST=%{daddr->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("202002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1281 = match({
id: "MESSAGE#425:317003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("317003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1282 = match({
id: "MESSAGE#671:444108",
dissect: {
tokenizer: "Shared license added client id %{hostid->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444108"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license added client"),
}),
]),
});
var msg1283 = match({
id: "MESSAGE#672:444108:01",
dissect: {
tokenizer: "Shared license expired client id %{hostid->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444108:01"),
}),
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license expired client"),
}),
]),
});
var select304 = linear_select([
msg1282,
msg1283,
]);
var msg1284 = match({
id: "MESSAGE#755:611103/0",
dissect: {
tokenizer: "User logged out: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all313 = all_match({
processors: [
msg1284,
dup238,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1401070000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("611103"),
}),
dup7,
dup17,
dup143,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("User logged out"),
}),
]),
});
var msg1285 = match({
id: "MESSAGE#496:338310",
dissect: {
tokenizer: "Failed to update from dynamic filter updater server %{web_domain->}, reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("338310"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1286 = match({
id: "MESSAGE#82:106016",
dissect: {
tokenizer: "Deny %{protocol->} spoof from (%{saddr->}) to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("106016"),
}),
dup99,
dup320,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1287 = match({
id: "MESSAGE#83:106016:01",
dissect: {
tokenizer: "Deny %{protocol->} spoof from (%{saddr->}) to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("106016:01"),
}),
dup99,
dup320,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select305 = linear_select([
msg1286,
msg1287,
]);
var msg1288 = match({
id: "MESSAGE#1057:716047/2",
dissect: {
tokenizer: "%{saddr->}> User ACL \u003c\u003c%{listnum->}> from %{fld1->} ignored, %{info->}.",
field: "nwparser.p1",
},
});
var all314 = all_match({
processors: [
dup77,
dup78,
msg1288,
],
on_success: processor_chain([
dup420,
set_field({
dest: "nwparser.msg_id1",
value: constant("716047"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1289 = match({
id: "MESSAGE#616:409023/0",
dissect: {
tokenizer: "Attempting AAA Fallback method %{process->} for %{info->} for user %{p0->}",
field: "nwparser.payload",
},
});
var msg1290 = match({
id: "MESSAGE#616:409023/2",
dissect: {
tokenizer: "'%{username->}' : %{p1->}",
field: "nwparser.p0",
},
});
var msg1291 = match({
id: "MESSAGE#616:409023/2",
dissect: {
tokenizer: "%{username->} : %{p1->}",
field: "nwparser.p0",
},
});
var select306 = linear_select([
msg1290,
msg1291,
]);
var msg1292 = match({
id: "MESSAGE#616:409023/2",
dissect: {
tokenizer: "%{space->} Auth-server group %{product->} unreachable",
field: "nwparser.p1",
},
});
var all315 = all_match({
processors: [
msg1289,
select306,
msg1292,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("409023"),
}),
dup65,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Auth-server group unreachable"),
}),
]),
});
var msg1293 = match({
id: "MESSAGE#841:709008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("709008"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Configuration may be out of sync"),
}),
dup4,
dup5,
]),
});
var msg1294 = match({
id: "MESSAGE#927:713206",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Tunnel Rejected: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713206"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: dup433,
}),
]),
});
var msg1295 = match({
id: "MESSAGE#1295:716601",
dissect: {
tokenizer: "Rejected %{fld1->} Hostscan data from IP \u003c\u003c%{saddr->}>. %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("716601"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Rejected Hostscan data"),
}),
]),
});
var msg1296 = match({
id: "MESSAGE#30:105005",
dissect: {
tokenizer: "(%{context->}) Lost Failover communications with mate on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup326,
set_field({
dest: "nwparser.msg_id1",
value: constant("105005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Lost Failover communications with mate on interface"),
}),
]),
});
var msg1297 = match({
id: "MESSAGE#245:210006",
dissect: {
tokenizer: "LU look NAT for %{hostip->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("210006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1298 = match({
id: "MESSAGE#467:335004",
dissect: {
tokenizer: "NAC is disabled for host - %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("335004"),
}),
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("NAC is disabled"),
}),
]),
});
var msg1299 = match({
id: "MESSAGE#596:406002",
dissect: {
tokenizer: "FTP port command different address: %{saddr->}(%{fld1->}) to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup239,
set_field({
dest: "nwparser.msg_id1",
value: constant("406002"),
}),
dup2,
dup3,
dup4,
dup5,
dup240,
]),
});
var msg1300 = match({
id: "MESSAGE#1178:722051:01/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > IPv4 %{p2->}",
field: "nwparser.p1",
},
});
var msg1301 = match({
id: "MESSAGE#1178:722051:01/3",
dissect: {
tokenizer: "%{saddr->} > IPv4 %{p2->}",
field: "nwparser.p1",
},
});
var select307 = linear_select([
msg1300,
msg1301,
]);
var msg1302 = match({
id: "MESSAGE#1178:722051:01/4",
dissect: {
tokenizer: "A%{p3->}",
field: "nwparser.p2",
},
});
var msg1303 = match({
id: "MESSAGE#1178:722051:01/4",
dissect: {
tokenizer: "a%{p3->}",
field: "nwparser.p2",
},
});
var select308 = linear_select([
msg1302,
msg1303,
]);
var msg1304 = match({
id: "MESSAGE#1178:722051:01/4",
dissect: {
tokenizer: "ddress \u003c\u003c %{stransaddr->} > IPv6 %{p4->}",
field: "nwparser.p3",
},
});
var msg1305 = match({
id: "MESSAGE#1178:722051:01/6",
dissect: {
tokenizer: "a%{p5->}",
field: "nwparser.p4",
},
});
var msg1306 = match({
id: "MESSAGE#1178:722051:01/6",
dissect: {
tokenizer: "A%{p5->}",
field: "nwparser.p4",
},
});
var select309 = linear_select([
msg1305,
msg1306,
]);
var msg1307 = match({
id: "MESSAGE#1178:722051:01/6",
dissect: {
tokenizer: "ddress \u003c\u003c%{info->}> assigned to session",
field: "nwparser.p5",
},
});
var all316 = all_match({
processors: [
dup181,
dup182,
select307,
select308,
msg1304,
select309,
msg1307,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("722051:01"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("specific address is assigned to session"),
}),
]),
});
var msg1308 = match({
id: "MESSAGE#1179:722051/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > Address \u003c\u003c %{p2->}",
field: "nwparser.p1",
},
});
var msg1309 = match({
id: "MESSAGE#1179:722051/3",
dissect: {
tokenizer: "%{saddr->} > Address \u003c\u003c %{p2->}",
field: "nwparser.p1",
},
});
var select310 = linear_select([
msg1308,
msg1309,
]);
var msg1310 = match({
id: "MESSAGE#1179:722051/3",
dissect: {
tokenizer: "%{stransaddr->} > assigned to session",
field: "nwparser.p2",
},
});
var all317 = all_match({
processors: [
dup181,
dup182,
select310,
msg1310,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("722051"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup434,
]),
});
var select311 = linear_select([
all316,
all317,
]);
var msg1311 = match({
id: "MESSAGE#1224:735006",
dissect: {
tokenizer: "Power Supply Unit Redundancy Lost%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("735006"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Unit Redundancy Lost"),
}),
]),
});
var msg1312 = match({
id: "MESSAGE#107:106103:01",
dissect: {
tokenizer: "access-list %{listnum->} %{action->} %{protocol->} for user '%{username->}' %{sinterface->}/%{saddr->}(%{sport->}) -> %{dinterface->}/%{daddr->}(%{dport->}) hit-cnt %{dclass_counter1->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106103:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup203,
]),
});
var msg1313 = match({
id: "MESSAGE#108:106103",
dissect: {
tokenizer: "access-list %{listnum->} %{protocol->} %{sinterface->}/%{saddr->}(%{sport->}) -> %{dinterface->}/%{daddr->}(%{dport->}) hit-cnt %{dclass_counter1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106103"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup203,
]),
});
var select312 = linear_select([
msg1312,
msg1313,
]);
var msg1314 = match({
id: "MESSAGE#1087:718005",
dissect: {
tokenizer: "Fail to send to %{saddr->} port %{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("718005"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Fail to send to host"),
}),
]),
});
var msg1315 = match({
id: "MESSAGE#1149:721010",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("721010"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1316 = match({
id: "MESSAGE#1164:722028/2",
dissect: {
tokenizer: "%{saddr->}> Stale SVC connection closed.",
field: "nwparser.p1",
},
});
var all318 = all_match({
processors: [
dup77,
dup78,
msg1316,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722028"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Stale SVC connection closed"),
}),
]),
});
var all319 = all_match({
processors: [
dup435,
dup129,
dup132,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702209:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup405,
dup4,
dup5,
]),
});
var all320 = all_match({
processors: [
dup435,
dup129,
dup130,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702209"),
}),
dup7,
dup2,
dup3,
dup405,
dup4,
dup5,
]),
});
var select313 = linear_select([
all319,
all320,
]);
var msg1317 = match({
id: "MESSAGE#1306:776251",
dissect: {
tokenizer: "CTS SGT-MAP: Binding %{saddr->}/%{sport->}->%{fld1->}:%{group->} from %{fld2->} added to binding manager.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("776251"),
}),
dup14,
dup3,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("added to binding manager"),
}),
]),
});
var msg1318 = match({
id: "MESSAGE#43:105035",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("105035"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1319 = match({
id: "MESSAGE#483:338201/4",
dissect: {
tokenizer: "ed greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all321 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg1319,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338201"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1320 = match({
id: "MESSAGE#513:400016",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400016"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all322 = all_match({
processors: [
dup436,
dup129,
dup130,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("602203:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup437,
]),
});
var all323 = all_match({
processors: [
dup436,
dup129,
dup132,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("602203"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup437,
]),
});
var select314 = linear_select([
all322,
all323,
]);
var msg1321 = match({
id: "MESSAGE#1109:718072",
dissect: {
tokenizer: "Becoming master of Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718072"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Becoming master of Load Balancing"),
}),
]),
});
var msg1322 = match({
id: "MESSAGE#1248:737029/1",
dissect: {
tokenizer: "Session=%{sessionid->}, Added %{hostip->} to standby ",
field: "nwparser.p0",
},
});
var msg1323 = match({
id: "MESSAGE#1248:737029/1",
dissect: {
tokenizer: "Added %{hostip->} to standby ",
field: "nwparser.p0",
},
});
var select315 = linear_select([
msg1322,
msg1323,
]);
var all324 = all_match({
processors: [
dup53,
select315,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737029"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Added host to standby"),
}),
]),
});
var msg1324 = match({
id: "MESSAGE#343:302303",
dissect: {
tokenizer: "Built %{protocol->} state-bypass connection %{connectionid->} from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302303"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Built state-bypass connection"),
}),
]),
});
var msg1325 = match({
id: "MESSAGE#1176:722049/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > Session terminated: %{p2->}",
field: "nwparser.p1",
},
});
var msg1326 = match({
id: "MESSAGE#1176:722049/3",
dissect: {
tokenizer: "%{saddr->} > Session terminated: %{p2->}",
field: "nwparser.p1",
},
});
var select316 = linear_select([
msg1325,
msg1326,
]);
var all325 = all_match({
processors: [
dup181,
dup182,
select316,
dup438,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722049"),
}),
dup2,
dup3,
dup4,
dup5,
dup372,
]),
});
var msg1327 = match({
id: "MESSAGE#1204:725016/0",
dissect: {
tokenizer: "Device selects trust-point %{network_service->} for client %{interface->}: %{p0->}",
field: "nwparser.payload",
},
});
var msg1328 = match({
id: "MESSAGE#1204:725016/1",
dissect: {
tokenizer: "%{fld1->}_%{fld2->}_%{saddr->}/%{sport->} to %{daddr->}/%{dport->} ",
field: "nwparser.p0",
},
});
var msg1329 = match({
id: "MESSAGE#1204:725016/1",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} ",
field: "nwparser.p0",
},
});
var select317 = linear_select([
msg1328,
msg1329,
]);
var all326 = all_match({
processors: [
msg1327,
select317,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725016"),
}),
dup35,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Device selects trust-point"),
}),
]),
});
var msg1330 = match({
id: "MESSAGE#1234:737010",
dissect: {
tokenizer: "%{process->}: Client requested address %{hostip->}, request succeeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Client requested address succeeded"),
}),
]),
});
var msg1331 = match({
id: "MESSAGE#1235:737010:01",
dissect: {
tokenizer: "%{process->}: AAA assigned address %{hostip->} succeeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737010:01"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AAA assigned address succeeded"),
}),
]),
});
var select318 = linear_select([
msg1330,
msg1331,
]);
var msg1332 = match({
id: "MESSAGE#749:610001",
dissect: {
tokenizer: "%{service->} daemon interface %{interface->}: Packet denied from %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("610001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Packet denied"),
}),
]),
});
var all327 = all_match({
processors: [
dup22,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715042"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1333 = match({
id: "MESSAGE#1301:771002",
dissect: {
tokenizer: "CLOCK: %{fld1->}, source: %{fld2->}, IP: %{saddr->}, before: %{change_old->}, after: %{change_new->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("771002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("System clock set"),
}),
]),
});
var msg1334 = match({
id: "MESSAGE#20:104001",
dissect: {
tokenizer: "(%{context->})%{event_description->}(cause: %{result->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104001"),
}),
dup38,
dup13,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1335 = match({
id: "MESSAGE#21:104001:01",
dissect: {
tokenizer: "(%{context->})%{event_description->} - %{result->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104001:01"),
}),
dup38,
dup13,
dup39,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select319 = linear_select([
msg1334,
msg1335,
]);
var msg1336 = match({
id: "MESSAGE#33:105008/0",
dissect: {
tokenizer: "(%{context->}) Testing %{p0->}",
field: "nwparser.payload",
},
});
var msg1337 = match({
id: "MESSAGE#33:105008/2",
dissect: {
tokenizer: "nterface %{interface->}",
field: "nwparser.p1",
},
});
var all328 = all_match({
processors: [
msg1336,
dup266,
msg1337,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("105008"),
}),
dup2,
dup3,
dup4,
dup5,
dup363,
]),
});
var msg1338 = match({
id: "MESSAGE#131:109010",
dissect: {
tokenizer: "Auth from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} failed (%{result->}) on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109010"),
}),
dup18,
dup99,
dup87,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var msg1339 = match({
id: "MESSAGE#673:444109",
dissect: {
tokenizer: "Shared license backup server role change to %{result->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444109"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license backup server role changed"),
}),
]),
});
var msg1340 = match({
id: "MESSAGE#667:444101",
dissect: {
tokenizer: "Shared license service is active. %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444101"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Shared license service is active"),
}),
]),
});
var msg1341 = match({
id: "MESSAGE#724:603105/0",
dissect: {
tokenizer: "PPTP Tunnel deleted%{p0->}",
field: "nwparser.payload",
},
});
var msg1342 = match({
id: "MESSAGE#724:603105/2",
dissect: {
tokenizer: "%{->}tunnel_id =%{fld1->}, remote_peer_ip=%{saddr->}",
field: "nwparser.p1",
},
});
var all329 = all_match({
processors: [
msg1341,
dup235,
msg1342,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("603105"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP tunnel deleted"),
}),
]),
});
var msg1343 = match({
id: "MESSAGE#172:111008/2",
dissect: {
tokenizer: "'%{username->}' executed the %{p1->}",
field: "nwparser.p0",
},
});
var msg1344 = match({
id: "MESSAGE#172:111008/2",
dissect: {
tokenizer: "%{username->} executed the %{p1->}",
field: "nwparser.p0",
},
});
var select320 = linear_select([
msg1343,
msg1344,
]);
var msg1345 = match({
id: "MESSAGE#172:111008/2",
dissect: {
tokenizer: "command %{action->} ",
field: "nwparser.p1",
},
});
var msg1346 = match({
id: "MESSAGE#172:111008/2",
dissect: {
tokenizer: "'%{action->}' command ",
field: "nwparser.p1",
},
});
var select321 = linear_select([
msg1345,
msg1346,
]);
var all330 = all_match({
processors: [
dup262,
select320,
select321,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111008"),
}),
dup2,
dup3,
dup4,
dup5,
dup362,
]),
});
var msg1347 = match({
id: "MESSAGE#669:444104",
dissect: {
tokenizer: "Shared %{protocol->} license availability: %{info->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("444104"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shared protocol license availability"),
}),
]),
});
var msg1348 = match({
id: "MESSAGE#783:613001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("613001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1349 = match({
id: "MESSAGE#1059:716052",
dissect: {
tokenizer: "Group %{fld0->} User %{username->} IP %{saddr->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716052"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1350 = match({
id: "MESSAGE#1280:113028/0",
dissect: {
tokenizer: "Extraction of username from VPN client certificate has %{p0->}",
field: "nwparser.payload",
},
});
var msg1351 = match({
id: "MESSAGE#1280:113028/2",
dissect: {
tokenizer: "finished %{disposition->}. [Request %{p1->}",
field: "nwparser.p0",
},
});
var msg1352 = match({
id: "MESSAGE#1280:113028/2",
dissect: {
tokenizer: "been %{disposition->}. [Request %{p1->}",
field: "nwparser.p0",
},
});
var msg1353 = match({
id: "MESSAGE#1280:113028/2",
dissect: {
tokenizer: "%{disposition->}. [Request %{p1->}",
field: "nwparser.p0",
},
});
var select322 = linear_select([
msg1351,
msg1352,
msg1353,
]);
var msg1354 = match({
id: "MESSAGE#1280:113028/2",
dissect: {
tokenizer: "%{fld1->}]",
field: "nwparser.p1",
},
});
var all331 = all_match({
processors: [
msg1350,
select322,
msg1354,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("113028"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1355 = match({
id: "MESSAGE#116:108004:01/0",
dissect: {
tokenizer: "SMTP: Bad Checksum %{network_service->} Re%{p0->}",
field: "nwparser.payload",
},
});
var all332 = all_match({
processors: [
msg1355,
dup439,
dup440,
dup345,
dup346,
dup441,
dup442,
],
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108004:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1356 = match({
id: "MESSAGE#117:108004",
dissect: {
tokenizer: "Bad Checksum in %{network_service->} response",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1357 = match({
id: "MESSAGE#118:108004:02/0",
dissect: {
tokenizer: "ESMTP Classification: %{action->} for %{network_service->} Re%{p0->}",
field: "nwparser.payload",
},
});
var all333 = all_match({
processors: [
msg1357,
dup439,
dup440,
dup345,
dup346,
dup441,
dup442,
],
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108004:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select323 = linear_select([
all332,
msg1356,
all333,
]);
var msg1358 = match({
id: "MESSAGE#750:610002",
dissect: {
tokenizer: "%{service->} daemon interface %{interface->}: Authentication failed for packet from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("610002"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Authentication failed"),
}),
]),
});
var msg1359 = match({
id: "MESSAGE#1148:721004",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("721004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1360 = match({
id: "MESSAGE#1155:722005",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("722005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all334 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715055"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1361 = match({
id: "MESSAGE#1102:718051",
dissect: {
tokenizer: "Deleted secure tunnel to peer %{space->} [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718051"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted secure tunnel to peer"),
}),
]),
});
var msg1362 = match({
id: "MESSAGE#480:338102/2",
dissect: {
tokenizer: "ilter %{action->} whitelisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->}",
field: "nwparser.p1",
},
});
var all335 = all_match({
processors: [
dup183,
dup184,
msg1362,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338102"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1363 = match({
id: "MESSAGE#524:400027",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400027"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1364 = match({
id: "MESSAGE#660:420005",
dissect: {
tokenizer: "Virtual Sensor %{vsys->} was deleted from the %{product->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("420005"),
}),
dup108,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Virtual Sensor deleted"),
}),
]),
});
var msg1365 = match({
id: "MESSAGE#948:713251/2",
dissect: {
tokenizer: "%{saddr->}, Received authentication failure message",
field: "nwparser.p1",
},
});
var all336 = all_match({
processors: [
dup22,
dup23,
msg1365,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1301020000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("713251"),
}),
dup7,
dup133,
dup134,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received authentication failure message"),
}),
]),
});
var all337 = all_match({
processors: [
dup22,
dup23,
dup300,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713034"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1366 = match({
id: "MESSAGE#859:713034:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{action->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713034:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select324 = linear_select([
all337,
msg1366,
]);
var msg1367 = match({
id: "MESSAGE#996:715009/2",
dissect: {
tokenizer: "%{saddr->}, %{action->}: %{info->}",
field: "nwparser.p1",
},
});
var all338 = all_match({
processors: [
dup22,
dup23,
msg1367,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("715009"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1368 = match({
id: "MESSAGE#997:715009:01/2",
dissect: {
tokenizer: "%{action->}: %{info->}",
field: "nwparser.p1",
},
});
var all339 = all_match({
processors: [
dup44,
dup175,
msg1368,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("715009:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select325 = linear_select([
all338,
all339,
]);
var msg1369 = match({
id: "MESSAGE#609:409007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("409007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1370 = match({
id: "MESSAGE#698:505013/1",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->}, application reloading \"%{p0->}",
field: "nwparser.payload",
},
});
var msg1371 = match({
id: "MESSAGE#698:505013/1",
dissect: {
tokenizer: "Module ips, application reloading \"%{p0->}",
field: "nwparser.payload",
},
});
var select326 = linear_select([
msg1370,
msg1371,
]);
var all340 = all_match({
processors: [
select326,
dup57,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1702010000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("505013"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1372 = match({
id: "MESSAGE#1286:746015",
dissect: {
tokenizer: "user-identity: [FQDN] %{domain->} resolved %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("746015"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1373 = match({
id: "MESSAGE#1292:405003",
dissect: {
tokenizer: "IP address collision detected between host %{hostip->} at %{smacaddr->} and interface %{dinterface->}, %{dmacaddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1805010100"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("405003"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IP address collision detected"),
}),
]),
});
var msg1374 = match({
id: "MESSAGE#126:109005/0",
dissect: {
tokenizer: "Authentication succeeded for user %{p0->}",
field: "nwparser.payload",
},
});
var all341 = all_match({
processors: [
msg1374,
dup61,
dup62,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("109005"),
}),
dup17,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Successful Authentication"),
}),
]),
});
var msg1375 = match({
id: "MESSAGE#555:402102",
dissect: {
tokenizer: "%{fld1->}: packet missing %{fld2->}, destadr=%{daddr->}, actual prot=%{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402102"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("invalid packet"),
}),
set_field({
dest: "nwparser.result",
value: constant("missing packet type"),
}),
]),
});
var msg1376 = match({
id: "MESSAGE#1007:715035",
dissect: {
tokenizer: "IP = %{saddr->}, Starting IOS keepalive monitor: %{duration->} sec.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715035"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg1377 = match({
id: "MESSAGE#1173:722041/0",
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{fld1->} > GroupPolicy \u003c\u003c %{group->} > User %{p0->}",
field: "nwparser.payload",
},
});
var msg1378 = match({
id: "MESSAGE#1173:722041/2",
dissect: {
tokenizer: "%{saddr->} (%{fld2->}) > No IPv6 address available for SVC connection",
field: "nwparser.p1",
},
});
var msg1379 = match({
id: "MESSAGE#1173:722041/2",
dissect: {
tokenizer: "%{saddr->} > No IPv6 address available for SVC connection",
field: "nwparser.p1",
},
});
var select327 = linear_select([
msg1378,
msg1379,
]);
var all342 = all_match({
processors: [
msg1377,
dup182,
select327,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("722041"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("No IPv6 address available for SVC connection"),
}),
]),
});
var msg1380 = match({
id: "MESSAGE#1080:717030",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717030"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1381 = match({
id: "MESSAGE#204:199003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1382 = match({
id: "MESSAGE#207:199006/0",
dissect: {
tokenizer: "Orderly reload started at %{fld1->} by %{p0->}",
field: "nwparser.payload",
},
});
var msg1383 = match({
id: "MESSAGE#207:199006/2",
dissect: {
tokenizer: "%{->} %{username->} from %{protocol->} (remote %{saddr->})%{p1->}",
field: "nwparser.p0",
},
});
var select328 = linear_select([
msg1383,
dup367,
]);
var msg1384 = match({
id: "MESSAGE#207:199006/2",
dissect: {
tokenizer: ". Reload reason: %{result->}",
field: "nwparser.p1",
},
});
var all343 = all_match({
processors: [
msg1382,
select328,
msg1384,
],
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("199006"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Orderly reload started"),
}),
dup4,
dup5,
]),
});
var msg1385 = match({
id: "MESSAGE#242:210002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1386 = match({
id: "MESSAGE#578:403110",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("403110"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1387 = match({
id: "MESSAGE#485:338203/2",
dissect: {
tokenizer: "ilter dropped greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all344 = all_match({
processors: [
dup183,
dup184,
msg1387,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338203"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1388 = match({
id: "MESSAGE#533:400036",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400036"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1389 = match({
id: "MESSAGE#632:415001",
dissect: {
tokenizer: "%{sigid->} HTTP Tunnel detected - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Tunnel detected"),
}),
]),
});
var msg1390 = match({
id: "MESSAGE#829:702302",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702302"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1391 = match({
id: "MESSAGE#57:106001",
dissect: {
tokenizer: "%{direction->} %{protocol->} connection denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106001"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1392 = match({
id: "MESSAGE#58:106001:01",
dissect: {
tokenizer: "%{direction->} %{protocol->} connection denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106001:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select329 = linear_select([
msg1391,
msg1392,
]);
var msg1393 = match({
id: "MESSAGE#127:109006/0",
dissect: {
tokenizer: "Authentication failed for user %{p0->}",
field: "nwparser.payload",
},
});
var all345 = all_match({
processors: [
msg1393,
dup61,
dup62,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("109006"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("authentication failure"),
}),
]),
});
var msg1394 = match({
id: "MESSAGE#263:213004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("213004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1395 = match({
id: "MESSAGE#458:324005",
dissect: {
tokenizer: "Unable to create tunnel from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Unable to create tunnel"),
}),
]),
});
var msg1396 = match({
id: "MESSAGE#1223:735005",
dissect: {
tokenizer: "Power Supply Unit Redundancy OK%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("735005"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Unit Redundancy OK"),
}),
]),
});
var msg1397 = match({
id: "MESSAGE#235:208005",
dissect: {
tokenizer: "(FUNCTION:%{fld1->}) pix clear %{fld2->} return %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("208005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1398 = match({
id: "MESSAGE#434:318007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1399 = match({
id: "MESSAGE#454:324001",
dissect: {
tokenizer: "GTPv0 packet parsing error from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, TID: %{fld1->}, Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("GTPv0 packet parsing error"),
}),
]),
});
var msg1400 = match({
id: "MESSAGE#499:400002",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400002"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1401 = match({
id: "MESSAGE#482:338104/4",
dissect: {
tokenizer: "action%{p3->}",
field: "nwparser.p2",
},
});
var msg1402 = match({
id: "MESSAGE#482:338104/4",
dissect: {
tokenizer: "monitored%{p3->}",
field: "nwparser.p2",
},
});
var select330 = linear_select([
msg1401,
msg1402,
]);
var msg1403 = match({
id: "MESSAGE#482:338104/4",
dissect: {
tokenizer: "%{->}whitelisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{hostip->} resolved from %{listnum->} list: %{info->}",
field: "nwparser.p3",
},
});
var all346 = all_match({
processors: [
dup183,
dup184,
dup230,
select330,
msg1403,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338104"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic Filter monitored whitelisted traffic"),
}),
]),
});
var msg1404 = match({
id: "MESSAGE#1147:721003",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("721003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1405 = match({
id: "MESSAGE#18:103006",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("103006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1406 = match({
id: "MESSAGE#67:106009",
dissect: {
tokenizer: "Translation for %{saddr->} to %{daddr->}/%{dport->} denied by %{direction->} (destination is denied) %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106009"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup423,
]),
});
var all347 = all_match({
processors: [
dup307,
dup443,
dup310,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302024"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup311,
]),
});
var msg1407 = match({
id: "MESSAGE#25:104004",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("104004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1408 = match({
id: "MESSAGE#802:701001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("701001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1409 = match({
id: "MESSAGE#1098:718044",
dissect: {
tokenizer: "Deleted peer %{space->} [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718044"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Deleted peer"),
}),
]),
});
var msg1410 = match({
id: "MESSAGE#828:702301",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702301"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1411 = match({
id: "MESSAGE#986:714006",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714006"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1412 = match({
id: "MESSAGE#987:714006:01",
dissect: {
tokenizer: "IKE Initiator sending 3rd QM pkt: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("714006:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator sending 3rd QM pkt"),
}),
]),
});
var select331 = linear_select([
msg1411,
msg1412,
]);
var msg1413 = match({
id: "MESSAGE#1038:715066",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("715066"),
}),
dup7,
dup13,
dup38,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg1414 = match({
id: "MESSAGE#55:105046",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("105046"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1415 = match({
id: "MESSAGE#709:602104",
dissect: {
tokenizer: "%{product->}: Received an ICMP Destination Unreachable from %{saddr->},%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("602104"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup395,
]),
});
var msg1416 = match({
id: "MESSAGE#742:606003",
dissect: {
tokenizer: "ASDM logging session number %{sessionid->} from %{hostip->} started %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("606003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("ASDM loggingsession started"),
}),
]),
});
var msg1417 = match({
id: "MESSAGE#765:611309",
dissect: {
tokenizer: "VPNClient: Disconnecting from head end and uninstalling previously downloaded policy: Head End : %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("611309"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("head end disconnect"),
}),
]),
});
var msg1418 = match({
id: "MESSAGE#571:403102",
dissect: {
tokenizer: "PPP virtual interface %{interface->} rcvd pkt with invalid protocol: %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("403102"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1419 = match({
id: "MESSAGE#834:709001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("709001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1420 = match({
id: "MESSAGE#1092:718022",
dissect: {
tokenizer: "Received KEEPALIVE request from [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718022"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received KEEPALIVE request"),
}),
]),
});
var msg1421 = match({
id: "MESSAGE#62:106006",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106006"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1422 = match({
id: "MESSAGE#63:106006:01",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106006:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select332 = linear_select([
msg1421,
msg1422,
]);
var msg1423 = match({
id: "MESSAGE#88:106020",
dissect: {
tokenizer: "Deny IP teardrop fragment (size = %{fld1->}, offset = %{fld2->}) from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("106020"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("denied IP teardrop fragment"),
}),
]),
});
var msg1424 = match({
id: "MESSAGE#406:313001",
dissect: {
tokenizer: "Denied ICMP type=%{icmptype->}, code=%{icmpcode->} from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup359,
set_field({
dest: "nwparser.msg_id1",
value: constant("313001"),
}),
dup2,
dup3,
dup4,
dup5,
dup259,
dup196,
]),
});
var msg1425 = match({
id: "MESSAGE#516:400019",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400019"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1426 = match({
id: "MESSAGE#946:713236/2",
dissect: {
tokenizer: "IP = %{saddr->} IKE_DECODE %{p1->}",
field: "nwparser.p0",
},
});
var msg1427 = match({
id: "MESSAGE#946:713236/2",
dissect: {
tokenizer: "%{space->} IKE_DECODE %{p1->}",
field: "nwparser.p0",
},
});
var select333 = linear_select([
msg1426,
msg1427,
]);
var msg1428 = match({
id: "MESSAGE#946:713236/3",
dissect: {
tokenizer: "SENDING%{p2->}",
field: "nwparser.p1",
},
});
var msg1429 = match({
id: "MESSAGE#946:713236/3",
dissect: {
tokenizer: "RECEIVED%{p2->}",
field: "nwparser.p1",
},
});
var msg1430 = match({
id: "MESSAGE#946:713236/3",
dissect: {
tokenizer: "RESENDING%{p2->}",
field: "nwparser.p1",
},
});
var select334 = linear_select([
msg1428,
msg1429,
msg1430,
]);
var msg1431 = match({
id: "MESSAGE#946:713236/3",
dissect: {
tokenizer: "%{->}Message",
field: "nwparser.p2",
},
});
var all348 = all_match({
processors: [
dup44,
select333,
select334,
msg1431,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713236"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE_DECODE Message"),
}),
]),
});
var msg1432 = match({
id: "MESSAGE#1169:722033/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > First %{p2->}",
field: "nwparser.p1",
},
});
var msg1433 = match({
id: "MESSAGE#1169:722033/3",
dissect: {
tokenizer: "%{saddr->} > First %{p2->}",
field: "nwparser.p1",
},
});
var select335 = linear_select([
msg1432,
msg1433,
]);
var msg1434 = match({
id: "MESSAGE#1169:722033/4",
dissect: {
tokenizer: "SVC connection established for SVC session.%{->}",
field: "nwparser.p3",
},
});
var all349 = all_match({
processors: [
dup181,
dup182,
select335,
dup268,
msg1434,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("722033"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup444,
]),
});
var msg1435 = match({
id: "MESSAGE#251:210022",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210022"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1436 = match({
id: "MESSAGE#826:702212:01/2",
dissect: {
tokenizer: "%{->}rekey (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all350 = all_match({
processors: [
dup445,
dup446,
msg1436,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702212:01"),
}),
dup7,
dup11,
dup12,
dup13,
dup14,
dup2,
dup3,
dup447,
dup4,
dup5,
]),
});
var msg1437 = match({
id: "MESSAGE#827:702212/2",
dissect: {
tokenizer: "%{->}rekey (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all351 = all_match({
processors: [
dup445,
dup446,
msg1437,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702212"),
}),
dup7,
dup11,
dup12,
dup13,
dup2,
dup3,
dup447,
dup4,
dup5,
]),
});
var select336 = linear_select([
all350,
all351,
]);
var msg1438 = match({
id: "MESSAGE#866:713049/2",
dissect: {
tokenizer: "%{saddr->}, Security negotiation complete for %{p2->}",
field: "nwparser.p1",
},
});
var msg1439 = match({
id: "MESSAGE#866:713049/4",
dissect: {
tokenizer: "LAN-to-LAN Group%{p3->}",
field: "nwparser.p2",
},
});
var select337 = linear_select([
msg1439,
dup448,
]);
var msg1440 = match({
id: "MESSAGE#866:713049/4",
dissect: {
tokenizer: "%{->}(%{fld1->}) %{p4->}",
field: "nwparser.p3",
},
});
var msg1441 = match({
id: "MESSAGE#866:713049/6",
dissect: {
tokenizer: "Initiato%{p5->}",
field: "nwparser.p4",
},
});
var msg1442 = match({
id: "MESSAGE#866:713049/6",
dissect: {
tokenizer: "Responde%{p5->}",
field: "nwparser.p4",
},
});
var select338 = linear_select([
msg1441,
msg1442,
]);
var msg1443 = match({
id: "MESSAGE#866:713049/6",
dissect: {
tokenizer: "r , Inbound SPI = %{src_spi->}, Outbound SPI = %{dst_spi->}",
field: "nwparser.p5",
},
});
var all352 = all_match({
processors: [
dup9,
dup365,
msg1438,
select337,
msg1440,
select338,
msg1443,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("713049"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Security negotiation complete"),
}),
]),
});
var msg1444 = match({
id: "MESSAGE#881:713092",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713092"),
}),
dup7,
dup11,
dup12,
dup13,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1445 = match({
id: "MESSAGE#892:713127",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Xauth required but selected Proposal does not support xauth, %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713127"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Xauth required but selected Proposal does not support xauth"),
}),
]),
});
var msg1446 = match({
id: "MESSAGE#1093:718023",
dissect: {
tokenizer: "Received KEEPALIVE response from [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718023"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received KEEPALIVE response"),
}),
]),
});
var msg1447 = match({
id: "MESSAGE#1266:750006",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} SA UP. Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("750006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SA UP"),
}),
]),
});
var msg1448 = match({
id: "MESSAGE#1305:717043",
dissect: {
tokenizer: "Local CA Server certificate enrollment related info for user: %{username->}. Info: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717043"),
}),
dup14,
dup2,
dup3,
dup5,
]),
});
var msg1449 = match({
id: "MESSAGE#87:106019",
dissect: {
tokenizer: "IP packet from %{saddr->} to %{daddr->}, protocol %{protocol->} received from interface \"%{interface->}\" %{space->} deny by access-group \"%{fld1->}\"",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106019"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("denied by acces-group"),
}),
]),
});
var msg1450 = match({
id: "MESSAGE#680:502101/0",
dissect: {
tokenizer: "New user added to local dbase: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all353 = all_match({
processors: [
msg1450,
dup215,
dup216,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402020200"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502101"),
}),
dup17,
dup164,
dup217,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("New user added to local DB"),
}),
]),
});
var msg1451 = match({
id: "MESSAGE#928:713211",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->},%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("713211"),
}),
dup7,
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Adding static router for peer"),
}),
]),
});
var msg1452 = match({
id: "MESSAGE#954:713900:02",
dissect: {
tokenizer: "ike_DelOldCentryAndCreateNew(): %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713900:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("ike_DelOldCentryAndCreateNew mismatch"),
}),
]),
});
var msg1453 = match({
id: "MESSAGE#955:713900/2",
dissect: {
tokenizer: "%{info->}(): %{event_description->}",
field: "nwparser.p1",
},
});
var all354 = all_match({
processors: [
dup44,
dup280,
msg1453,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713900"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1454 = match({
id: "MESSAGE#956:713900:01",
dissect: {
tokenizer: "Unable to contruct xauth message, no message%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713900:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select339 = linear_select([
msg1452,
all354,
msg1454,
]);
var msg1455 = match({
id: "MESSAGE#784:613002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("613002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1456 = match({
id: "MESSAGE#930:713214",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713214"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1457 = match({
id: "MESSAGE#1047:716003/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} access GRANTED: %{url->}",
field: "nwparser.p1",
},
});
var all355 = all_match({
processors: [
dup77,
dup78,
msg1457,
],
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("716003"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("WebVPN access GRANTED"),
}),
]),
});
var msg1458 = match({
id: "MESSAGE#1120:720024",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720024"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1459 = match({
id: "MESSAGE#806:702202:01/2",
dissect: {
tokenizer: "%{->}sent (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all356 = all_match({
processors: [
dup88,
dup89,
msg1459,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702202:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup449,
]),
});
var msg1460 = match({
id: "MESSAGE#807:702202/2",
dissect: {
tokenizer: "%{->}sent (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all357 = all_match({
processors: [
dup88,
dup89,
msg1460,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702202"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup449,
]),
});
var select340 = linear_select([
all356,
all357,
]);
var msg1461 = match({
id: "MESSAGE#1309:202010/1",
dissect: {
tokenizer: "P%{p0->}",
field: "nwparser.payload",
},
});
var msg1462 = match({
id: "MESSAGE#1309:202010/1",
dissect: {
tokenizer: "N%{p0->}",
field: "nwparser.payload",
},
});
var select341 = linear_select([
msg1461,
msg1462,
]);
var msg1463 = match({
id: "MESSAGE#1309:202010/1",
dissect: {
tokenizer: "AT pool exhausted. Unable to create %{protocol->} connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.p0",
},
});
var all358 = all_match({
processors: [
select341,
msg1463,
],
on_success: processor_chain([
dup359,
set_field({
dest: "nwparser.msg_id1",
value: constant("202010"),
}),
dup43,
dup99,
dup102,
dup87,
dup2,
dup3,
dup5,
]),
});
var msg1464 = match({
id: "MESSAGE#507:400010",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400010"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1465 = match({
id: "MESSAGE#658:420003",
dissect: {
tokenizer: "IPS requested to reset %{protocol->} connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("420003"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IPS request to reset connection"),
}),
]),
});
var msg1466 = match({
id: "MESSAGE#1174:722043/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > DTLS disabled: %{p2->}",
field: "nwparser.p1",
},
});
var msg1467 = match({
id: "MESSAGE#1174:722043/3",
dissect: {
tokenizer: "%{saddr->} > DTLS disabled: %{p2->}",
field: "nwparser.p1",
},
});
var select342 = linear_select([
msg1466,
msg1467,
]);
var all359 = all_match({
processors: [
dup181,
dup182,
select342,
dup438,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("722043"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("DTLS disabled"),
}),
]),
});
var msg1468 = match({
id: "MESSAGE#1199:725011",
dissect: {
tokenizer: "%{action->}[%{fld1->}] : %{encryption_type->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725011"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1469 = match({
id: "MESSAGE#414:315002/0",
dissect: {
tokenizer: "Permitted SSH session from %{saddr->} on interface %{interface->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all360 = all_match({
processors: [
msg1469,
dup238,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("315002"),
}),
dup17,
dup106,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Permitted session"),
}),
]),
});
var msg1470 = match({
id: "MESSAGE#979:714001",
dissect: {
tokenizer: "OBSOLETE DESCRIPTOR - INDEX %{dclass_counter1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("714001"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("OBSOLETE DESCRIPTOR"),
}),
]),
});
var msg1471 = match({
id: "MESSAGE#1061:716059",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> AnyConnect session resumed connection from IP \u003c\u003c%{hostip->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716059"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect session resumed connection"),
}),
]),
});
var msg1472 = match({
id: "MESSAGE#456:324003",
dissect: {
tokenizer: "No matching request to process GTPv %{fld2->} %{fld3->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("324003"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("No matching GTP request"),
}),
]),
});
var msg1473 = match({
id: "MESSAGE#518:400021",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400021"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1474 = match({
id: "MESSAGE#523:400026",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400026"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1475 = match({
id: "MESSAGE#605:409003/0",
dissect: {
tokenizer: "%{->}Receive%{p0->}",
field: "nwparser.payload",
},
});
var msg1476 = match({
id: "MESSAGE#605:409003/2",
dissect: {
tokenizer: "%{->}invalid packet: %{result->} from %{saddr->}, %{interface->}",
field: "nwparser.p1",
},
});
var all361 = all_match({
processors: [
msg1475,
dup89,
msg1476,
],
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1477 = match({
id: "MESSAGE#479:338101/2",
dissect: {
tokenizer: "ilter %{action->} whitelisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->}",
field: "nwparser.p1",
},
});
var all362 = all_match({
processors: [
dup183,
dup184,
msg1477,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338101"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var all363 = all_match({
processors: [
dup44,
dup266,
dup322,
dup323,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("411004"),
}),
dup38,
dup13,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1478 = match({
id: "MESSAGE#1081:717033",
dissect: {
tokenizer: "%{application->} response received.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717033"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("application response received"),
}),
]),
});
var msg1479 = match({
id: "MESSAGE#1127:722034",
dissect: {
tokenizer: "Group %{group->} User %{username->} IP %{saddr->} %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("722034"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1480 = match({
id: "MESSAGE#134:109013",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109013"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1481 = match({
id: "MESSAGE#1051:716023/1",
dissect: {
tokenizer: "\u003c\u003c%{username->}> Session could not be established: session limit of maximum_sessions reached",
field: "nwparser.p0",
},
});
var msg1482 = match({
id: "MESSAGE#1051:716023/1",
dissect: {
tokenizer: "'%{username->}' Session could not be established: session limit of maximum_sessions reached",
field: "nwparser.p0",
},
});
var msg1483 = match({
id: "MESSAGE#1051:716023/1",
dissect: {
tokenizer: "%{username->} Session could not be established: session limit of maximum_sessions reached",
field: "nwparser.p0",
},
});
var select343 = linear_select([
msg1481,
msg1482,
msg1483,
]);
var all364 = all_match({
processors: [
dup77,
select343,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716023"),
}),
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Session could not be established"),
}),
]),
});
var msg1484 = match({
id: "MESSAGE#1065:717004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1485 = match({
id: "MESSAGE#1222:735004",
dissect: {
tokenizer: "Power Supply %{dclass_counter1->}: Failure Detected",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("735004"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Failure detected"),
}),
]),
});
var msg1486 = match({
id: "MESSAGE#91:106023/0",
dissect: {
tokenizer: "Deny protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} by access-group %{p0->}",
field: "nwparser.payload",
},
});
var msg1487 = match({
id: "MESSAGE#91:106023/2",
dissect: {
tokenizer: "\\%{p1->}",
field: "nwparser.p0",
},
});
var select344 = linear_select([
msg1487,
]);
var msg1488 = match({
id: "MESSAGE#91:106023/2",
dissect: {
tokenizer: "\" %{rule_group->} %{p2->}",
field: "nwparser.p1",
},
});
var msg1489 = match({
id: "MESSAGE#91:106023/4",
dissect: {
tokenizer: "\\%{p3->}",
field: "nwparser.p2",
},
});
var msg1490 = match({
id: "MESSAGE#91:106023/4",
dissect: {
tokenizer: "%{->} %{p3->}",
field: "nwparser.p2",
},
});
var select345 = linear_select([
msg1489,
msg1490,
]);
var msg1491 = match({
id: "MESSAGE#91:106023/4",
dissect: {
tokenizer: "\" %{->}",
field: "nwparser.p3",
},
});
var all365 = all_match({
processors: [
msg1486,
select344,
msg1488,
select345,
msg1491,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106023"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup275,
]),
});
var msg1492 = match({
id: "MESSAGE#92:106023:01/0",
dissect: {
tokenizer: "Deny %{protocol->} src %{sinterface->}:%{saddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var msg1493 = match({
id: "MESSAGE#92:106023:01/2",
dissect: {
tokenizer: "%{sport->}(%{domain->}) dst %{p1->}",
field: "nwparser.p0",
},
});
var select346 = linear_select([
dup276,
msg1493,
dup277,
]);
var msg1494 = match({
id: "MESSAGE#92:106023:01/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{p2->}",
field: "nwparser.p1",
},
});
var msg1495 = match({
id: "MESSAGE#92:106023:01/4",
dissect: {
tokenizer: "%{dport->}(%{dhost->}) by access-group \"%{p3->}",
field: "nwparser.p2",
},
});
var msg1496 = match({
id: "MESSAGE#92:106023:01/4",
dissect: {
tokenizer: "%{dport->} by access-group \"%{p3->}",
field: "nwparser.p2",
},
});
var select347 = linear_select([
msg1495,
msg1496,
]);
var msg1497 = match({
id: "MESSAGE#92:106023:01/4",
dissect: {
tokenizer: "%{rule_group->}\"",
field: "nwparser.p3",
},
});
var all366 = all_match({
processors: [
msg1492,
select346,
msg1494,
select347,
msg1497,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106023:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup35,
dup4,
dup5,
dup27,
dup275,
]),
});
var msg1498 = match({
id: "MESSAGE#93:106023:04/0",
dissect: {
tokenizer: "Deny %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var msg1499 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "%{dport->}(%{domain->}\\%{username->}) by access-group %{p1->}",
field: "nwparser.p0",
},
});
var msg1500 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "%{dport->}(%{fld2->}) by access-group %{p1->}",
field: "nwparser.p0",
},
});
var msg1501 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "%{dport->} by access-group %{p1->}",
field: "nwparser.p0",
},
});
var select348 = linear_select([
msg1499,
msg1500,
msg1501,
]);
var msg1502 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "%{->}\"%{rule_group->}\" %{fld1->}",
field: "nwparser.p1",
},
});
var msg1503 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "\"%{rule_group->}\"",
field: "nwparser.p1",
},
});
var msg1504 = match({
id: "MESSAGE#93:106023:04/2",
dissect: {
tokenizer: "%{rule_group->}",
field: "nwparser.p1",
},
});
var select349 = linear_select([
msg1502,
msg1503,
msg1504,
]);
var all367 = all_match({
processors: [
msg1498,
select348,
select349,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106023:04"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup35,
dup4,
dup5,
dup27,
dup275,
]),
});
var msg1505 = match({
id: "MESSAGE#94:106023:02/0",
dissect: {
tokenizer: "Deny %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->}) by access-group %{p0->}",
field: "nwparser.payload",
},
});
var all368 = all_match({
processors: [
msg1505,
dup274,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106023:02"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup275,
]),
});
var select350 = linear_select([
all365,
all366,
all367,
all368,
]);
var msg1506 = match({
id: "MESSAGE#500:400003",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400003"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1507 = match({
id: "MESSAGE#1089:718015",
dissect: {
tokenizer: "Received HELLO request from [%{saddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718015"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received HELLO request"),
}),
]),
});
var msg1508 = match({
id: "MESSAGE#1130:720037",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720037"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1509 = match({
id: "MESSAGE#1257:746012",
dissect: {
tokenizer: "%{application->}: Add IP-User mapping %{saddr->} - %{domain->}\\%{username->} Succeeded - VPN user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("746012"),
}),
dup17,
dup106,
dup40,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VPN user logon"),
}),
dup144,
]),
});
var msg1510 = match({
id: "MESSAGE#1258:746012:01",
dissect: {
tokenizer: "%{application->}: Add IP-User mapping %{saddr->} - %{domain->}\\%{username->} %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("746012:01"),
}),
dup17,
dup106,
dup40,
dup4,
dup5,
dup2,
dup3,
dup144,
]),
});
var select351 = linear_select([
msg1509,
msg1510,
]);
var msg1511 = match({
id: "MESSAGE#387:321005",
dissect: {
tokenizer: "System CPU utilization reached %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup420,
set_field({
dest: "nwparser.msg_id1",
value: constant("321005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1512 = match({
id: "MESSAGE#509:400012",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400012"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1513 = match({
id: "MESSAGE#646:415013",
dissect: {
tokenizer: "%{sigid->} HTTP Transfer encoding violation detected - %{listnum->} %{protocol->} Transfer encoding not allowed from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415013"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Transfer encoding violation detected"),
}),
]),
});
var msg1514 = match({
id: "MESSAGE#647:415014",
dissect: {
tokenizer: "%{sigid->} Maximum of 10 unanswered HTTP requests exceeded from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("Maximum of 10 unanswered HTTP requests exceeded"),
}),
]),
});
var msg1515 = match({
id: "MESSAGE#675:500002",
dissect: {
tokenizer: "Java content modified src %{saddr->} dest %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("500002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1516 = match({
id: "MESSAGE#139:109016/0",
dissect: {
tokenizer: "Downloaded authorization access-list %{listnum->} not found for user %{p0->}",
field: "nwparser.payload",
},
});
var all369 = all_match({
processors: [
msg1516,
dup238,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109016"),
}),
dup65,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("access-list not found"),
}),
]),
});
var msg1517 = match({
id: "MESSAGE#140:109016:01/0",
dissect: {
tokenizer: "Can't find authorization ACL '%{listnum->}' on '%{interface->}' for user %{p0->}",
field: "nwparser.payload",
},
});
var all370 = all_match({
processors: [
msg1517,
dup238,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109016:01"),
}),
dup65,
dup87,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("authorization list not found for user"),
}),
]),
});
var select352 = linear_select([
all369,
all370,
]);
var msg1518 = match({
id: "MESSAGE#344:302304",
dissect: {
tokenizer: "Teardown %{protocol->} state-bypass connection %{connectionid->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302304"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Teardown state-bypass connection"),
}),
]),
});
var msg1519 = match({
id: "MESSAGE#448:322004",
dissect: {
tokenizer: "No management IP address configured for transparent firewall. %{result->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("322004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("No management IP address configured for transparent firewall"),
}),
]),
});
var msg1520 = match({
id: "MESSAGE#468:336010",
dissect: {
tokenizer: "%{group->}: %{fld1->} Neighbor %{saddr->} (%{interface->}) is %{event_state->}: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup375,
set_field({
dest: "nwparser.msg_id1",
value: constant("336010"),
}),
dup376,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Neighbor state change"),
}),
]),
});
var msg1521 = match({
id: "MESSAGE#212:199907",
dissect: {
tokenizer: "IP detected an attached application using port %{network_port->} while removing context",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199907"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("IP detected an attached application using port"),
}),
dup4,
dup5,
]),
});
var msg1522 = match({
id: "MESSAGE#733:605001",
dissect: {
tokenizer: "HTTP daemon interface %{interface->}: connection denied from %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("605001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1523 = match({
id: "MESSAGE#1281:713224",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Static Crypto Map Check by-passed: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("713224"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup8,
]),
});
var msg1524 = match({
id: "MESSAGE#114:108003",
dissect: {
tokenizer: "Bad Checksum in %{network_service->} command",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108003"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Bad Checksum"),
}),
dup4,
dup5,
]),
});
var msg1525 = match({
id: "MESSAGE#115:108003:01/0",
dissect: {
tokenizer: "Terminating %{network_service->} connection; malicious pattern detected in the %{space->} mail address from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}. %{p0->}",
field: "nwparser.payload",
},
});
var msg1526 = match({
id: "MESSAGE#115:108003:01/2",
dissect: {
tokenizer: "Mail Address%{p1->}",
field: "nwparser.p0",
},
});
var msg1527 = match({
id: "MESSAGE#115:108003:01/2",
dissect: {
tokenizer: "Data%{p1->}",
field: "nwparser.p0",
},
});
var select353 = linear_select([
msg1526,
msg1527,
]);
var msg1528 = match({
id: "MESSAGE#115:108003:01/2",
dissect: {
tokenizer: "%{->}:%{result->}",
field: "nwparser.p1",
},
});
var all371 = all_match({
processors: [
msg1525,
select353,
msg1528,
],
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108003:01"),
}),
set_field({
dest: "nwparser.ec_subject",
value: constant("EmailAddress"),
}),
dup99,
dup320,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Connection terminated"),
}),
set_field({
dest: "nwparser.event_description",
value: constant("Malicious pattern detected in mail address"),
}),
]),
});
var select354 = linear_select([
msg1524,
all371,
]);
var msg1529 = match({
id: "MESSAGE#557:402106",
dissect: {
tokenizer: "Rec'd packet not an IPSEC packet %{space->} (ip) dest_addr= %{daddr->}, src_addr= %{saddr->}, prot= %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402106"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup409,
]),
});
var msg1530 = match({
id: "MESSAGE#1118:720020",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720020"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1531 = match({
id: "MESSAGE#288:302009:01/0",
dissect: {
tokenizer: "Rebuilt %{protocol->} connection %{connectionid->} for f%{p0->}",
field: "nwparser.payload",
},
});
var all372 = all_match({
processors: [
msg1531,
dup450,
dup451,
dup452,
dup453,
dup454,
dup455,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302009:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup456,
]),
});
var msg1532 = match({
id: "MESSAGE#289:302009/0",
dissect: {
tokenizer: "Rebuild connection for f%{p0->}",
field: "nwparser.payload",
},
});
var all373 = all_match({
processors: [
msg1532,
dup450,
dup451,
dup452,
dup453,
dup454,
dup455,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302009"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup456,
]),
});
var select355 = linear_select([
all372,
all373,
]);
var msg1533 = match({
id: "MESSAGE#613:409011",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409011"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1534 = match({
id: "MESSAGE#1091:718021",
dissect: {
tokenizer: "Sent KEEPALIVE response to [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718021"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sent KEEPALIVE response"),
}),
]),
});
var msg1535 = match({
id: "MESSAGE#334:302022",
dissect: {
tokenizer: "Built IP protocol %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->} (%{stransaddr->}) to %{dinterface->}:%{daddr->} (%{dtransaddr->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302022"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var msg1536 = match({
id: "MESSAGE#335:302022:01/2",
dissect: {
tokenizer: "%{->}stub %{protocol->} connection for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.p1",
},
});
var all374 = all_match({
processors: [
dup307,
dup443,
msg1536,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302022:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var select356 = linear_select([
msg1535,
all374,
]);
var msg1537 = match({
id: "MESSAGE#845:710004",
dissect: {
tokenizer: "%{protocol->} connection limit exceeded from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("710004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("connection limit exceeded"),
}),
]),
});
var msg1538 = match({
id: "MESSAGE#1175:722047",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Tunnel terminated: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722047"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel terminated"),
}),
]),
});
var msg1539 = match({
id: "MESSAGE#852:713014",
dissect: {
tokenizer: "IP = %{daddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713014"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1540 = match({
id: "MESSAGE#1271:752002",
dissect: {
tokenizer: "Tunnel Manager Removed entry. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752002"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel Manager Removed entry"),
}),
]),
});
var msg1541 = match({
id: "MESSAGE#259:212006",
dissect: {
tokenizer: "Dropping %{protocol->} request from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} because: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("212006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dropping SNMP request"),
}),
]),
});
var msg1542 = match({
id: "MESSAGE#478:338008/2",
dissect: {
tokenizer: "ilter dropped blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{fld3->}/%{mask->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all375 = all_match({
processors: [
dup183,
dup184,
msg1542,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338008"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1543 = match({
id: "MESSAGE#491:338305",
dissect: {
tokenizer: "Failed to download dynamic filter data file from updater server %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup338,
set_field({
dest: "nwparser.msg_id1",
value: constant("338305"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1544 = match({
id: "MESSAGE#741:606002/2",
dissect: {
tokenizer: "DM session number %{sessionid->} from %{hostip->} ended",
field: "nwparser.p1",
},
});
var all376 = all_match({
processors: [
dup44,
dup426,
msg1544,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("606002"),
}),
dup43,
dup137,
dup102,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PDM/ASDM session ended"),
}),
]),
});
var msg1545 = match({
id: "MESSAGE#278:302004/4",
dissect: {
tokenizer: "%{->} %{saddr->}/%{sport->} to l%{p4->}",
field: "nwparser.p3",
},
});
var all377 = all_match({
processors: [
dup114,
dup115,
dup457,
dup458,
msg1545,
dup454,
dup455,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302004"),
}),
dup42,
dup43,
dup3,
dup40,
dup4,
dup5,
dup116,
]),
});
var msg1546 = match({
id: "MESSAGE#279:302004:01/4",
dissect: {
tokenizer: "%{->} %{saddr->} to l%{p4->}",
field: "nwparser.p3",
},
});
var msg1547 = match({
id: "MESSAGE#279:302004:01/6",
dissect: {
tokenizer: "%{->} %{p6->}",
field: "nwparser.p5",
},
});
var msg1548 = match({
id: "MESSAGE#279:302004:01/7",
dissect: {
tokenizer: "%{daddr->}/%{dport->} ",
field: "nwparser.p6",
},
});
var msg1549 = match({
id: "MESSAGE#279:302004:01/7",
dissect: {
tokenizer: "%{daddr->} ",
field: "nwparser.p6",
},
});
var select357 = linear_select([
msg1548,
msg1549,
]);
var all378 = all_match({
processors: [
dup114,
dup115,
dup457,
dup458,
msg1546,
dup454,
msg1547,
select357,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302004:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup3,
dup4,
dup5,
dup116,
]),
});
var select358 = linear_select([
all377,
all378,
]);
var msg1550 = match({
id: "MESSAGE#701:506001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("506001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1551 = match({
id: "MESSAGE#1052:716038/2",
dissect: {
tokenizer: "Authentication: successful, group =%{p1->}",
field: "nwparser.p0",
},
});
var msg1552 = match({
id: "MESSAGE#1052:716038/2",
dissect: {
tokenizer: "Group%{p1->}",
field: "nwparser.p0",
},
});
var select359 = linear_select([
msg1551,
msg1552,
]);
var msg1553 = match({
id: "MESSAGE#1052:716038/2",
dissect: {
tokenizer: "%{->}\u003c\u003c%{group->}> %{p2->}",
field: "nwparser.p1",
},
});
var msg1554 = match({
id: "MESSAGE#1052:716038/4",
dissect: {
tokenizer: "user =%{p3->}",
field: "nwparser.p2",
},
});
var select360 = linear_select([
dup448,
msg1554,
]);
var msg1555 = match({
id: "MESSAGE#1052:716038/6",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP %{p5->}",
field: "nwparser.p4",
},
});
var msg1556 = match({
id: "MESSAGE#1052:716038/6",
dissect: {
tokenizer: "'%{username->}' IP %{p5->}",
field: "nwparser.p4",
},
});
var msg1557 = match({
id: "MESSAGE#1052:716038/6",
dissect: {
tokenizer: "%{username->} IP %{p5->}",
field: "nwparser.p4",
},
});
var select361 = linear_select([
msg1555,
msg1556,
msg1557,
]);
var msg1558 = match({
id: "MESSAGE#1052:716038/7",
dissect: {
tokenizer: "= \u003c\u003c%{saddr->}> %{p7->}",
field: "nwparser.p6",
},
});
var msg1559 = match({
id: "MESSAGE#1052:716038/9",
dissect: {
tokenizer: "%{space->}Authentication: successful%{p8->}",
field: "nwparser.p7",
},
});
var select362 = linear_select([
msg1559,
]);
var msg1560 = match({
id: "MESSAGE#1052:716038/9",
dissect: {
tokenizer: ", Session Type : %{network_service->}",
field: "nwparser.p8",
},
});
var all379 = all_match({
processors: [
dup44,
select359,
msg1553,
select360,
dup120,
select361,
dup254,
msg1558,
select362,
msg1560,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("716038"),
}),
dup18,
dup17,
dup99,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1561 = match({
id: "MESSAGE#1191:725006:01",
dissect: {
tokenizer: "Device failed SSL handshake with client %{interface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup459,
set_field({
dest: "nwparser.msg_id1",
value: constant("725006:01"),
}),
dup2,
dup3,
dup460,
dup4,
dup5,
]),
});
var msg1562 = match({
id: "MESSAGE#1192:725006",
dissect: {
tokenizer: "Device failed SSL handshake with %{interface->}:%{hostip->}/%{network_port->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup459,
set_field({
dest: "nwparser.msg_id1",
value: constant("725006"),
}),
dup2,
dup3,
dup460,
dup4,
dup5,
]),
});
var select363 = linear_select([
msg1561,
msg1562,
]);
var msg1563 = match({
id: "MESSAGE#72:106011",
dissect: {
tokenizer: "Deny %{direction->} (No xlate) protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106011"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1564 = match({
id: "MESSAGE#73:106011:01",
dissect: {
tokenizer: "Deny %{direction->} (No xlate) %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106011:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1565 = match({
id: "MESSAGE#74:106011:02",
dissect: {
tokenizer: "Deny %{direction->} (No xlate) %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106011:02"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg1566 = match({
id: "MESSAGE#75:106011:03",
dissect: {
tokenizer: "Deny %{direction->} (No xlate)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106011:03"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select364 = linear_select([
msg1563,
msg1564,
msg1565,
msg1566,
]);
var msg1567 = match({
id: "MESSAGE#628:413002",
dissect: {
tokenizer: "Module in slot%{fld1->}is not able to reload.%{space->}Module Error:%{fld2->} %{data->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("413002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1568 = match({
id: "MESSAGE#1073:717022",
dissect: {
tokenizer: "Certificate was successfully validated. %{result->} serial number: %{serial_number->}, subject name: %{cert_subject->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup292,
set_field({
dest: "nwparser.msg_id1",
value: constant("717022"),
}),
dup293,
dup38,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Certificate successfully validated"),
}),
]),
});
var msg1569 = match({
id: "MESSAGE#205:199004",
dissect: {
tokenizer: "PIX clear config %{fld1->} from %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("clear config"),
}),
]),
});
var msg1570 = match({
id: "MESSAGE#566:402125",
dissect: {
tokenizer: "CRYPTO: The %{product->} timed out (%{info->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup355,
set_field({
dest: "nwparser.msg_id1",
value: constant("402125"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("hardware accelerator Ipsec ring timed out"),
}),
]),
});
var msg1571 = match({
id: "MESSAGE#846:710005",
dissect: {
tokenizer: "%{protocol->} request discarded from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("710005"),
}),
dup42,
dup43,
dup99,
dup2,
dup35,
dup4,
dup5,
dup27,
dup271,
]),
});
var msg1572 = match({
id: "MESSAGE#865:713048/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , Error processing payload: Payload ID: %{p1->}",
field: "nwparser.p0",
},
});
var msg1573 = match({
id: "MESSAGE#865:713048/2",
dissect: {
tokenizer: "IP = %{saddr->} , Error processing payload: Payload ID: %{p1->}",
field: "nwparser.p0",
},
});
var select365 = linear_select([
msg1572,
msg1573,
]);
var all380 = all_match({
processors: [
dup44,
select365,
dup316,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713048"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Error processing payload"),
}),
]),
});
var msg1574 = match({
id: "MESSAGE#323:302018",
dissect: {
tokenizer: "Teardown GRE connection %{connectionid->} from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("302018"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
set_field({
dest: "nwparser.protocol",
value: constant("GRE"),
}),
]),
});
var msg1575 = match({
id: "MESSAGE#766:611310",
dissect: {
tokenizer: "VPNClient: XAUTH Succeeded: Peer: %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("611310"),
}),
dup7,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("XAUTH Succeeded"),
}),
]),
});
var msg1576 = match({
id: "MESSAGE#1205:726001",
dissect: {
tokenizer: "Inspected %{im_client->} %{info->} Session between Client %{im_userid->} and %{im_buddyid->} Packet flow from %{sinterface->}:/%{saddr->}/%{sport->} to %{dinterface->}:/%{daddr->}/%{dport->} Action: %{action->} Matched Class %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("726001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1577 = match({
id: "MESSAGE#1111:720002",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720002"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1578 = match({
id: "MESSAGE#1159:722020/0",
dissect: {
tokenizer: "TunnelGroup \u003c\u003c %{group_object->} > GroupPolicy \u003c\u003c %{group->} > User %{p0->}",
field: "nwparser.payload",
},
});
var msg1579 = match({
id: "MESSAGE#1159:722020/2",
dissect: {
tokenizer: "%{saddr->} (%{fld2->}) > No address available for SVC connection",
field: "nwparser.p1",
},
});
var msg1580 = match({
id: "MESSAGE#1159:722020/2",
dissect: {
tokenizer: "%{saddr->} > No address available for SVC connection",
field: "nwparser.p1",
},
});
var select366 = linear_select([
msg1579,
msg1580,
]);
var all381 = all_match({
processors: [
msg1578,
dup182,
select366,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("722020"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("No address available for SVC connection"),
}),
]),
});
var msg1581 = match({
id: "MESSAGE#535:400038",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400038"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1582 = match({
id: "MESSAGE#744:607001",
dissect: {
tokenizer: "Pre-allocate SIP %{fld1->} secondary channel for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->} from %{info->} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("607001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1583 = match({
id: "MESSAGE#757:611301",
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with no split %{space->} tunneling: NAT addr: %{stransaddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611301"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup127,
]),
});
var msg1584 = match({
id: "MESSAGE#763:611307",
dissect: {
tokenizer: "VPNClient: Head end : %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("611307"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1585 = match({
id: "MESSAGE#1139:720048",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720048"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1586 = match({
id: "MESSAGE#1255:746002",
dissect: {
tokenizer: "%{application->}: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746002"),
}),
dup3,
]),
});
var msg1587 = match({
id: "MESSAGE#113:108002",
dissect: {
tokenizer: "SMTP replaced %{fld1->}: out %{saddr->} in %{daddr->} data: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1588 = match({
id: "MESSAGE#231:202003",
dissect: {
tokenizer: "Could not build translation for %{saddr->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("202003"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1589 = match({
id: "MESSAGE#538:400041",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400041"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1590 = match({
id: "MESSAGE#781:612002/0",
dissect: {
tokenizer: "Auto Update failed: %{p0->}",
field: "nwparser.payload",
},
});
var msg1591 = match({
id: "MESSAGE#781:612002/2",
dissect: {
tokenizer: "'%{username->}' , version:%{p1->}",
field: "nwparser.p0",
},
});
var msg1592 = match({
id: "MESSAGE#781:612002/2",
dissect: {
tokenizer: "%{username->} , version:%{p1->}",
field: "nwparser.p0",
},
});
var select367 = linear_select([
msg1591,
msg1592,
]);
var msg1593 = match({
id: "MESSAGE#781:612002/2",
dissect: {
tokenizer: "%{version->}, reason:%{result->}",
field: "nwparser.p1",
},
});
var all382 = all_match({
processors: [
msg1590,
select367,
msg1593,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("612002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1594 = match({
id: "MESSAGE#428:318001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("318001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1595 = match({
id: "MESSAGE#1070:717009/0",
dissect: {
tokenizer: "%{event_description->} serial number: %{serial_number->}, subject name: %{cert_subject->}, issuer name: %{dn->}",
field: "nwparser.payload",
},
});
var select368 = linear_select([
msg1595,
dup141,
]);
var all383 = all_match({
processors: [
select368,
],
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717009"),
}),
dup11,
dup293,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1596 = match({
id: "MESSAGE#1129:720036",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720036"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1597 = match({
id: "MESSAGE#662:421004",
dissect: {
tokenizer: "Failed to inject TCP packet from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("421004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("failed to inject TCP packet"),
}),
]),
});
var msg1598 = match({
id: "MESSAGE#730:604102",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604102"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1599 = match({
id: "MESSAGE#880:713076/1",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->} , %{p0->}",
field: "nwparser.payload",
},
});
var msg1600 = match({
id: "MESSAGE#880:713076/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var select369 = linear_select([
msg1599,
msg1600,
]);
var msg1601 = match({
id: "MESSAGE#880:713076/1",
dissect: {
tokenizer: "%{event_description->} from %{fld1->} to %{fld2->} kbs ",
field: "nwparser.p0",
},
});
var select370 = linear_select([
msg1601,
dup304,
]);
var all384 = all_match({
processors: [
select369,
select370,
],
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713076"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1602 = match({
id: "MESSAGE#1055:716041",
dissect: {
tokenizer: "access-list %{listnum->} permit url %{url->} hit-cnt %{dclass_counter1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("716041"),
}),
dup2,
dup3,
dup4,
dup5,
dup203,
set_field({
dest: "nwparser.result",
value: constant("access-list permit url"),
}),
]),
});
var msg1603 = match({
id: "MESSAGE#588:405001/0",
dissect: {
tokenizer: "%{event_description->} from %{saddr->}/%{smacaddr->} on interface inside with existing ARP entry %{fld1->}/%{fld2->} ",
field: "nwparser.payload",
},
});
var select371 = linear_select([
msg1603,
dup141,
]);
var all385 = all_match({
processors: [
select371,
],
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("405001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1604 = match({
id: "MESSAGE#793:617002/0",
dissect: {
tokenizer: "Removing v1 %{p0->}",
field: "nwparser.payload",
},
});
var msg1605 = match({
id: "MESSAGE#793:617002/2",
dissect: {
tokenizer: "prim%{p1->}",
field: "nwparser.p0",
},
});
var msg1606 = match({
id: "MESSAGE#793:617002/2",
dissect: {
tokenizer: "second%{p1->}",
field: "nwparser.p0",
},
});
var select372 = linear_select([
msg1605,
msg1606,
]);
var msg1607 = match({
id: "MESSAGE#793:617002/2",
dissect: {
tokenizer: "ary PDP Context with TID %{fld1->} from GGSN %{fld2->} and SGSN %{fld3->}, Reason: %{event_description->}",
field: "nwparser.p1",
},
});
var all386 = all_match({
processors: [
msg1604,
select372,
msg1607,
],
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("617002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1608 = match({
id: "MESSAGE#794:617002:01",
dissect: {
tokenizer: "Removing v1 PDP Context with TID %{fld1->} from GGSN %{fld2->} and SGSN %{fld3->}, Reason: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("617002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select373 = linear_select([
all386,
msg1608,
]);
var msg1609 = match({
id: "MESSAGE#893:713128",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713128"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup461,
]),
});
var msg1610 = match({
id: "MESSAGE#894:713128:01",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("713128:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup461,
]),
});
var select374 = linear_select([
msg1609,
msg1610,
]);
var msg1611 = match({
id: "MESSAGE#268:216005",
dissect: {
tokenizer: "%{severity->}: Duplex-mismatch on %{service->} resulted in transmitter lockup. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("216005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant(" Duplex-mismatch resulted in transmitter lockup."),
}),
]),
});
var msg1612 = match({
id: "MESSAGE#522:400025",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400025"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1613 = match({
id: "MESSAGE#528:400031",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400031"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1614 = match({
id: "MESSAGE#574:403106",
dissect: {
tokenizer: "PPP virtual interface %{interface->} requires RADIUS for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403106"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1615 = match({
id: "MESSAGE#54:105045/0",
dissect: {
tokenizer: "(%{context->}) Mate license (%{fld1->} %{p0->}",
field: "nwparser.payload",
},
});
var msg1616 = match({
id: "MESSAGE#54:105045/2",
dissect: {
tokenizer: "Contexts%{p1->}",
field: "nwparser.p0",
},
});
var msg1617 = match({
id: "MESSAGE#54:105045/2",
dissect: {
tokenizer: "contexts%{p1->}",
field: "nwparser.p0",
},
});
var msg1618 = match({
id: "MESSAGE#54:105045/2",
dissect: {
tokenizer: "Enabled%{p1->}",
field: "nwparser.p0",
},
});
var select375 = linear_select([
msg1616,
msg1617,
msg1618,
]);
var msg1619 = match({
id: "MESSAGE#54:105045/2",
dissect: {
tokenizer: "%{->}) is not compatible with my license (%{fld2->} %{p2->}",
field: "nwparser.p1",
},
});
var msg1620 = match({
id: "MESSAGE#54:105045/4",
dissect: {
tokenizer: "Contexts%{p3->}",
field: "nwparser.p2",
},
});
var msg1621 = match({
id: "MESSAGE#54:105045/4",
dissect: {
tokenizer: "contexts%{p3->}",
field: "nwparser.p2",
},
});
var msg1622 = match({
id: "MESSAGE#54:105045/4",
dissect: {
tokenizer: "Disabled%{p3->}",
field: "nwparser.p2",
},
});
var select376 = linear_select([
msg1620,
msg1621,
msg1622,
]);
var msg1623 = match({
id: "MESSAGE#54:105045/4",
dissect: {
tokenizer: "%{->}).",
field: "nwparser.p3",
},
});
var all387 = all_match({
processors: [
msg1615,
select375,
msg1619,
select376,
msg1623,
],
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("105045"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Mate license is not compatible"),
}),
]),
});
var msg1624 = match({
id: "MESSAGE#1005:715033",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Processing CONNECTED notify (MsgId %{fld1->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("715033"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg1625 = match({
id: "MESSAGE#699:505014",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->}, application down \"%{application->}\", %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("505014"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1626 = match({
id: "MESSAGE#875:713072/2",
dissect: {
tokenizer: "%{saddr->}, Password for user (%{fld1->}) too long, %{info->}",
field: "nwparser.p1",
},
});
var all388 = all_match({
processors: [
dup22,
dup23,
msg1626,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402040101"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("713072"),
}),
dup7,
dup17,
set_field({
dest: "nwparser.ec_theme",
value: constant("Password"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Password for user "),
}),
]),
});
var all389 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713199"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1627 = match({
id: "MESSAGE#1131:720038",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->} (function=%{fld1->}, line=%{fld2->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720038"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1628 = match({
id: "MESSAGE#4:101005",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1629 = match({
id: "MESSAGE#177:113001:01/0",
dissect: {
tokenizer: "Unable to open AAA session. Session limit %{p0->}",
field: "nwparser.payload",
},
});
var msg1630 = match({
id: "MESSAGE#177:113001:01/2",
dissect: {
tokenizer: "%{fld1->} %{p1->}",
field: "nwparser.p0",
},
});
var select377 = linear_select([
msg1630,
]);
var msg1631 = match({
id: "MESSAGE#177:113001:01/2",
dissect: {
tokenizer: "reached. %{->}",
field: "nwparser.p1",
},
});
var all390 = all_match({
processors: [
msg1629,
select377,
msg1631,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("113001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Session limit reached"),
}),
]),
});
var msg1632 = match({
id: "MESSAGE#178:113001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("113001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select378 = linear_select([
all390,
msg1632,
]);
var msg1633 = match({
id: "MESSAGE#348:303003",
dissect: {
tokenizer: "FTP %{action->} command denied, terminating connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("303003"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("command denied"),
}),
]),
});
var msg1634 = match({
id: "MESSAGE#570:403101",
dissect: {
tokenizer: "PPTP session state not established, but received an XGRE packet, tunnel_id=%{fld1->}, session_id=%{sessionid->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("403101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1635 = match({
id: "MESSAGE#1253:742004",
dissect: {
tokenizer: "failed to sync master key for password encryption, reason=%{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("742004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("failed to sync master key for password encryption"),
}),
]),
});
var msg1636 = match({
id: "MESSAGE#908:713147",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{result->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713147"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup428,
]),
});
var msg1637 = match({
id: "MESSAGE#941:713229",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713229"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Notification to client of update string"),
}),
]),
});
var msg1638 = match({
id: "MESSAGE#443:321003",
dissect: {
tokenizer: "Resource %{fld1->} log level of %{fld2->} reached.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("321003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1639 = match({
id: "MESSAGE#529:400032",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400032"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1640 = match({
id: "MESSAGE#795:617003",
dissect: {
tokenizer: "GTP Tunnel created from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("617003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("GTP tunnel created"),
}),
]),
});
var msg1641 = match({
id: "MESSAGE#903:713137/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} [%{fld1->}]",
field: "nwparser.p1",
},
});
var all391 = all_match({
processors: [
dup22,
dup23,
msg1641,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713137"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1642 = match({
id: "MESSAGE#904:713137:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} refCnt [%{fld1->}] and tunnelCnt [%{fld2->}] -- deleting SA!",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713137:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select379 = linear_select([
all391,
msg1642,
]);
var msg1643 = match({
id: "MESSAGE#808:702203:01/2",
dissect: {
tokenizer: "%{->}out (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all392 = all_match({
processors: [
dup462,
dup89,
msg1643,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702203:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup463,
]),
});
var msg1644 = match({
id: "MESSAGE#809:702203/2",
dissect: {
tokenizer: "%{->}out (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all393 = all_match({
processors: [
dup462,
dup89,
msg1644,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702203"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup463,
]),
});
var select380 = linear_select([
all392,
all393,
]);
var msg1645 = match({
id: "MESSAGE#1277:752016/0",
dissect: {
tokenizer: "IKEv%{p0->}",
field: "nwparser.payload",
},
});
var msg1646 = match({
id: "MESSAGE#1277:752016/2",
dissect: {
tokenizer: "1%{p1->}",
field: "nwparser.p0",
},
});
var msg1647 = match({
id: "MESSAGE#1277:752016/2",
dissect: {
tokenizer: "2%{p1->}",
field: "nwparser.p0",
},
});
var select381 = linear_select([
msg1646,
msg1647,
]);
var msg1648 = match({
id: "MESSAGE#1277:752016/2",
dissect: {
tokenizer: "%{->}was successful at setting up a tunnel. Map Tag = %{fld1->}. Map Sequence Number = %{fld2->}.",
field: "nwparser.p1",
},
});
var all394 = all_match({
processors: [
msg1645,
select381,
msg1648,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752016"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1649 = match({
id: "MESSAGE#29:105004",
dissect: {
tokenizer: "(%{context->}) Monitoring on interface %{interface->} normal",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("105004"),
}),
dup2,
dup3,
dup4,
dup5,
dup464,
]),
});
var msg1650 = match({
id: "MESSAGE#396:308001/2",
dissect: {
tokenizer: "FWSM c%{p1->}",
field: "nwparser.p0",
},
});
var msg1651 = match({
id: "MESSAGE#396:308001/2",
dissect: {
tokenizer: "PIX c%{p1->}",
field: "nwparser.p0",
},
});
var select382 = linear_select([
msg1650,
msg1651,
dup344,
]);
var msg1652 = match({
id: "MESSAGE#396:308001/2",
dissect: {
tokenizer: "onsole enable password incorrect for %{fld1->} tries (from %{hostip->})",
field: "nwparser.p1",
},
});
var all395 = all_match({
processors: [
dup44,
select382,
msg1652,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("308001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("enable password incorrect - multiple tries"),
}),
]),
});
var msg1653 = match({
id: "MESSAGE#430:318003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("318003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1654 = match({
id: "MESSAGE#452:323006/0",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->} experienced a data channel communication failure, data channel is DOWN",
field: "nwparser.payload",
},
});
var msg1655 = match({
id: "MESSAGE#452:323006/0",
dissect: {
tokenizer: "Module ips experienced a data channel communication failure, data channel is DOWN%{->}",
field: "nwparser.payload",
},
});
var select383 = linear_select([
msg1654,
msg1655,
]);
var all396 = all_match({
processors: [
select383,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("323006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("data channel communication failure - data channel is DOWN"),
}),
]),
});
var msg1656 = match({
id: "MESSAGE#1088:718010",
dissect: {
tokenizer: "Sent HELLO response to [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718010"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sent HELLO response"),
}),
]),
});
var msg1657 = match({
id: "MESSAGE#1140:720049",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720049"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select384 = linear_select([
dup465,
dup466,
]);
var msg1658 = match({
id: "MESSAGE#1284:713171/2",
dissect: {
tokenizer: "%{saddr->}, %{result->}",
field: "nwparser.p1",
},
});
var all397 = all_match({
processors: [
dup9,
select384,
msg1658,
],
on_success: processor_chain([
dup95,
set_field({
dest: "nwparser.msg_id1",
value: constant("713171"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1659 = match({
id: "MESSAGE#214:199909",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199909"),
}),
dup2,
dup3,
dup4,
dup5,
dup259,
]),
});
var msg1660 = match({
id: "MESSAGE#937:713223",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Static Crypto Map check, map = %{fld1->}, seq = %{fld2->}, no ACL configured",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713223"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check - no ACL configured"),
}),
]),
});
var msg1661 = match({
id: "MESSAGE#982:714003",
dissect: {
tokenizer: "IP = %{saddr->}, %{action->}: msg id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714003"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1662 = match({
id: "MESSAGE#1104:718058",
dissect: {
tokenizer: "State machine return code: %{result->}, %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718058"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("State machine return code"),
}),
]),
});
var msg1663 = match({
id: "MESSAGE#1135:720042/0",
dissect: {
tokenizer: "(VPN-%{context->}) Receiving %{obj_type->} message %{p0->}",
field: "nwparser.payload",
},
});
var msg1664 = match({
id: "MESSAGE#1135:720042/1",
dissect: {
tokenizer: "(%{info->}) from active unit",
field: "nwparser.p0",
},
});
var msg1665 = match({
id: "MESSAGE#1135:720042/1",
dissect: {
tokenizer: "%{info->} from active unit",
field: "nwparser.p0",
},
});
var select385 = linear_select([
msg1664,
msg1665,
]);
var all398 = all_match({
processors: [
msg1663,
select385,
],
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720042"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1666 = match({
id: "MESSAGE#1160:722022/4",
dissect: {
tokenizer: "SVC connection established with%{p4->}",
field: "nwparser.p3",
},
});
var msg1667 = match({
id: "MESSAGE#1160:722022/6",
dissect: {
tokenizer: "%{->} %{obj_type->} compression",
field: "nwparser.p5",
},
});
var all399 = all_match({
processors: [
dup77,
dup182,
dup267,
dup268,
msg1666,
dup270,
msg1667,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("722022"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup444,
]),
});
var msg1668 = match({
id: "MESSAGE#1236:737012",
dissect: {
tokenizer: "%{process->}: Address assignment failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737012"),
}),
dup4,
dup5,
dup2,
dup3,
dup467,
]),
});
var msg1669 = match({
id: "MESSAGE#1237:737012:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Address assignment failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("737012:01"),
}),
dup4,
dup5,
dup2,
dup3,
dup467,
]),
});
var select386 = linear_select([
msg1668,
msg1669,
]);
var msg1670 = match({
id: "MESSAGE#13:120011",
dissect: {
tokenizer: "To ensure Smart Call Home can properly communicate with Cisco, use the command \"%{action->}\" to configure at least one DNS server.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120011"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1671 = match({
id: "MESSAGE#511:400014",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400014"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1672 = match({
id: "MESSAGE#520:400023",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400023"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1673 = match({
id: "MESSAGE#942:713231",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Internal Error, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713231"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1674 = match({
id: "MESSAGE#562:402119/2",
dissect: {
tokenizer: "%{daddr->} that failed anti-replay checking.",
field: "nwparser.p1",
},
});
var all400 = all_match({
processors: [
dup312,
dup313,
msg1674,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402119"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESP packet that failed anti-replay checking"),
}),
dup56,
]),
});
var msg1675 = match({
id: "MESSAGE#639:415007",
dissect: {
tokenizer: "%{sigid->} HTTP Extension method illegal - %{listnum->} '%{protocol->}' from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Extension method illegal"),
}),
]),
});
var all401 = all_match({
processors: [
dup79,
dup273,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715022"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1676 = match({
id: "MESSAGE#1110:718073",
dissect: {
tokenizer: "Becoming slave of Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718073"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Becoming slave of Load Balancing"),
}),
]),
});
var msg1677 = match({
id: "MESSAGE#141:109017",
dissect: {
tokenizer: "User at %{saddr->} exceeded auth proxy connection limit (max %{fld2->})",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1301010000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("109017"),
}),
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1678 = match({
id: "MESSAGE#200:113039",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> AnyConnect parent session started",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("113039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect parent session started"),
}),
]),
});
var msg1679 = match({
id: "MESSAGE#342:302302",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("302302"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1680 = match({
id: "MESSAGE#357:304005",
dissect: {
tokenizer: "URL Server %{hostip->} request pending URL %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup406,
set_field({
dest: "nwparser.msg_id1",
value: constant("304005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1681 = match({
id: "MESSAGE#353:304002",
dissect: {
tokenizer: "Access denied URL %{url->} SRC %{saddr->} DEST %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("304002"),
}),
dup2,
dup3,
dup4,
dup5,
dup70,
dup71,
dup72,
dup73,
]),
});
var msg1682 = match({
id: "MESSAGE#354:304002:01",
dissect: {
tokenizer: "Access denied URL %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("304002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup70,
dup71,
dup72,
dup73,
]),
});
var select387 = linear_select([
msg1681,
msg1682,
]);
var msg1683 = match({
id: "MESSAGE#1106:718062",
dissect: {
tokenizer: "%{direction->} thread is awake (context=%{context->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718062"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("thread is awake"),
}),
]),
});
var msg1684 = match({
id: "MESSAGE#1180:722053/0",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Unknown client \u003c\u003c%{p0->}",
field: "nwparser.payload",
},
});
var msg1685 = match({
id: "MESSAGE#1180:722053/2",
dissect: {
tokenizer: "%{application->} for %{product->} %{p1->}",
field: "nwparser.p0",
},
});
var msg1686 = match({
id: "MESSAGE#1180:722053/2",
dissect: {
tokenizer: "%{application->} %{product->} %{p1->}",
field: "nwparser.p0",
},
});
var select388 = linear_select([
msg1685,
msg1686,
]);
var msg1687 = match({
id: "MESSAGE#1180:722053/2",
dissect: {
tokenizer: "%{version->}> connection",
field: "nwparser.p1",
},
});
var all402 = all_match({
processors: [
msg1684,
select388,
msg1687,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("722053"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unknown client connection"),
}),
]),
});
var msg1688 = match({
id: "MESSAGE#1289:746016",
dissect: {
tokenizer: "user-identity: DNS lookup for %{web_domain->} failed, reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746016"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("DNS lookup failed"),
}),
]),
});
var msg1689 = match({
id: "MESSAGE#991:715001/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, Username = '%{username->}', IP = %{saddr->},%{p0->}",
field: "nwparser.payload",
},
});
var msg1690 = match({
id: "MESSAGE#991:715001/1",
dissect: {
tokenizer: "%{->}IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var select389 = linear_select([
msg1689,
dup341,
msg1690,
]);
var all403 = all_match({
processors: [
select389,
dup468,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715001"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1691 = match({
id: "MESSAGE#1270:751025",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Group:%{group->} IPv4 Address=%{stransaddr->} IPv6 address=%{hostip_v6->} assigned to session",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("751025"),
}),
dup2,
dup3,
dup4,
dup5,
dup434,
]),
});
var msg1692 = match({
id: "MESSAGE#153:109029/0",
dissect: {
tokenizer: "Parsing downloaded ACL: WARNING: %{p0->}",
field: "nwparser.payload",
},
});
var msg1693 = match({
id: "MESSAGE#153:109029/2",
dissect: {
tokenizer: "\u003c\u003c%{listnum->}> %{p1->}",
field: "nwparser.p0",
},
});
var msg1694 = match({
id: "MESSAGE#153:109029/2",
dissect: {
tokenizer: "'%{listnum->}' %{p1->}",
field: "nwparser.p0",
},
});
var msg1695 = match({
id: "MESSAGE#153:109029/2",
dissect: {
tokenizer: "%{listnum->} %{p1->}",
field: "nwparser.p0",
},
});
var select390 = linear_select([
msg1693,
msg1694,
msg1695,
]);
var all404 = all_match({
processors: [
msg1692,
select390,
dup173,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109029"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1696 = match({
id: "MESSAGE#154:109029:01",
dissect: {
tokenizer: "Parsing downloaded ACL: ERROR: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109029:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select391 = linear_select([
all404,
msg1696,
]);
var msg1697 = match({
id: "MESSAGE#228:201011",
dissect: {
tokenizer: "Connection limit exceeded %{fld1->}/%{fld2->} for %{direction->} packet from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Connection limit exceeded"),
}),
]),
});
var msg1698 = match({
id: "MESSAGE#534:400037",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400037"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1699 = match({
id: "MESSAGE#717:602302",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("602302"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1700 = match({
id: "MESSAGE#446:322002",
dissect: {
tokenizer: "ARP inspection check failed for arp request received from host %{smacaddr->} on interface %{interface->}.%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("322002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1701 = match({
id: "MESSAGE#1010:715038/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} %{p1->}",
field: "nwparser.p0",
},
});
var select392 = linear_select([
msg1701,
dup45,
dup46,
]);
var msg1702 = match({
id: "MESSAGE#1010:715038/2",
dissect: {
tokenizer: "%{event_description->} (version: %{version->}, capabilities: %{fld1->})",
field: "nwparser.p1",
},
});
var all405 = all_match({
processors: [
dup44,
select392,
msg1702,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715038"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1703 = match({
id: "MESSAGE#290:302010",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302010"),
}),
dup4,
dup5,
dup2,
dup3,
]),
});
var msg1704 = match({
id: "MESSAGE#665:444005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("444005"),
}),
set_field({
dest: "nwparser.ec_subject",
value: constant("License"),
}),
dup42,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Temporary license key will expire in 365 days"),
}),
]),
});
var msg1705 = match({
id: "MESSAGE#1128:720035",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("720035"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1706 = match({
id: "MESSAGE#1185:725001:01/2",
dissect: {
tokenizer: "%{->} %{sinterface->}:%{saddr->}/%{sport->}to%{daddr->}/%{dport->}for %{version->} session",
field: "nwparser.p1",
},
});
var all406 = all_match({
processors: [
dup469,
dup470,
msg1706,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725001:01"),
}),
dup2,
dup3,
dup4,
dup5,
dup471,
]),
});
var msg1707 = match({
id: "MESSAGE#1186:725001/2",
dissect: {
tokenizer: "%{->} %{interface->}:%{hostip->}/%{network_port->} for %{version->} session.",
field: "nwparser.p1",
},
});
var all407 = all_match({
processors: [
dup469,
dup470,
msg1707,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725001"),
}),
dup2,
dup3,
dup4,
dup5,
dup471,
]),
});
var select393 = linear_select([
all406,
all407,
]);
var msg1708 = match({
id: "MESSAGE#31:105006",
dissect: {
tokenizer: "(%{context->}) Link status 'Up' on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Link status Up"),
}),
]),
});
var msg1709 = match({
id: "MESSAGE#39:105031",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105031"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1710 = match({
id: "MESSAGE#1304:717047",
dissect: {
tokenizer: "Revoked certificate issued to user: %{username->} with serial number %{result->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717047"),
}),
dup14,
dup2,
dup3,
dup5,
]),
});
var msg1711 = match({
id: "MESSAGE#606:409004",
dissect: {
tokenizer: "Received %{result->} from unknown neighbor %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("409004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1712 = match({
id: "MESSAGE#790:616001:01",
dissect: {
tokenizer: "Pre-allocate MGCP %{fld1->} connection for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}/%{dport->} from %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("616001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup347,
]),
});
var msg1713 = match({
id: "MESSAGE#791:616001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("616001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select394 = linear_select([
msg1712,
msg1713,
]);
var msg1714 = match({
id: "MESSAGE#1134:720041",
dissect: {
tokenizer: "(VPN-%{context->}) Sending %{info->} to standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720041"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1715 = match({
id: "MESSAGE#52:105043",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup324,
set_field({
dest: "nwparser.msg_id1",
value: constant("105043"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg1716 = match({
id: "MESSAGE#61:106003",
dissect: {
tokenizer: "Connection denied src %{saddr->} dest %{daddr->} due to JAVA Applet on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("106003"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
set_field({
dest: "nwparser.event_description",
value: constant("Connection denied due to JAVA Applet on interface"),
}),
]),
});
var msg1717 = match({
id: "MESSAGE#395:307004",
dissect: {
tokenizer: "Telnet session limit exceeded.%{space->}Connection request from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("307004"),
}),
dup2,
dup3,
dup4,
dup5,
dup103,
]),
});
var msg1718 = match({
id: "MESSAGE#560:402117",
dissect: {
tokenizer: "IPSEC: Received a non-IPSec packet (protocol= %{protocol->}) from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402117"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup409,
dup56,
]),
});
var msg1719 = match({
id: "MESSAGE#38:105021/0",
dissect: {
tokenizer: "(%{fld1->}) %{p0->}",
field: "nwparser.payload",
},
});
var msg1720 = match({
id: "MESSAGE#38:105021/2",
dissect: {
tokenizer: "S%{p1->}",
field: "nwparser.p0",
},
});
var select395 = linear_select([
msg1720,
dup218,
]);
var msg1721 = match({
id: "MESSAGE#38:105021/2",
dissect: {
tokenizer: "tandby unit failed to sync due to a locked %{fld2->} config. Lock held by %{p2->}",
field: "nwparser.p1",
},
});
var all408 = all_match({
processors: [
msg1719,
select395,
msg1721,
dup237,
],
on_success: processor_chain([
dup410,
set_field({
dest: "nwparser.msg_id1",
value: constant("105021"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Standby unit failed to sync due to a locked Config"),
}),
dup167,
]),
});
var msg1722 = match({
id: "MESSAGE#436:319001:01",
dissect: {
tokenizer: "Acknowledge for arp update for IP address %{daddr->} not received (%{count->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("319001:01"),
}),
dup14,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Acknowledge for arp update"),
}),
dup4,
dup5,
]),
});
var msg1723 = match({
id: "MESSAGE#437:319001",
dissect: {
tokenizer: "The subject name of the peer cert is not allowed for connection%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("319001"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("The subject name of the peer cert is not allowed for connection"),
}),
dup4,
dup5,
]),
});
var select396 = linear_select([
msg1722,
msg1723,
]);
var msg1724 = match({
id: "MESSAGE#615:409013",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409013"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1725 = match({
id: "MESSAGE#678:501101",
dissect: {
tokenizer: "Cmd priv level changed: Var: %{fld1->} Cmd: %{fld2->} Priv level: %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("501101"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Cmd priv level changed successfully"),
}),
]),
});
var msg1726 = match({
id: "MESSAGE#679:501101:01",
dissect: {
tokenizer: "User transitioning priv level%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("501101:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("User transitioning priv level"),
}),
]),
});
var select397 = linear_select([
msg1725,
msg1726,
]);
var msg1727 = match({
id: "MESSAGE#243:210003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1728 = match({
id: "MESSAGE#356:304004",
dissect: {
tokenizer: "URL Server %{hostip->} request failed URL %{url->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup406,
set_field({
dest: "nwparser.msg_id1",
value: constant("304004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1729 = match({
id: "MESSAGE#519:400022",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400022"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg1730 = match({
id: "MESSAGE#843:710002/0",
dissect: {
tokenizer: "%{protocol->} access permitted from %{saddr->}/%{sport->} to %{p0->}",
field: "nwparser.payload",
},
});
var msg1731 = match({
id: "MESSAGE#843:710002/2",
dissect: {
tokenizer: "%{dinterface->}:%{fld1->}:%{daddr->}/%{p1->}",
field: "nwparser.p0",
},
});
var msg1732 = match({
id: "MESSAGE#843:710002/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{p1->}",
field: "nwparser.p0",
},
});
var select398 = linear_select([
msg1731,
msg1732,
]);
var msg1733 = match({
id: "MESSAGE#843:710002/2",
dissect: {
tokenizer: "%{service->}",
field: "nwparser.p1",
},
});
var all409 = all_match({
processors: [
msg1730,
select398,
msg1733,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("710002"),
}),
dup42,
dup43,
dup64,
dup2,
dup35,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("access permitted"),
}),
]),
});
var msg1734 = match({
id: "MESSAGE#1124:720028",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("720028"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1735 = match({
id: "MESSAGE#476:338006/2",
dissect: {
tokenizer: "ilter dropped blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all410 = all_match({
processors: [
dup183,
dup184,
msg1735,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338006"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1736 = match({
id: "MESSAGE#831:702307/0",
dissect: {
tokenizer: "%{service->}: An %{agent->} SA (SPI= %{fld1->}) between %{saddr->} and %{daddr->} %{p0->}",
field: "nwparser.payload",
},
});
var all411 = all_match({
processors: [
msg1736,
dup32,
dup33,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("702307"),
}),
dup7,
dup11,
dup12,
dup13,
dup2,
dup3,
dup4,
dup5,
]),
});
var all412 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713201"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all413 = all_match({
processors: [
dup176,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713201:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select399 = linear_select([
all412,
all413,
]);
var all414 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715056"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all415 = all_match({
processors: [
dup44,
dup135,
dup136,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111005"),
}),
dup38,
dup137,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("end configuration: OK"),
}),
]),
});
var all416 = all_match({
processors: [
dup22,
dup23,
dup472,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("713259"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup473,
]),
});
var msg1737 = match({
id: "MESSAGE#952:713259:01/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , Session is being torn down. Reason: %{p1->}",
field: "nwparser.p0",
},
});
var msg1738 = match({
id: "MESSAGE#952:713259:01/2",
dissect: {
tokenizer: "IP = %{saddr->} , Session is being torn down. Reason: %{p1->}",
field: "nwparser.p0",
},
});
var select400 = linear_select([
msg1737,
msg1738,
]);
var all417 = all_match({
processors: [
dup44,
select400,
dup173,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("713259:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup473,
]),
});
var all418 = all_match({
processors: [
dup176,
dup23,
dup472,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("713259:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup473,
]),
});
var select401 = linear_select([
all416,
all417,
all418,
]);
var msg1739 = match({
id: "MESSAGE#1142:720062",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("720062"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1740 = match({
id: "MESSAGE#28:105003",
dissect: {
tokenizer: "(%{context->}) Monitoring on interface %{interface->} waiting",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("105003"),
}),
dup2,
dup3,
dup4,
dup5,
dup464,
]),
});
var msg1741 = match({
id: "MESSAGE#686:504001:01",
dissect: {
tokenizer: "Security context %{info->} was added to the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("504001:01"),
}),
dup164,
dup38,
dup14,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Security context added"),
}),
dup4,
dup5,
]),
});
var msg1742 = match({
id: "MESSAGE#687:504001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("504001"),
}),
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var select402 = linear_select([
msg1741,
msg1742,
]);
var msg1743 = match({
id: "MESSAGE#1060:716058",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> AnyConnect session lost connection. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716058"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("AnyConnect session lost connection"),
}),
]),
});
var msg1744 = match({
id: "MESSAGE#635:415004",
dissect: {
tokenizer: "%{sigid->} Content type not found - %{listnum->} Content Verification Failed from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415004"),
}),
dup2,
dup3,
dup4,
dup5,
dup474,
]),
});
var msg1745 = match({
id: "MESSAGE#636:415004:01",
dissect: {
tokenizer: "%{sigid->} Content type not found - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415004:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup474,
]),
});
var select403 = linear_select([
msg1744,
msg1745,
]);
var msg1746 = match({
id: "MESSAGE#886:713120/2",
dissect: {
tokenizer: "%{group->}, IP = %{p1->}",
field: "nwparser.p0",
},
});
var select404 = linear_select([
dup475,
dup465,
msg1746,
]);
var all419 = all_match({
processors: [
dup9,
select404,
dup174,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713120"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1747 = match({
id: "MESSAGE#1249:737030",
dissect: {
tokenizer: "%{process->}: Unable to send %{hostip->} to standby: address in use",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737030"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1748 = match({
id: "MESSAGE#1298:752011",
dissect: {
tokenizer: "%{fld2->} Doesn't have a transform set specified",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Doesn't have a transform set specified"),
}),
]),
});
var msg1749 = match({
id: "MESSAGE#1215:734002/2",
dissect: {
tokenizer: "'%{username->}' , Addr %{p1->}",
field: "nwparser.p0",
},
});
var msg1750 = match({
id: "MESSAGE#1215:734002/2",
dissect: {
tokenizer: "%{username->} , Addr %{p1->}",
field: "nwparser.p0",
},
});
var select405 = linear_select([
msg1749,
msg1750,
]);
var msg1751 = match({
id: "MESSAGE#1215:734002/3",
dissect: {
tokenizer: "%{hostip->},%{p2->}",
field: "nwparser.p1",
},
});
var msg1752 = match({
id: "MESSAGE#1215:734002/3",
dissect: {
tokenizer: "%{hostip->}:%{p2->}",
field: "nwparser.p1",
},
});
var select406 = linear_select([
msg1751,
msg1752,
]);
var all420 = all_match({
processors: [
dup211,
select405,
select406,
dup281,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("734002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1753 = match({
id: "MESSAGE#1:101002",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1754 = match({
id: "MESSAGE#226:201010",
dissect: {
tokenizer: "Embryonic connection limit exceeded %{fld1->}/%{fld2->} for %{direction->} packet from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201010"),
}),
dup2,
dup3,
dup4,
dup5,
dup177,
]),
});
var msg1755 = match({
id: "MESSAGE#260:213001",
dissect: {
tokenizer: "PPTP control daemon socket io %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("213001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg1756 = match({
id: "MESSAGE#1041:715076/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var msg1757 = match({
id: "MESSAGE#1041:715076/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var select407 = linear_select([
msg1756,
msg1757,
]);
var all421 = all_match({
processors: [
dup44,
select407,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715076"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var chain1 = processor_chain([
select2,
msgid_select({
"101001": msg115,
"101002": msg1753,
"101003": msg432,
"101004": msg31,
"101005": msg1628,
"102001": msg960,
"103001": msg858,
"103002": select131,
"103003": msg1092,
"103004": msg168,
"103005": msg4,
"103006": msg1405,
"103007": msg161,
"104001": select319,
"104002": select170,
"104003": msg929,
"104004": msg1407,
"105001": msg965,
"105002": msg520,
"105003": msg1740,
"105004": msg1649,
"105005": msg1296,
"105006": msg1708,
"105007": msg855,
"105008": all328,
"105009": msg905,
"105010": msg631,
"105011": msg173,
"105020": msg273,
"105021": all408,
"105031": msg1709,
"105032": msg966,
"105034": select165,
"105035": msg1318,
"105036": select62,
"105037": msg1250,
"105038": msg410,
"105039": msg940,
"105040": msg849,
"105041": msg967,
"105042": msg312,
"105043": msg1715,
"105044": msg1116,
"105045": all387,
"105046": msg1414,
"105047": all222,
"106001": select329,
"106002": select206,
"106003": msg1716,
"106006": select332,
"106007": msg396,
"106008": select294,
"106009": msg1406,
"106010": select211,
"106011": select364,
"106012": all213,
"106013": select119,
"106014": all192,
"106015": select63,
"106016": select305,
"106017": select155,
"106018": msg941,
"106019": msg1449,
"106020": msg1423,
"106021": msg563,
"106022": msg828,
"106023": select350,
"106025": msg493,
"106027": all115,
"106028": select289,
"106100": select266,
"106101": msg359,
"106102": select64,
"106103": select312,
"107001": select49,
"107002": msg211,
"108001": all146,
"108002": msg1587,
"108003": select354,
"108004": select323,
"108005": select97,
"108006": msg772,
"109001": all151,
"109002": all129,
"109003": select174,
"109005": all341,
"109006": all345,
"109007": all13,
"109008": all241,
"109009": msg240,
"109010": msg1338,
"109011": all290,
"109012": all238,
"109013": msg1480,
"109014": msg906,
"109015": select234,
"109016": select352,
"109017": msg1677,
"109018": all113,
"109019": all23,
"109020": all205,
"109021": msg1160,
"109022": msg60,
"109023": select53,
"109024": msg82,
"109025": all56,
"109026": msg1185,
"109027": all87,
"109029": select391,
"109032": all176,
"109033": select281,
"109039": msg663,
"110001": msg304,
"110002": select11,
"110003": select126,
"111001": msg907,
"111002": msg675,
"111003": msg554,
"111004": all34,
"111005": all415,
"111006": all25,
"111007": all252,
"111008": all330,
"111009": all223,
"111010": all105,
"111111": msg976,
"112001": msg96,
"113001": select378,
"113003": all208,
"113004": all155,
"113005": select285,
"113006": all231,
"113008": all140,
"113009": select246,
"113010": all295,
"113011": all30,
"113012": all88,
"113013": all179,
"113014": all190,
"113015": all4,
"113016": all253,
"113019": select151,
"113020": msg65,
"113022": msg969,
"113023": msg732,
"113028": all331,
"113034": all81,
"113039": msg1678,
"120001": msg698,
"120003": all209,
"120007": msg1078,
"120008": msg469,
"120011": msg1670,
"120012": all49,
"199001": select217,
"199002": msg639,
"199003": msg1381,
"199004": msg1569,
"199005": msg899,
"199006": all343,
"199007": all152,
"199008": all195,
"199009": select291,
"199015": msg409,
"199016": msg891,
"199017": msg570,
"199018": select269,
"199907": msg1521,
"199908": msg599,
"199909": msg1659,
"201001": msg1262,
"201002": select275,
"201003": msg1151,
"201004": select92,
"201005": msg834,
"201006": msg683,
"201007": msg1156,
"201008": msg852,
"201009": msg32,
"201010": msg1754,
"201011": msg1697,
"201012": msg857,
"201013": msg204,
"202001": msg1006,
"202002": msg1280,
"202003": msg1588,
"202004": msg90,
"202005": msg1235,
"202010": all358,
"203001": msg812,
"208005": msg1397,
"209001": msg470,
"209002": msg121,
"209003": msg205,
"209004": msg476,
"209005": msg835,
"210001": msg15,
"210002": msg1385,
"210003": msg1727,
"210005": msg970,
"210006": msg1297,
"210007": msg977,
"210008": msg953,
"210010": msg174,
"210020": msg678,
"210021": msg1271,
"210022": msg1435,
"211001": msg699,
"211003": msg102,
"212001": msg428,
"212002": msg1239,
"212003": msg53,
"212004": msg91,
"212005": all197,
"212006": msg1541,
"213001": msg1755,
"213002": msg1153,
"213003": msg660,
"213004": msg1394,
"214001": msg537,
"215001": msg1272,
"216001": msg1263,
"216005": msg1611,
"219002": msg632,
"301001": msg1164,
"302001": select179,
"302002": select221,
"302003": msg1007,
"302004": select358,
"302005": select276,
"302006": select199,
"302007": msg664,
"302008": msg1276,
"302009": select355,
"302010": msg1703,
"302012": all27,
"302013": select75,
"302014": select115,
"302015": select129,
"302016": select41,
"302017": select60,
"302018": msg1574,
"302019": msg1190,
"302020": select196,
"302021": select227,
"302022": select356,
"302023": select140,
"302024": all347,
"302025": msg819,
"302026": all153,
"302027": msg1100,
"302302": msg1679,
"302303": msg1324,
"302304": msg1518,
"303002": select223,
"303003": msg1633,
"303004": msg448,
"303005": msg742,
"304001": select14,
"304002": select387,
"304003": msg1154,
"304004": msg1728,
"304005": msg1680,
"304006": msg1126,
"304007": msg588,
"304008": all5,
"304009": msg301,
"305001": msg20,
"305002": msg356,
"305003": select132,
"305004": msg754,
"305005": select23,
"305006": select57,
"305007": msg529,
"305008": msg665,
"305009": msg331,
"305010": select139,
"305011": select144,
"305012": select120,
"305013": select105,
"306001": msg158,
"307001": select303,
"307002": msg397,
"307003": select46,
"307004": msg1717,
"308001": all395,
"308002": msg672,
"309001": msg243,
"309002": msg954,
"309004": msg92,
"311001": msg491,
"311002": msg673,
"311003": msg122,
"311004": msg584,
"312001": msg1236,
"313001": msg1424,
"313003": select169,
"313004": select207,
"313005": msg661,
"313008": select162,
"313009": msg733,
"314001": all260,
"315001": msg61,
"315002": all360,
"315003": select93,
"315004": all104,
"315005": msg93,
"315011": select159,
"316001": select118,
"317001": msg901,
"317002": msg1083,
"317003": msg1281,
"317004": msg418,
"317005": msg83,
"318001": msg1594,
"318002": msg244,
"318003": msg1653,
"318004": msg265,
"318005": msg388,
"318006": msg1120,
"318007": msg1398,
"318008": msg688,
"319001": select396,
"319004": msg963,
"320001": msg360,
"321001": select292,
"321002": msg864,
"321003": msg1638,
"321004": msg843,
"321005": msg1511,
"322001": msg1034,
"322002": msg1700,
"322003": msg1121,
"322004": msg1519,
"323001": msg375,
"323002": msg679,
"323003": msg900,
"323006": all396,
"324000": all99,
"324001": msg1399,
"324002": msg492,
"324003": msg1472,
"324004": msg1101,
"324005": msg1395,
"324006": msg869,
"324007": msg600,
"325001": msg521,
"325002": msg1016,
"326001": msg938,
"331001": msg730,
"332003": msg107,
"332004": msg923,
"335004": msg1298,
"336010": msg1520,
"337005": msg1275,
"337009": msg910,
"338001": all277,
"338002": all80,
"338003": all185,
"338004": all72,
"338005": all59,
"338006": all410,
"338007": all288,
"338008": all375,
"338101": all362,
"338102": all335,
"338103": all142,
"338104": all346,
"338201": all321,
"338202": all82,
"338203": all344,
"338204": all107,
"338301": all268,
"338302": all162,
"338303": all230,
"338304": msg915,
"338305": msg1543,
"338306": msg1157,
"338307": msg813,
"338308": msg482,
"338309": msg816,
"338310": msg1285,
"400000": msg743,
"400001": msg25,
"400002": msg1400,
"400003": msg1506,
"400004": msg605,
"400005": msg1225,
"400006": msg1186,
"400007": msg133,
"400008": msg530,
"400009": msg108,
"400010": msg1464,
"400011": msg162,
"400012": msg1512,
"400013": msg674,
"400014": msg1671,
"400015": msg235,
"400016": msg1320,
"400017": msg363,
"400018": msg1123,
"400019": msg1425,
"400020": msg1124,
"400021": msg1473,
"400022": msg1729,
"400023": msg1672,
"400024": msg982,
"400025": msg1612,
"400026": msg1474,
"400027": msg1363,
"400028": msg207,
"400029": msg964,
"400030": msg516,
"400031": msg1613,
"400032": msg1639,
"400033": msg62,
"400034": msg585,
"400035": msg63,
"400036": msg1388,
"400037": msg1698,
"400038": msg1581,
"400039": msg555,
"400040": msg225,
"400041": msg1589,
"400042": msg124,
"400043": msg942,
"400044": msg208,
"400045": msg35,
"400046": msg841,
"400047": msg538,
"400048": msg52,
"400049": msg389,
"400050": msg1187,
"400051": msg361,
"401001": msg1057,
"401002": all45,
"401003": all225,
"401004": all117,
"401005": all207,
"402101": msg1158,
"402102": msg1375,
"402103": all254,
"402106": msg1529,
"402114": msg1027,
"402116": all154,
"402117": msg1718,
"402118": msg37,
"402119": all400,
"402120": all279,
"402123": msg1165,
"402124": msg827,
"402125": msg1570,
"402126": all171,
"402127": all24,
"402130": msg444,
"403101": msg1634,
"403102": msg1418,
"403103": msg691,
"403104": msg550,
"403106": msg1614,
"403107": msg414,
"403108": msg1191,
"403109": msg1058,
"403110": msg1386,
"403500": msg842,
"403501": msg472,
"403502": msg911,
"403503": msg1128,
"403504": msg169,
"403505": msg912,
"403506": msg1226,
"404101": msg1035,
"404102": msg258,
"405001": all385,
"405002": msg54,
"405003": msg1373,
"405101": all220,
"405102": all29,
"405103": msg517,
"405104": msg1268,
"405105": all272,
"406001": msg342,
"406002": msg1299,
"407001": msg1130,
"407002": select259,
"408001": msg820,
"408002": all22,
"409001": msg978,
"409002": msg755,
"409003": all361,
"409004": msg1711,
"409005": msg197,
"409006": msg1105,
"409007": msg1369,
"409008": msg33,
"409009": msg979,
"409010": msg734,
"409011": msg1533,
"409012": msg302,
"409013": msg1724,
"409023": all315,
"410001": select240,
"411001": all259,
"411002": all178,
"411003": all298,
"411004": all363,
"411005": all109,
"412001": msg498,
"413001": msg594,
"413002": msg1567,
"413003": all133,
"414001": msg1093,
"414002": msg630,
"415001": msg1389,
"415002": msg1038,
"415003": msg332,
"415004": select403,
"415005": msg579,
"415006": msg303,
"415007": msg1675,
"415008": select153,
"415009": msg1039,
"415010": msg261,
"415011": msg364,
"415012": msg1094,
"415013": msg1513,
"415014": msg1514,
"416001": msg667,
"418001": select99,
"419001": msg262,
"419002": msg801,
"419003": msg1040,
"420002": select123,
"420003": msg1465,
"420004": msg471,
"420005": msg1364,
"421001": msg249,
"421004": msg1597,
"421005": all172,
"421006": msg236,
"429002": msg1167,
"434002": msg328,
"434004": msg559,
"444005": msg1704,
"444100": msg889,
"444101": msg1340,
"444102": msg817,
"444104": msg1347,
"444106": msg1088,
"444108": select304,
"444109": msg1339,
"450001": msg84,
"500001": msg731,
"500002": msg1515,
"500003": msg501,
"500004": msg1108,
"501101": select397,
"502101": all353,
"502102": all73,
"502103": all106,
"502111": all177,
"502112": all163,
"503001": msg78,
"504001": select402,
"504002": select147,
"505001": msg1159,
"505002": msg263,
"505003": msg1028,
"505004": msg814,
"505005": msg943,
"505006": msg435,
"505007": msg1218,
"505011": all283,
"505013": all340,
"505014": msg1625,
"505015": all11,
"506001": msg1550,
"507001": msg721,
"507002": msg56,
"507003": all156,
"508001": all198,
"602101": all74,
"602102": msg1174,
"602103": msg1095,
"602104": msg1415,
"602201": select298,
"602202": select26,
"602203": select314,
"602301": msg1131,
"602302": msg1699,
"602303": all281,
"602304": all7,
"603101": msg821,
"603102": msg924,
"603103": msg357,
"603104": all50,
"603105": all329,
"603106": all303,
"603107": all85,
"603108": all304,
"603109": all309,
"604101": msg42,
"604102": msg1598,
"604103": all181,
"604104": msg412,
"605001": msg1522,
"605002": msg551,
"605003": all282,
"605004": select59,
"605005": select302,
"606001": all306,
"606002": all376,
"606003": msg1416,
"606004": msg26,
"607001": msg1582,
"608001": select54,
"609001": msg592,
"609002": all161,
"610001": msg1332,
"610002": msg1358,
"610101": all28,
"611101": select148,
"611102": select96,
"611103": all313,
"611104": msg79,
"611301": msg1583,
"611302": msg1139,
"611303": msg113,
"611304": msg467,
"611305": msg420,
"611306": msg973,
"611307": msg1584,
"611308": msg1256,
"611309": msg1417,
"611310": msg1575,
"611311": msg534,
"611312": msg358,
"611313": msg974,
"611314": msg890,
"611315": msg271,
"611316": msg768,
"611317": msg1109,
"611318": msg40,
"611319": msg1004,
"611320": msg902,
"611321": msg1166,
"611322": msg903,
"611323": msg34,
"612001": msg676,
"612002": all382,
"612003": msg810,
"613001": msg1348,
"613002": msg1455,
"613003": msg1137,
"614001": msg365,
"614002": msg429,
"615001": msg756,
"615002": msg125,
"616001": select394,
"617001": msg28,
"617002": select373,
"617003": msg1640,
"617004": msg441,
"620001": select183,
"620002": select145,
"622001": all175,
"701001": msg1408,
"701002": msg928,
"702201": select16,
"702202": select340,
"702203": select380,
"702204": select90,
"702205": select299,
"702206": select209,
"702207": select261,
"702208": select268,
"702209": select313,
"702210": select232,
"702211": select116,
"702212": select336,
"702301": msg1410,
"702302": msg1390,
"702303": msg593,
"702307": all411,
"703001": msg1063,
"703002": msg535,
"709001": msg1419,
"709002": msg97,
"709003": msg423,
"709004": msg552,
"709005": msg272,
"709006": msg27,
"709007": msg1033,
"709008": msg1293,
"710001": msg227,
"710002": all409,
"710003": msg572,
"710004": msg1537,
"710005": msg1571,
"710006": msg430,
"710007": msg1066,
"711001": msg468,
"711002": msg918,
"711004": all218,
"713014": msg1539,
"713016": msg955,
"713020": msg713,
"713024": all90,
"713025": select204,
"713034": select324,
"713035": select124,
"713041": select81,
"713042": msg159,
"713048": all380,
"713049": all352,
"713050": all224,
"713052": all267,
"713060": all193,
"713061": msg562,
"713066": select8,
"713068": all33,
"713072": all388,
"713073": msg344,
"713074": msg1278,
"713075": select249,
"713076": all384,
"713092": msg1444,
"713105": msg1162,
"713107": msg904,
"713117": all166,
"713119": msg114,
"713120": all419,
"713121": msg1264,
"713122": msg1069,
"713123": select76,
"713124": msg1163,
"713127": msg1445,
"713128": select374,
"713129": msg424,
"713130": all302,
"713131": select241,
"713132": all141,
"713133": all157,
"713134": msg250,
"713136": all48,
"713137": select379,
"713141": msg442,
"713143": msg956,
"713145": msg416,
"713147": msg1636,
"713149": msg802,
"713167": select17,
"713169": msg1064,
"713170": msg1172,
"713171": all397,
"713172": all199,
"713177": msg215,
"713184": select50,
"713187": msg1197,
"713193": msg1173,
"713194": all8,
"713199": all389,
"713201": select399,
"713202": msg1161,
"713203": msg682,
"713204": all284,
"713206": msg1294,
"713211": msg1451,
"713213": all242,
"713214": msg1456,
"713216": select287,
"713218": all180,
"713219": all143,
"713220": msg1106,
"713221": msg1065,
"713222": msg5,
"713223": msg1660,
"713224": msg1523,
"713225": msg815,
"713227": msg637,
"713228": all300,
"713229": msg1637,
"713231": msg1673,
"713232": all276,
"713235": select106,
"713236": all348,
"713240": msg651,
"713251": all336,
"713255": msg226,
"713257": msg846,
"713259": select401,
"713273": select301,
"713900": select339,
"713902": select258,
"713903": select32,
"713904": select278,
"713905": select52,
"713906": select178,
"714001": msg1470,
"714002": select210,
"714003": msg1661,
"714004": select214,
"714005": all280,
"714006": select331,
"714007": msg925,
"714011": select108,
"715001": all403,
"715006": select15,
"715007": select138,
"715009": select325,
"715019": select167,
"715020": all250,
"715021": all114,
"715022": all401,
"715027": all227,
"715028": all243,
"715033": msg1624,
"715034": msg401,
"715035": msg1376,
"715036": select256,
"715038": all405,
"715039": select43,
"715040": msg522,
"715041": msg165,
"715042": all327,
"715046": select135,
"715047": select231,
"715048": all9,
"715049": select137,
"715050": msg722,
"715052": all51,
"715053": select130,
"715055": all334,
"715056": all414,
"715057": all296,
"715058": msg1257,
"715059": select85,
"715060": msg1077,
"715061": msg518,
"715063": all158,
"715064": all226,
"715065": all67,
"715066": msg1413,
"715068": msg431,
"715071": msg98,
"715075": msg1067,
"715076": all421,
"715077": select5,
"715080": msg179,
"716001": all196,
"716002": all16,
"716003": all355,
"716004": all150,
"716007": all217,
"716009": msg209,
"716023": all364,
"716038": all379,
"716039": select89,
"716041": msg1602,
"716043": all183,
"716047": all314,
"716051": msg543,
"716052": msg1349,
"716058": msg1743,
"716059": msg1471,
"716601": msg1295,
"717001": msg690,
"717002": msg1068,
"717003": msg58,
"717004": msg1484,
"717005": msg541,
"717006": msg914,
"717007": msg310,
"717008": msg166,
"717009": all383,
"717010": msg1249,
"717016": msg1107,
"717022": msg1568,
"717024": msg544,
"717025": msg1279,
"717026": msg1118,
"717027": msg944,
"717028": msg483,
"717029": msg1198,
"717030": msg1380,
"717033": msg1478,
"717036": msg449,
"717037": msg160,
"717039": msg193,
"717041": msg167,
"717043": msg1448,
"717045": msg638,
"717046": msg1181,
"717047": msg1710,
"717055": msg59,
"718005": msg1314,
"718010": msg1656,
"718015": msg1507,
"718016": msg1070,
"718021": msg1534,
"718022": msg1420,
"718023": msg1446,
"718028": msg881,
"718033": msg473,
"718034": msg1182,
"718039": msg1228,
"718044": msg1409,
"718045": msg1002,
"718046": msg536,
"718049": msg677,
"718051": msg1361,
"718056": msg957,
"718058": msg1662,
"718059": msg1155,
"718062": msg1683,
"718068": msg327,
"718069": msg194,
"718072": msg1321,
"718073": msg1676,
"720002": msg1577,
"720003": msg311,
"720004": msg587,
"720005": msg264,
"720006": msg495,
"720010": msg583,
"720012": msg1138,
"720020": msg1530,
"720021": msg64,
"720024": msg1458,
"720025": msg740,
"720026": msg939,
"720027": msg190,
"720028": msg1734,
"720029": msg735,
"720032": msg633,
"720035": msg1705,
"720036": msg1596,
"720037": msg1508,
"720038": msg1627,
"720039": msg210,
"720040": msg1089,
"720041": msg1714,
"720042": all398,
"720044": msg545,
"720045": msg741,
"720046": msg1196,
"720048": msg1585,
"720049": msg1657,
"720055": msg447,
"720062": msg1739,
"720063": msg573,
"720068": msg1056,
"721001": msg1090,
"721002": msg123,
"721003": msg1404,
"721004": msg1359,
"721010": msg1315,
"721012": msg172,
"721016": all63,
"721018": all278,
"722001": all206,
"722003": all305,
"722005": msg1360,
"722006": msg803,
"722010": all235,
"722012": all86,
"722020": all381,
"722022": all399,
"722023": all111,
"722025": msg206,
"722027": all110,
"722028": all318,
"722029": all44,
"722030": all221,
"722031": all273,
"722032": all60,
"722033": all349,
"722034": msg1479,
"722035": all266,
"722036": all184,
"722037": all57,
"722041": all342,
"722043": all359,
"722047": msg1538,
"722049": all325,
"722050": msg958,
"722051": select311,
"722053": all402,
"722055": all58,
"724002": msg362,
"724003": all191,
"724004": all47,
"725001": select393,
"725002": all95,
"725003": all64,
"725005": select150,
"725006": select363,
"725007": all310,
"725008": select205,
"725009": select18,
"725010": all102,
"725011": msg1468,
"725012": select163,
"725013": msg546,
"725014": msg856,
"725016": all326,
"726001": msg1576,
"730001": msg558,
"730002": msg1119,
"730010": msg519,
"731001": msg634,
"733100": msg1091,
"733101": all26,
"733102": msg870,
"733103": msg804,
"734001": all112,
"734002": all420,
"734003": select67,
"734004": msg818,
"735003": msg1008,
"735004": msg1485,
"735005": msg1396,
"735006": msg1311,
"735011": msg421,
"735012": msg744,
"737001": all12,
"737003": select262,
"737005": msg1229,
"737006": select82,
"737007": all301,
"737010": select318,
"737012": select386,
"737013": msg975,
"737014": msg234,
"737015": all287,
"737016": select65,
"737017": all108,
"737019": select295,
"737026": select122,
"737029": all324,
"737030": msg1747,
"737031": all10,
"737032": all214,
"737033": msg1277,
"742004": msg1635,
"746001": msg281,
"746002": msg1586,
"746006": msg608,
"746012": select351,
"746013": select33,
"746014": msg422,
"746015": msg1372,
"746016": msg1688,
"746018": msg805,
"747016": msg380,
"750001": select279,
"750002": msg959,
"750003": msg652,
"750006": msg1447,
"750007": msg1009,
"751007": msg553,
"751014": msg417,
"751025": msg1691,
"752002": msg1540,
"752003": msg751,
"752004": msg21,
"752006": msg248,
"752008": msg811,
"752010": msg379,
"752011": msg1748,
"752012": select263,
"752015": msg1060,
"752016": all394,
"769001": msg670,
"769004": msg24,
"771002": msg1333,
"776251": msg1317,
"776252": msg525,
"CISCOASA_GENERIC": select164,
}),
set_field({
dest: "@timestamp",
value: field("event_time"),
}),
]);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment