Skip to content

Instantly share code, notes, and snippets.

@adriansr

adriansr/cisco-asa-pipeline.js

Created April 22, 2020 14:10
Show Gist options
  • Save adriansr/550c9c9c0105fedd1dbd62472a140247 to your computer and use it in GitHub Desktop.
Save adriansr/550c9c9c0105fedd1dbd62472a140247 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
cisco-asa-pipeline.js
// Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
// or more contributor license agreements. Licensed under the Elastic License;
// you may not use this file except in compliance with the Elastic License.
var processor = require("processor");
var console = require("console");
var device;
// Register params from configuration.
function register(params) {
device = new DeviceProcessor();
}
function process(evt) {
return device.process(evt);
}
function DeviceProcessor() {
var builder = new processor.Chain();
builder.Add(save_flags);
builder.Add(chain1);
builder.Add(restore_flags);
var chain = builder.Build();
return {
process: chain.Run,
}
}
var map_srcDirName = {
keyvaluepairs: {
"0": dup477,
"1": dup476,
},
};
var map_dstDirName = {
keyvaluepairs: {
"0": dup476,
"1": dup477,
},
};
var map_dir2SumType = {
keyvaluepairs: {
"0": constant("2"),
"1": constant("3"),
},
"default": constant("0"),
};
var map_dir2Address = {
keyvaluepairs: {
"0": field("saddr"),
"1": field("daddr"),
},
"default": field("saddr"),
};
var map_dir2Port = {
keyvaluepairs: {
"0": field("sport"),
"1": field("dport"),
},
"default": field("sport"),
};
var dup0 = set_field({
dest: "nwparser.messageid",
value: constant("CISCOASA_GENERIC"),
});
var dup1 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601000000"),
});
var dup2 = call({
dest: "nwparser.level",
fn: HDR,
args: [
field("level"),
],
});
var dup3 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dN,dU,dO],
});
var dup4 = set_field({
dest: "nwparser.msg",
value: field("$MSG"),
});
var dup5 = call({
dest: "nwparser.id",
fn: HDR,
args: [
field("messageid"),
],
});
var dup6 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501050100"),
});
var dup7 = set_field({
dest: "nwparser.event_type",
value: constant("VPN"),
});
var dup8 = set_field({
dest: "nwparser.event_description",
value: constant("Static Crypto Map check"),
});
var dup9 = match({
id: "MESSAGE#1042:715077/0",
dissect: {
tokenizer: "%{->}Group = %{p0->}",
field: "nwparser.payload",
},
});
var dup10 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603000000"),
});
var dup11 = set_field({
dest: "nwparser.ec_theme",
value: constant("Encryption"),
});
var dup12 = set_field({
dest: "nwparser.ec_subject",
value: constant("CryptoKey"),
});
var dup13 = set_field({
dest: "nwparser.ec_activity",
value: constant("Modify"),
});
var dup14 = call({
dest: "nwparser.",
fn: SYSVAL,
args: [
field("$MSGID"),
field("$ID1"),
],
});
var dup15 = match({
id: "MESSAGE#192:113015/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
});
var dup16 = set_field({
dest: "nwparser.eventcategory",
value: constant("1301000000"),
});
var dup17 = set_field({
dest: "nwparser.ec_subject",
value: constant("User"),
});
var dup18 = set_field({
dest: "nwparser.ec_theme",
value: constant("Authentication"),
});
var dup19 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Failure"),
});
var dup20 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605000000"),
});
var dup21 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801000000"),
});
var dup22 = match({
id: "MESSAGE#872:713066/0",
dissect: {
tokenizer: "Group = %{group->}, Username = %{p0->}",
field: "nwparser.payload",
},
});
var dup23 = linear_select([
match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "'%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "%{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup24 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204020000"),
});
var dup25 = date_time({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmt: [dB,dF,dW,dH,dT,dS],
});
var dup26 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020100"),
});
var dup27 = call({
dest: "nwparser.inout",
fn: DIRCHK,
args: [
field("saddr"),
],
});
var dup28 = lookup({
dest: "nwparser.src_zone",
map: map_srcDirName,
key: field("inout"),
});
var dup29 = lookup({
dest: "nwparser.dst_zone",
map: map_dstDirName,
key: field("inout"),
});
var dup30 = call({
dest: "nwparser.sigcat",
fn: SYSVAL,
args: [
field("$CATEGORY"),
],
});
var dup31 = match({
id: "MESSAGE#719:602304/0",
dissect: {
tokenizer: "%{service->}: An %{direction->} SA (SPI= %{fld1->}) between %{saddr->} and %{daddr->} %{p0->}",
field: "nwparser.payload",
},
});
var dup32 = linear_select([
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "(user=%{username->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "(%{username->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "'%{username->}' %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "%{username->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup33 = match({
id: "MESSAGE#719:602304/2",
dissect: {
tokenizer: "%{action->}",
field: "nwparser.p1",
},
});
var dup34 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030100"),
});
var dup35 = date_times({
dest: "event_time",
args: ["month","day","year","hhour","hmin","hsec"],
fmts: [
[dB,dF,dW,dN,dU,dO],
[dB,dF,dN,dU,dO],
],
});
var dup36 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801030000"),
});
var dup37 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604000000"),
});
var dup38 = set_field({
dest: "nwparser.ec_theme",
value: constant("Configuration"),
});
var dup39 = set_field({
dest: "nwparser.ec_subject",
value: constant("Configuration"),
});
var dup40 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Success"),
});
var dup41 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010000"),
});
var dup42 = set_field({
dest: "nwparser.ec_theme",
value: constant("ALM"),
});
var dup43 = set_field({
dest: "nwparser.ec_subject",
value: constant("NetworkComm"),
});
var dup44 = match({
id: "MESSAGE#921:713194/0",
dissect: {
tokenizer: "%{->} %{p0->}",
field: "nwparser.payload",
},
});
var dup45 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var dup46 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var dup47 = linear_select([
match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup48 = match({
id: "MESSAGE#1020:715048/2",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p1",
},
});
var dup49 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603010000"),
});
var dup50 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603040000"),
});
var dup51 = set_field({
dest: "nwparser.eventcategory",
value: constant("1703000000"),
});
var dup52 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020200"),
});
var dup53 = match({
id: "MESSAGE#1250:737031/0",
dissect: {
tokenizer: "%{process->}: %{p0->}",
field: "nwparser.payload",
},
});
var dup54 = linear_select([
match({
id: "MESSAGE#1250:737031/2",
dissect: {
tokenizer: "Session=%{sessionid->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup55 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801010100"),
});
var dup56 = set_field({
dest: "nwparser.service",
value: constant("IPSEC"),
});
var dup57 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "%{application->}\", %{info->}",
field: "nwparser.p0",
},
});
var dup58 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605020000"),
});
var dup59 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701060000"),
});
var dup60 = set_field({
dest: "nwparser.ec_activity",
value: constant("Enable"),
});
var dup61 = linear_select([
match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "'%{username->}' from %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "%{username->} from %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup62 = match({
id: "MESSAGE#128:109007/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.p1",
},
});
var dup63 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401060000"),
});
var dup64 = set_field({
dest: "nwparser.ec_activity",
value: constant("Permit"),
});
var dup65 = set_field({
dest: "nwparser.ec_theme",
value: constant("AccessControl"),
});
var dup66 = linear_select([
match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "'%{username->}' @%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "%{username->} @%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup67 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204010000"),
});
var dup68 = set_field({
dest: "nwparser.event_description",
value: constant("Accessed"),
});
var dup69 = set_field({
dest: "nwparser.protocol",
value: constant("HTTP"),
});
var dup70 = call({
dest: "nwparser.urldomain",
fn: URL,
args: [
field("$DOMAIN"),
field("url"),
],
});
var dup71 = call({
dest: "nwparser.urlroot",
fn: URL,
args: [
field("$ROOT"),
field("url"),
],
});
var dup72 = call({
dest: "nwparser.urlpage",
fn: URL,
args: [
field("$PAGE"),
field("url"),
],
});
var dup73 = call({
dest: "nwparser.urlquery",
fn: URL,
args: [
field("$QUERY"),
field("url"),
],
});
var dup74 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001020300"),
});
var dup75 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603110000"),
});
var dup76 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030300"),
});
var dup77 = match({
id: "MESSAGE#1046:716002/0",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User %{p0->}",
field: "nwparser.payload",
},
});
var dup78 = linear_select([
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "'%{username->}' IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "%{username->} IP \u003c\u003c%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup79 = match({
id: "MESSAGE#992:715006/0",
dissect: {
tokenizer: "Group = %{group->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup80 = linear_select([
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup81 = match({
id: "MESSAGE#992:715006/2",
dissect: {
tokenizer: "%{action->}: SPI = %{dst_spi->}",
field: "nwparser.p1",
},
});
var dup82 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020100"),
});
var dup83 = set_field({
dest: "nwparser.eventcategory",
value: constant("1304000000"),
});
var dup84 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050200"),
});
var dup85 = set_field({
dest: "nwparser.eventcategory",
value: constant("1002000000"),
});
var dup86 = set_field({
dest: "nwparser.eventcategory",
value: constant("1303000000"),
});
var dup87 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Error"),
});
var dup88 = match({
id: "MESSAGE#804:702201:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 delete%{p0->}",
field: "nwparser.payload",
},
});
var dup89 = linear_select([
match({
id: "MESSAGE#804:702201:01/2",
dissect: {
tokenizer: "d%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup90 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete received"),
});
var dup91 = set_field({
dest: "nwparser.event_description",
value: constant("Remote peer has failed user authentication"),
});
var dup92 = linear_select([
match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "server%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "client%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup93 = set_field({
dest: "nwparser.event_description",
value: constant("Device proposes cipher(s)"),
});
var dup94 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805020000"),
});
var dup95 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805000000"),
});
var dup96 = match({
id: "MESSAGE#143:109019/0",
dissect: {
tokenizer: "Downloaded ACL %{p0->}",
field: "nwparser.payload",
},
});
var dup97 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p1",
},
});
var dup98 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501040000"),
});
var dup99 = set_field({
dest: "nwparser.ec_activity",
value: constant("Deny"),
});
var dup100 = set_field({
dest: "nwparser.event_description",
value: constant("Authorization denied"),
});
var dup101 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803010000"),
});
var dup102 = set_field({
dest: "nwparser.ec_theme",
value: constant("Communication"),
});
var dup103 = set_field({
dest: "nwparser.event_description",
value: constant("session limit exceeded"),
});
var dup104 = linear_select([
match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "'%{username->}' at %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "%{username->} at %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup105 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401050100"),
});
var dup106 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logon"),
});
var dup107 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701030000"),
});
var dup108 = set_field({
dest: "nwparser.ec_activity",
value: constant("Delete"),
});
var dup109 = set_field({
dest: "nwparser.eventcategory",
value: constant("1103000000"),
});
var dup110 = set_field({
dest: "nwparser.event_description",
value: constant("No translation group found"),
});
var dup111 = set_field({
dest: "nwparser.protocol",
value: constant("icmp"),
});
var dup112 = set_field({
dest: "nwparser.event_description",
value: constant("Web Cache acquired"),
});
var dup113 = set_field({
dest: "nwparser.eventcategory",
value: constant("1002020000"),
});
var dup114 = match({
id: "MESSAGE#291:302012/0",
dissect: {
tokenizer: "%{->}Pre%{p0->}",
field: "nwparser.payload",
},
});
var dup115 = linear_select([
match({
id: "MESSAGE#291:302012/2",
dissect: {
tokenizer: "-%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup116 = set_field({
dest: "nwparser.event_description",
value: constant("Connection pre-allocated"),
});
var dup117 = linear_select([
match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "ed%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "ure%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup118 = match({
id: "MESSAGE#591:405102/0",
dissect: {
tokenizer: "Unable to Pre%{p0->}",
field: "nwparser.payload",
},
});
var dup119 = linear_select([
match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "oreign_address%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup120 = match({
id: "MESSAGE#591:405102/4",
dissect: {
tokenizer: "%{->} %{p4->}",
field: "nwparser.p3",
},
});
var dup121 = linear_select([
match({
id: "MESSAGE#591:405102/6",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to l%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#591:405102/6",
dissect: {
tokenizer: "%{saddr->} to l%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup122 = linear_select([
match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "ocal_address%{p6->}",
field: "nwparser.p5",
},
}),
match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "addr%{p6->}",
field: "nwparser.p5",
},
}),
]);
var dup123 = match({
id: "MESSAGE#591:405102/7",
dissect: {
tokenizer: "%{->} %{p7->}",
field: "nwparser.p6",
},
});
var dup124 = linear_select([
match({
id: "MESSAGE#591:405102/8",
dissect: {
tokenizer: "%{daddr->}/%{dport->} ",
field: "nwparser.p7",
},
}),
match({
id: "MESSAGE#591:405102/8",
dissect: {
tokenizer: "%{daddr->} ",
field: "nwparser.p7",
},
}),
]);
var dup125 = set_field({
dest: "nwparser.event_description",
value: constant("Unable to create new connection"),
});
var dup126 = set_field({
dest: "nwparser.eventcategory",
value: constant("1501000000"),
});
var dup127 = set_field({
dest: "nwparser.event_description",
value: constant("NAT configured"),
});
var dup128 = match({
id: "MESSAGE#712:602202:01/0",
dissect: {
tokenizer: "ISAKMP session connect%{p0->}",
field: "nwparser.payload",
},
});
var dup129 = linear_select([
match({
id: "MESSAGE#712:602202:01/2",
dissect: {
tokenizer: "ed%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup130 = match({
id: "MESSAGE#712:602202:01/2",
dissect: {
tokenizer: "%{->}(local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var dup131 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session connected"),
});
var dup132 = match({
id: "MESSAGE#713:602202/2",
dissect: {
tokenizer: "%{->}(local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var dup133 = set_field({
dest: "nwparser.ec_subject",
value: constant("Message"),
});
var dup134 = set_field({
dest: "nwparser.ec_activity",
value: constant("Receive"),
});
var dup135 = linear_select([
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "Console end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "console end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "%{hostip->} end configuration: %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup136 = match({
id: "MESSAGE#168:111004/2",
dissect: {
tokenizer: "%{disposition->}",
field: "nwparser.p1",
},
});
var dup137 = set_field({
dest: "nwparser.ec_activity",
value: constant("Stop"),
});
var dup138 = match({
id: "MESSAGE#960:713903/2",
dissect: {
tokenizer: "%{saddr->} , %{action->}",
field: "nwparser.p1",
},
});
var dup139 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup140 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup141 = match({
id: "MESSAGE#963:713903:03/0",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.payload",
},
});
var dup142 = set_field({
dest: "nwparser.eventcategory",
value: constant("1802000000"),
});
var dup143 = set_field({
dest: "nwparser.ec_activity",
value: constant("Logoff"),
});
var dup144 = set_field({
dest: "nwparser.result",
value: constant("Succeeded"),
});
var dup145 = constant("Failed");
var dup146 = match({
id: "MESSAGE#313:302016:05/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var dup147 = linear_select([
match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld7->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup148 = call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N:%U:%O"),
field("duration"),
],
});
var dup149 = set_field({
dest: "nwparser.event_description",
value: constant("teardown connection"),
});
var dup150 = linear_select([
match({
id: "MESSAGE#314:302016:07/1",
dissect: {
tokenizer: "%{bytes->} (%{username->})",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#314:302016:07/1",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p0",
},
}),
]);
var dup151 = linear_select([
match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld5->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup152 = match({
id: "MESSAGE#316:302016:06/2",
dissect: {
tokenizer: "%{dinterface->}:%{p2->}",
field: "nwparser.p1",
},
});
var dup153 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var dup154 = match({
id: "MESSAGE#317:302016/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->} duration %{p3->}",
field: "nwparser.p2",
},
});
var dup155 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{sdomain->}\\%{fld5->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup156 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
});
var dup157 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701000000"),
});
var dup158 = match({
id: "MESSAGE#1165:722029/2",
dissect: {
tokenizer: "%{saddr->}> SVC Session Termination:%{info->}",
field: "nwparser.p1",
},
});
var dup159 = set_field({
dest: "nwparser.event_description",
value: constant("SVC Session Termination"),
});
var dup160 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613030100"),
});
var dup161 = set_field({
dest: "nwparser.eventcategory",
value: constant("1702030000"),
});
var dup162 = match({
id: "MESSAGE#550:401002/0",
dissect: {
tokenizer: "%{->}Shun%{p0->}",
field: "nwparser.payload",
},
});
var dup163 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701010000"),
});
var dup164 = set_field({
dest: "nwparser.ec_activity",
value: constant("Create"),
});
var dup165 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603020000"),
});
var dup166 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701020000"),
});
var dup167 = set_field({
dest: "nwparser.disposition",
value: constant("Failed"),
});
var dup168 = match({
id: "MESSAGE#1184:724004/2",
dissect: {
tokenizer: "%{hostip->}> Secure Desktop Results: %{info->}",
field: "nwparser.p1",
},
});
var dup169 = set_field({
dest: "nwparser.eventcategory",
value: constant("1704010000"),
});
var dup170 = set_field({
dest: "nwparser.protocol",
value: constant("UDP"),
});
var dup171 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401030000"),
});
var dup172 = set_field({
dest: "nwparser.event_description",
value: constant("login session failure"),
});
var dup173 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{result->}",
field: "nwparser.p1",
},
});
var dup174 = match({
id: "MESSAGE#971:713905/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}",
field: "nwparser.p1",
},
});
var dup175 = linear_select([
match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup176 = match({
id: "MESSAGE#974:713905:03/0",
dissect: {
tokenizer: "Username = %{p0->}",
field: "nwparser.payload",
},
});
var dup177 = set_field({
dest: "nwparser.event_description",
value: constant("Embyonic connection limit exceeded"),
});
var dup178 = set_field({
dest: "nwparser.ec_outcome",
value: constant("Unknown"),
});
var dup179 = match({
id: "MESSAGE#150:109025/0",
dissect: {
tokenizer: "Authorization denied (acl=%{listnum->}) for user %{p0->}",
field: "nwparser.payload",
},
});
var dup180 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803000000"),
});
var dup181 = match({
id: "MESSAGE#1172:722037/0",
dissect: {
tokenizer: "Group \u003c\u003c %{group->} > User %{p0->}",
field: "nwparser.payload",
},
});
var dup182 = linear_select([
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "'%{username->}' IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1172:722037/2",
dissect: {
tokenizer: "%{username->} IP \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup183 = match({
id: "MESSAGE#475:338005/0",
dissect: {
tokenizer: "Dynamic %{p0->}",
field: "nwparser.payload",
},
});
var dup184 = linear_select([
match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "F%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "f%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup185 = set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed"),
});
var dup186 = set_field({
dest: "nwparser.eventcategory",
value: constant("1608000000"),
});
var dup187 = linear_select([
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "\"%{username->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#736:605004/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup188 = constant("Login denied");
var dup189 = match({
id: "MESSAGE#1151:721016/0",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->} user %{p0->}",
field: "nwparser.payload",
},
});
var dup190 = linear_select([
match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "'%{username->}' , IP %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "%{username->} , IP %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup191 = set_field({
dest: "nwparser.result",
value: constant("Authorization denied"),
});
var dup192 = set_field({
dest: "nwparser.direction",
value: constant("inbound"),
});
var dup193 = set_field({
dest: "nwparser.event_description",
value: constant("build connection"),
});
var dup194 = set_field({
dest: "nwparser.direction",
value: constant("outbound"),
});
var dup195 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603050000"),
});
var dup196 = set_field({
dest: "nwparser.event_description",
value: constant("connection denied"),
});
var dup197 = linear_select([
match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{protocol->} for user '%{username->}' %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{protocol->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup198 = match({
id: "MESSAGE#104:106102:02/2",
dissect: {
tokenizer: "%{sinterface->}/%{p2->}",
field: "nwparser.p1",
},
});
var dup199 = linear_select([
match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{saddr->}(%{sport->}) -> %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{saddr->} %{sport->} %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup200 = match({
id: "MESSAGE#104:106102:02/4",
dissect: {
tokenizer: "%{dinterface->}/%{p4->}",
field: "nwparser.p3",
},
});
var dup201 = linear_select([
match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{daddr->}(%{dport->}) hit-cnt %{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{daddr->} %{dport->} hit-cnt %{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup202 = match({
id: "MESSAGE#104:106102:02/6",
dissect: {
tokenizer: "%{dclass_counter1->} %{info->}",
field: "nwparser.p5",
},
});
var dup203 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("HitCount"),
});
var dup204 = set_field({
dest: "nwparser.eventcategory",
value: constant("1801020000"),
});
var dup205 = set_field({
dest: "nwparser.result",
value: constant("Freeing local pool address"),
});
var dup206 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030305"),
});
var dup207 = set_field({
dest: "nwparser.eventcategory",
value: constant("1606000000"),
});
var dup208 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup209 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup210 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup211 = match({
id: "MESSAGE#1216:734003:01/0",
dissect: {
tokenizer: "%{process->}: User %{p0->}",
field: "nwparser.payload",
},
});
var dup212 = linear_select([
match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "'%{username->}' , Addr %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "%{username->} , Addr %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup213 = match({
id: "MESSAGE#474:338004/2",
dissect: {
tokenizer: "ilter %{p2->}",
field: "nwparser.p1",
},
});
var dup214 = linear_select([
match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "permitt%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "monitor%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup215 = linear_select([
match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "'%{username->}' Priv: %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "%{username->} Priv: %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup216 = match({
id: "MESSAGE#681:502102/2",
dissect: {
tokenizer: "%{fld1->} Encpass: %{fld2->}",
field: "nwparser.p1",
},
});
var dup217 = set_field({
dest: "nwparser.ec_theme",
value: constant("UserGroup"),
});
var dup218 = match({
id: "MESSAGE#706:602101/2",
dissect: {
tokenizer: "s%{p1->}",
field: "nwparser.p0",
},
});
var dup219 = match({
id: "MESSAGE#293:302013/0",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var dup220 = linear_select([
match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "%{stransport->})(%{domain->}\\%{fld3->})%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "%{stransport->}) %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup221 = match({
id: "MESSAGE#294:302013:01/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) %{p0->}",
field: "nwparser.payload",
},
});
var dup222 = linear_select([
match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "'%{username->}'%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "(%{username->})%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup223 = match({
id: "MESSAGE#294:302013:01/2",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p1",
},
});
var dup224 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{stransport->}) %{p1->}",
field: "nwparser.p0",
},
});
var dup225 = match({
id: "MESSAGE#299:302013:06/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->})(%{domain->}\\%{username->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup226 = match({
id: "MESSAGE#299:302013:06/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup227 = linear_select([
match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sinterface->}:%{fld2->}:%{saddr->}/%{p2->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{p2->}",
field: "nwparser.p1",
},
}),
]);
var dup228 = match({
id: "MESSAGE#299:302013:06/3",
dissect: {
tokenizer: "%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.p2",
},
});
var dup229 = set_field({
dest: "nwparser.eventcategory",
value: constant("1805010000"),
});
var dup230 = match({
id: "MESSAGE#484:338202/2",
dissect: {
tokenizer: "ilter %{p2->}",
field: "nwparser.p1",
},
});
var dup231 = set_field({
dest: "nwparser.event_description",
value: constant("IKE lost contact with remote peer deleting connection"),
});
var dup232 = set_field({
dest: "nwparser.event_description",
value: constant("IKE Initiator New/Rekeying Phase"),
});
var dup233 = set_field({
dest: "nwparser.result",
value: constant("Local pool request succeeded "),
});
var dup234 = set_field({
dest: "nwparser.event_description",
value: constant("Built translation"),
});
var dup235 = linear_select([
match({
id: "MESSAGE#726:603107/2",
dissect: {
tokenizer: ",%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup236 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "i%{p1->}",
field: "nwparser.p0",
},
});
var dup237 = linear_select([
match({
id: "MESSAGE#152:109027/3",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#152:109027/3",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p2",
},
}),
]);
var dup238 = linear_select([
match({
id: "MESSAGE#189:113012/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#189:113012/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup239 = set_field({
dest: "nwparser.eventcategory",
value: constant("1001030200"),
});
var dup240 = set_field({
dest: "nwparser.event_description",
value: constant("FTP connection terminated"),
});
var dup241 = match({
id: "MESSAGE#1031:715059/2",
dissect: {
tokenizer: "%{saddr->}, %{action->}",
field: "nwparser.p1",
},
});
var dup242 = linear_select([
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup243 = match({
id: "MESSAGE#855:713024/2",
dissect: {
tokenizer: "%{action->}:%{info->}",
field: "nwparser.p1",
},
});
var dup244 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613040200"),
});
var dup245 = set_field({
dest: "nwparser.event_description",
value: constant("Rekeying duration changed"),
});
var dup246 = match({
id: "MESSAGE#810:702204:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 retransmi%{p0->}",
field: "nwparser.payload",
},
});
var dup247 = linear_select([
match({
id: "MESSAGE#810:702204:01/2",
dissect: {
tokenizer: "ssion%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#810:702204:01/2",
dissect: {
tokenizer: "t%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup248 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 retransmission"),
});
var dup249 = match({
id: "MESSAGE#1187:725002/2",
dissect: {
tokenizer: "%{->} %{interface->}:%{p2->}",
field: "nwparser.p1",
},
});
var dup250 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050100"),
});
var dup251 = linear_select([
match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "static%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "xlate%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup252 = set_field({
dest: "nwparser.event_description",
value: constant("Login session failed"),
});
var dup253 = set_field({
dest: "nwparser.event_description",
value: constant("User Authentication failed"),
});
var dup254 = linear_select([
]);
var dup255 = match({
id: "MESSAGE#1198:725010/2",
dissect: {
tokenizer: ".%{->}",
field: "nwparser.p1",
},
});
var dup256 = set_field({
dest: "nwparser.eventcategory",
value: constant("1207010200"),
});
var dup257 = set_field({
dest: "nwparser.event_description",
value: constant("icmp packet denied"),
});
var dup258 = set_field({
dest: "nwparser.result",
value: constant("to/from mangement-only network"),
});
var dup259 = set_field({
dest: "nwparser.protocol",
value: constant("ICMP"),
});
var dup260 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var dup261 = set_field({
dest: "nwparser.event_description",
value: constant("packet denied"),
});
var dup262 = match({
id: "MESSAGE#174:111010/0",
dissect: {
tokenizer: "User %{p0->}",
field: "nwparser.payload",
},
});
var dup263 = set_field({
dest: "nwparser.eventcategory",
value: constant("1401040000"),
});
var dup264 = set_field({
dest: "nwparser.eventcategory",
value: constant("1605010000"),
});
var dup265 = linear_select([
match({
id: "MESSAGE#1243:737017/2",
dissect: {
tokenizer: "Session=%{sessionid->},%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup266 = linear_select([
match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "I%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "i%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup267 = linear_select([
match({
id: "MESSAGE#1163:722027/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > %{p2->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#1163:722027/3",
dissect: {
tokenizer: "%{saddr->} > %{p2->}",
field: "nwparser.p1",
},
}),
]);
var dup268 = linear_select([
match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "TCP %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "UDP %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup269 = set_field({
dest: "nwparser.event_description",
value: constant("Policy installed"),
});
var dup270 = linear_select([
match({
id: "MESSAGE#1161:722023/6",
dissect: {
tokenizer: "out%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup271 = set_field({
dest: "nwparser.event_description",
value: constant("request discarded"),
});
var dup272 = set_field({
dest: "nwparser.eventcategory",
value: constant("1610000000"),
});
var dup273 = linear_select([
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1001:715021/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup274 = linear_select([
match({
id: "MESSAGE#96:106027/1",
dissect: {
tokenizer: "\"%{rule_group->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#96:106027/1",
dissect: {
tokenizer: "%{rule_group->} ",
field: "nwparser.p0",
},
}),
]);
var dup275 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-group"),
});
var dup276 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{sport->}(%{domain->}\\%{username->}) dst %{p1->}",
field: "nwparser.p0",
},
});
var dup277 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{sport->} dst %{p1->}",
field: "nwparser.p0",
},
});
var dup278 = set_field({
dest: "nwparser.result",
value: constant("due to NAT reverse path failure"),
});
var dup279 = linear_select([
match({
id: "MESSAGE#552:401004/2",
dissect: {
tokenizer: "ned%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup280 = linear_select([
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#989:714011/2",
dissect: {
tokenizer: "IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup281 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "%{->} %{result->}",
field: "nwparser.p2",
},
});
var dup282 = match({
id: "MESSAGE#303:302014:02/1",
dissect: {
tokenizer: "(%{result->}) ",
field: "nwparser.p0",
},
});
var dup283 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{domain->}\\%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var dup284 = linear_select([
match({
id: "MESSAGE#304:302014:04/3",
dissect: {
tokenizer: "%{info->} (%{username->})",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#304:302014:04/3",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p2",
},
}),
]);
var dup285 = match({
id: "MESSAGE#307:302014:01/1",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p0",
},
});
var dup286 = set_field({
dest: "nwparser.event_description",
value: constant("NAT exemption configured"),
});
var dup287 = match({
id: "MESSAGE#824:702211:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 exchange complete%{p0->}",
field: "nwparser.payload",
},
});
var dup288 = match({
id: "MESSAGE#824:702211:01/2",
dissect: {
tokenizer: "%{->} %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var dup289 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange completed"),
});
var dup290 = match({
id: "MESSAGE#825:702211/2",
dissect: {
tokenizer: "%{->} %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var dup291 = set_field({
dest: "nwparser.event_description",
value: constant("authentication failed"),
});
var dup292 = set_field({
dest: "nwparser.eventcategory",
value: constant("1302000000"),
});
var dup293 = set_field({
dest: "nwparser.ec_subject",
value: constant("Certificate"),
});
var dup294 = set_field({
dest: "nwparser.event_description",
value: constant("connection dropped"),
});
var dup295 = set_field({
dest: "nwparser.event_description",
value: constant("teardown translation"),
});
var dup296 = linear_select([
match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{fld51->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup297 = linear_select([
match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{dinterface->}(%{fld52->}):%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{dinterface->}:%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup298 = match({
id: "MESSAGE#629:413003/2",
dissect: {
tokenizer: ".%{p1->}",
field: "nwparser.p0",
},
});
var dup299 = set_field({
dest: "nwparser.event_description",
value: constant("IPS request to drop packet"),
});
var dup300 = match({
id: "MESSAGE#860:713035/2",
dissect: {
tokenizer: "%{saddr->} , %{action->}:%{info->}",
field: "nwparser.p1",
},
});
var dup301 = constant("Routing failed to locate next-hop");
var dup302 = set_field({
dest: "nwparser.disposition",
value: constant("failed"),
});
var dup303 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup304 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p0",
},
});
var dup305 = linear_select([
match({
id: "MESSAGE#1021:715049:01/1",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
}),
match({
id: "MESSAGE#1021:715049:01/1",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
}),
]);
var dup306 = set_field({
dest: "nwparser.event_description",
value: constant("Teardown connection"),
});
var dup307 = match({
id: "MESSAGE#340:302026/0",
dissect: {
tokenizer: "Built %{p0->}",
field: "nwparser.payload",
},
});
var dup308 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "backup%{p1->}",
field: "nwparser.p0",
},
});
var dup309 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "director%{p1->}",
field: "nwparser.p0",
},
});
var dup310 = match({
id: "MESSAGE#340:302026/2",
dissect: {
tokenizer: "%{->}stub %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{fld1->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{fld2->})",
field: "nwparser.p1",
},
});
var dup311 = set_field({
dest: "nwparser.event_description",
value: constant("Built connection"),
});
var dup312 = match({
id: "MESSAGE#559:402116/0",
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{dst_spi->}, sequence number= %{fld2->}) from %{saddr->} %{p0->}",
field: "nwparser.payload",
},
});
var dup313 = linear_select([
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "(user=%{username->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "(%{username->}) to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "'%{username->}' to %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "%{username->} to %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup314 = match({
id: "MESSAGE#381:305011:01/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var dup315 = linear_select([
match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "'%{username->}' Type:%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "%{username->} Type:%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup316 = match({
id: "MESSAGE#684:502112/2",
dissect: {
tokenizer: "%{fld1->}",
field: "nwparser.p1",
},
});
var dup317 = set_field({
dest: "nwparser.result",
value: constant("User authentication succeeded"),
});
var dup318 = set_field({
dest: "nwparser.event_description",
value: constant("SSL server requesting certificate for authentication"),
});
var dup319 = call({
dest: "nwparser.bytes",
fn: CALC,
args: [
field("sbytes"),
constant("+"),
field("rbytes"),
],
});
var dup320 = set_field({
dest: "nwparser.ec_theme",
value: constant("TEV"),
});
var dup321 = match({
id: "MESSAGE#419:315011/0",
dissect: {
tokenizer: "SSH session from %{saddr->} on interface %{interface->} for user %{p0->}",
field: "nwparser.payload",
},
});
var dup322 = match({
id: "MESSAGE#622:411002/2",
dissect: {
tokenizer: "nterface %{interface->} %{p2->}",
field: "nwparser.p1",
},
});
var dup323 = linear_select([
match({
id: "MESSAGE#622:411002/3",
dissect: {
tokenizer: ", %{result->} ",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#622:411002/3",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p2",
},
}),
]);
var dup324 = set_field({
dest: "nwparser.eventcategory",
value: constant("1603030000"),
});
var dup325 = set_field({
dest: "nwparser.event_description",
value: constant("Denied IPv6-ICMP"),
});
var dup326 = set_field({
dest: "nwparser.eventcategory",
value: constant("1604010000"),
});
var dup327 = set_field({
dest: "nwparser.ec_activity",
value: constant("Read"),
});
var dup328 = set_field({
dest: "nwparser.event_description",
value: constant("Device chooses cipher for the SSL session"),
});
var dup329 = match({
id: "MESSAGE#870:713218/2",
dissect: {
tokenizer: "%{saddr->}, Tunnel Rejected: %{action->}",
field: "nwparser.p1",
},
});
var dup330 = set_field({
dest: "nwparser.result",
value: constant("Tunnel Rejected"),
});
var dup331 = set_field({
dest: "nwparser.eventcategory",
value: constant("1901000000"),
});
var dup332 = set_field({
dest: "nwparser.id",
value: field("p_msgid"),
});
var dup333 = set_field({
dest: "nwparser.msg_id",
value: field("p_msgid"),
});
var dup334 = set_field({
dest: "nwparser.vid",
value: field("p_msgid"),
});
var dup335 = set_field({
dest: "nwparser.event_description",
value: constant("IKEGetUserAttributes"),
});
var dup336 = set_field({
dest: "nwparser.event_description",
value: constant("Invalid destination"),
});
var dup337 = set_field({
dest: "nwparser.result",
value: constant("all servers failed"),
});
var dup338 = set_field({
dest: "nwparser.eventcategory",
value: constant("1607000000"),
});
var dup339 = match({
id: "MESSAGE#975:713906:01/0",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup340 = match({
id: "MESSAGE#975:713906:01/1",
dissect: {
tokenizer: "%{event_description->} Proxy Id:%{fld1->} Remote host: %{hostname->} Protocol %{protocol->} Port %{port->} Local subnet: %{fld2->} mask %{mask->} Protocol %{fld3->} Port %{fld4->} ",
field: "nwparser.p0",
},
});
var dup341 = match({
id: "MESSAGE#976:713906:03/0",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var dup342 = match({
id: "MESSAGE#977:713906/0",
dissect: {
tokenizer: "IP = %{saddr->},%{p0->}",
field: "nwparser.payload",
},
});
var dup343 = linear_select([
match({
id: "MESSAGE#191:113014/2",
dissect: {
tokenizer: "entic%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#191:113014/2",
dissect: {
tokenizer: "oriz%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup344 = match({
id: "MESSAGE#797:620001:01/2",
dissect: {
tokenizer: "C%{p1->}",
field: "nwparser.p0",
},
});
var dup345 = linear_select([
match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{saddr->} to %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup346 = match({
id: "MESSAGE#797:620001:01/4",
dissect: {
tokenizer: "%{dinterface->}: %{p4->}",
field: "nwparser.p3",
},
});
var dup347 = set_field({
dest: "nwparser.event_description",
value: constant("Pre-allocate connection"),
});
var dup348 = match({
id: "MESSAGE#325:302020/3",
dissect: {
tokenizer: "%{hostip->} laddr %{p2->}",
field: "nwparser.p1",
},
});
var dup349 = match({
id: "MESSAGE#326:302020:04/1",
dissect: {
tokenizer: "%{sport->} type %{icmptype->} code %{icmpcode->}",
field: "nwparser.p0",
},
});
var dup350 = match({
id: "MESSAGE#326:302020:04/1",
dissect: {
tokenizer: "%{sport->}",
field: "nwparser.p0",
},
});
var dup351 = set_field({
dest: "nwparser.eventcategory",
value: constant("1611000000"),
});
var dup352 = match({
id: "MESSAGE#1153:722001/0",
dissect: {
tokenizer: "IP %{p0->}",
field: "nwparser.payload",
},
});
var dup353 = linear_select([
match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{saddr->} %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup354 = match({
id: "MESSAGE#1153:722001/2",
dissect: {
tokenizer: "%{event_description->}.",
field: "nwparser.p1",
},
});
var dup355 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601010000"),
});
var dup356 = set_field({
dest: "nwparser.result",
value: constant("hardware accelerator error"),
});
var dup357 = match({
id: "MESSAGE#59:106002/0",
dissect: {
tokenizer: "%{protocol->} %{p0->}",
field: "nwparser.payload",
},
});
var dup358 = linear_select([
match({
id: "MESSAGE#59:106002/2",
dissect: {
tokenizer: "C%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#59:106002/2",
dissect: {
tokenizer: "c%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup359 = set_field({
dest: "nwparser.eventcategory",
value: constant("1803020000"),
});
var dup360 = match({
id: "MESSAGE#814:702206:01/0",
dissect: {
tokenizer: "ISAKMP malform%{p0->}",
field: "nwparser.payload",
},
});
var dup361 = set_field({
dest: "nwparser.event_description",
value: constant("malformed payload received"),
});
var dup362 = set_field({
dest: "nwparser.event_description",
value: constant("User executed command"),
});
var dup363 = set_field({
dest: "nwparser.event_description",
value: constant("Testing Interface"),
});
var dup364 = set_field({
dest: "nwparser.protocol",
value: constant("TCP"),
});
var dup365 = linear_select([
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#867:713050/2",
dissect: {
tokenizer: "%{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup366 = match({
id: "MESSAGE#346:303002:02/2",
dissect: {
tokenizer: "'%{username->}' %{p1->}",
field: "nwparser.p0",
},
});
var dup367 = match({
id: "MESSAGE#346:303002:02/2",
dissect: {
tokenizer: "%{username->} %{p1->}",
field: "nwparser.p0",
},
});
var dup368 = match({
id: "MESSAGE#489:338303/2",
dissect: {
tokenizer: ",%{p1->}",
field: "nwparser.p0",
},
});
var dup369 = linear_select([
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{hostip->}/%{fld4->} laddr %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{hostip->} laddr %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup370 = linear_select([
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{username->})",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} %{username->}",
field: "nwparser.p1",
},
}),
match({
id: "MESSAGE#331:302021/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
}),
]);
var dup371 = set_field({
dest: "nwparser.event_description",
value: constant("denied by access-list"),
});
var dup372 = set_field({
dest: "nwparser.event_description",
value: constant("Session terminated"),
});
var dup373 = linear_select([
match({
id: "MESSAGE#133:109012/2",
dissect: {
tokenizer: "'%{username->}' , sid %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#133:109012/2",
dissect: {
tokenizer: "%{username->} , sid %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup374 = match({
id: "MESSAGE#822:702210:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 exchange complete%{p0->}",
field: "nwparser.payload",
},
});
var dup375 = set_field({
dest: "nwparser.eventcategory",
value: constant("1701070000"),
});
var dup376 = set_field({
dest: "nwparser.ec_activity",
value: constant("Disable"),
});
var dup377 = match({
id: "MESSAGE#617:410001/0",
dissect: {
tokenizer: "Dropped UDP DNS re%{p0->}",
field: "nwparser.payload",
},
});
var dup378 = linear_select([
match({
id: "MESSAGE#617:410001/2",
dissect: {
tokenizer: "ply%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#617:410001/2",
dissect: {
tokenizer: "quest%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup379 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "packet%{p3->}",
field: "nwparser.p2",
},
});
var dup380 = match({
id: "MESSAGE#617:410001/4",
dissect: {
tokenizer: "label%{p3->}",
field: "nwparser.p2",
},
});
var dup381 = match({
id: "MESSAGE#617:410001/6",
dissect: {
tokenizer: "%{->}limit of %{fld2->} bytes",
field: "nwparser.p5",
},
});
var dup382 = set_field({
dest: "nwparser.event_description",
value: constant("Dropped DNS UDP packet - length exceeded"),
});
var dup383 = match({
id: "MESSAGE#185:113009/0",
dissect: {
tokenizer: "AAA retrieved default group policy %{p0->}",
field: "nwparser.payload",
},
});
var dup384 = linear_select([
match({
id: "MESSAGE#185:113009/4",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p3",
},
}),
match({
id: "MESSAGE#185:113009/4",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p3",
},
}),
]);
var dup385 = set_field({
dest: "nwparser.result",
value: constant("retrieved default group policy"),
});
var dup386 = match({
id: "MESSAGE#878:713075/3",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.p2",
},
});
var dup387 = linear_select([
match({
id: "MESSAGE#1008:715036:01/1",
dissect: {
tokenizer: "%{event_description->} (seq number %{fld1->}) ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1008:715036:01/1",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p0",
},
}),
]);
var dup388 = match({
id: "MESSAGE#957:713902/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup389 = match({
id: "MESSAGE#957:713902/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->} , %{p1->}",
field: "nwparser.p0",
},
});
var dup390 = linear_select([
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#958:713902:02/2",
dissect: {
tokenizer: "Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup391 = set_field({
dest: "nwparser.event_description",
value: constant("Embryonic limit exceeded"),
});
var dup392 = set_field({
dest: "nwparser.result",
value: constant("for through connections"),
});
var dup393 = set_field({
dest: "nwparser.event_description",
value: constant("duplicate packet detected"),
});
var dup394 = set_field({
dest: "nwparser.result",
value: constant("DHCP configured"),
});
var dup395 = set_field({
dest: "nwparser.event_description",
value: constant("Received an ICMP Destination Unreachable"),
});
var dup396 = set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Hitcount"),
});
var dup397 = match({
id: "MESSAGE#100:106100:01/0",
dissect: {
tokenizer: "access-list %{listnum->} %{p0->}",
field: "nwparser.payload",
},
});
var dup398 = linear_select([
match({
id: "MESSAGE#100:106100:01/2",
dissect: {
tokenizer: "est-allow%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#100:106100:01/2",
dissect: {
tokenizer: "permitt%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup399 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dport->})(%{fld7->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
});
var dup400 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dport->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
});
var dup401 = match({
id: "MESSAGE#100:106100:01/4",
dissect: {
tokenizer: "%{dclass_counter1->} %{fld6->}",
field: "nwparser.p3",
},
});
var dup402 = set_field({
dest: "nwparser.event_description",
value: constant("permitted"),
});
var dup403 = linear_select([
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->})(%{domain->}\\%{username->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->})(%{fld7->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#101:106100:02/4",
dissect: {
tokenizer: "%{dport->}) hit-cnt %{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup404 = match({
id: "MESSAGE#818:702208:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 exchange start%{p0->}",
field: "nwparser.payload",
},
});
var dup405 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 exchange started"),
});
var dup406 = set_field({
dest: "nwparser.eventcategory",
value: constant("1204000000"),
});
var dup407 = match({
id: "MESSAGE#735:605003/3",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p2",
},
});
var dup408 = match({
id: "MESSAGE#735:605003/3",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p2",
},
});
var dup409 = set_field({
dest: "nwparser.event_description",
value: constant("invalid IPSEC packet"),
});
var dup410 = set_field({
dest: "nwparser.eventcategory",
value: constant("1601020000"),
});
var dup411 = match({
id: "MESSAGE#156:109033:01/0",
dissect: {
tokenizer: "Authentication failed for admin user %{p0->}",
field: "nwparser.payload",
},
});
var dup412 = set_field({
dest: "nwparser.event_description",
value: constant("Authentication Failed"),
});
var dup413 = set_field({
dest: "nwparser.result",
value: constant("Interactive challenge processing not supported"),
});
var dup414 = match({
id: "MESSAGE#181:113005:01/0",
dissect: {
tokenizer: "AAA user auth%{p0->}",
field: "nwparser.payload",
},
});
var dup415 = match({
id: "MESSAGE#181:113005:01/2",
dissect: {
tokenizer: "ation Rejected : reason = %{result->} : server = %{p2->}",
field: "nwparser.p1",
},
});
var dup416 = linear_select([
match({
id: "MESSAGE#181:113005:01/4",
dissect: {
tokenizer: "%{hostip->} :%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#181:113005:01/4",
dissect: {
tokenizer: "%{hostip->},%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup417 = linear_select([
match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "U%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "u%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup418 = match({
id: "MESSAGE#181:113005:01/6",
dissect: {
tokenizer: "ser = %{p6->}",
field: "nwparser.p5",
},
});
var dup419 = set_field({
dest: "nwparser.event_description",
value: constant("user authentication rejected"),
});
var dup420 = set_field({
dest: "nwparser.eventcategory",
value: constant("1602000000"),
});
var dup421 = set_field({
dest: "nwparser.event_description",
value: constant("Client allowed"),
});
var dup422 = match({
id: "MESSAGE#211:199009/3",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p2",
},
});
var dup423 = set_field({
dest: "nwparser.event_description",
value: constant("Translation denied"),
});
var dup424 = set_field({
dest: "nwparser.result",
value: constant("Unable to get address from group-policy or tunnel-group"),
});
var dup425 = linear_select([
match({
id: "MESSAGE#727:603108/2",
dissect: {
tokenizer: "T%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#727:603108/2",
dissect: {
tokenizer: "t%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup426 = linear_select([
match({
id: "MESSAGE#740:606001/2",
dissect: {
tokenizer: "P%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#740:606001/2",
dissect: {
tokenizer: "AS%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup427 = match({
id: "MESSAGE#812:702205:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 retransmi%{p0->}",
field: "nwparser.payload",
},
});
var dup428 = set_field({
dest: "nwparser.event_description",
value: constant("deleting static route for address"),
});
var dup429 = linear_select([
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "\u003c\u003c%{username->}> ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "\"%{username->}\" ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#738:605005/1",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p0",
},
}),
]);
var dup430 = set_field({
dest: "nwparser.dport",
value: constant("23"),
});
var dup431 = set_field({
dest: "nwparser.sport",
value: constant("0"),
});
var dup432 = set_field({
dest: "nwparser.event_description",
value: constant("Denied login session"),
});
var dup433 = constant("Tunnel Rejected");
var dup434 = set_field({
dest: "nwparser.event_description",
value: constant("assigned to session"),
});
var dup435 = match({
id: "MESSAGE#820:702209:01/0",
dissect: {
tokenizer: "ISAKMP Phase 2 exchange start%{p0->}",
field: "nwparser.payload",
},
});
var dup436 = match({
id: "MESSAGE#714:602203:01/0",
dissect: {
tokenizer: "ISAKMP session disconnect%{p0->}",
field: "nwparser.payload",
},
});
var dup437 = set_field({
dest: "nwparser.event_description",
value: constant("ISAKMP session disconnected"),
});
var dup438 = match({
id: "MESSAGE#1176:722049/3",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p2",
},
});
var dup439 = linear_select([
match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "quest%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "sponse%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup440 = match({
id: "MESSAGE#116:108004:01/2",
dissect: {
tokenizer: "%{->}from %{sinterface->}: %{p2->}",
field: "nwparser.p1",
},
});
var dup441 = linear_select([
match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{daddr->}/%{dport->} ;%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{daddr->} ;%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup442 = match({
id: "MESSAGE#116:108004:01/6",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p5",
},
});
var dup443 = linear_select([
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "backup%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "director%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#338:302024/2",
dissect: {
tokenizer: "forwarder%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup444 = set_field({
dest: "nwparser.event_description",
value: constant("SVC connection established"),
});
var dup445 = match({
id: "MESSAGE#826:702212:01/0",
dissect: {
tokenizer: "ISAKMP Phase 1 initiat%{p0->}",
field: "nwparser.payload",
},
});
var dup446 = linear_select([
match({
id: "MESSAGE#826:702212:01/2",
dissect: {
tokenizer: "ing%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#826:702212:01/2",
dissect: {
tokenizer: "e%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup447 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 initiating rekey"),
});
var dup448 = match({
id: "MESSAGE#866:713049/4",
dissect: {
tokenizer: "User%{p3->}",
field: "nwparser.p2",
},
});
var dup449 = set_field({
dest: "nwparser.event_description",
value: constant("Phase 1 delete sent"),
});
var dup450 = linear_select([
match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "addr%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "oreign_address%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup451 = match({
id: "MESSAGE#288:302009:01/2",
dissect: {
tokenizer: "%{->} %{saddr->}/%{sport->} g%{p2->}",
field: "nwparser.p1",
},
});
var dup452 = linear_select([
match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "lobal_address%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup453 = match({
id: "MESSAGE#288:302009:01/4",
dissect: {
tokenizer: "%{->} %{hostip->}/%{network_port->} l%{p4->}",
field: "nwparser.p3",
},
});
var dup454 = linear_select([
match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "addr%{p5->}",
field: "nwparser.p4",
},
}),
match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "ocal_address%{p5->}",
field: "nwparser.p4",
},
}),
]);
var dup455 = match({
id: "MESSAGE#288:302009:01/6",
dissect: {
tokenizer: "%{->} %{daddr->}/%{dport->}",
field: "nwparser.p5",
},
});
var dup456 = set_field({
dest: "nwparser.event_description",
value: constant("Rebuilt connection"),
});
var dup457 = match({
id: "MESSAGE#278:302004/2",
dissect: {
tokenizer: "allocate %{network_service->} %{protocol->} backconnection for f%{p2->}",
field: "nwparser.p1",
},
});
var dup458 = linear_select([
match({
id: "MESSAGE#278:302004/4",
dissect: {
tokenizer: "addr%{p3->}",
field: "nwparser.p2",
},
}),
match({
id: "MESSAGE#278:302004/4",
dissect: {
tokenizer: "oreign_address%{p3->}",
field: "nwparser.p2",
},
}),
]);
var dup459 = set_field({
dest: "nwparser.eventcategory",
value: constant("1613050200"),
});
var dup460 = set_field({
dest: "nwparser.event_description",
value: constant("Device failed SSL handshake"),
});
var dup461 = set_field({
dest: "nwparser.event_description",
value: constant("Connection Redirected via Load Balancing"),
});
var dup462 = match({
id: "MESSAGE#808:702203:01/0",
dissect: {
tokenizer: "ISAKMP DPD time%{p0->}",
field: "nwparser.payload",
},
});
var dup463 = set_field({
dest: "nwparser.event_description",
value: constant("DPD timed out"),
});
var dup464 = set_field({
dest: "nwparser.event_description",
value: constant("Monitoring on interface"),
});
var dup465 = match({
id: "MESSAGE#1284:713171/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup466 = match({
id: "MESSAGE#1284:713171/2",
dissect: {
tokenizer: "%{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup467 = set_field({
dest: "nwparser.event_description",
value: constant("Address assignment failed"),
});
var dup468 = match({
id: "MESSAGE#991:715001/1",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p0",
},
});
var dup469 = match({
id: "MESSAGE#1185:725001:01/0",
dissect: {
tokenizer: "Starting SSL handshake with %{p0->}",
field: "nwparser.payload",
},
});
var dup470 = linear_select([
match({
id: "MESSAGE#1185:725001:01/2",
dissect: {
tokenizer: "client%{p1->}",
field: "nwparser.p0",
},
}),
match({
id: "MESSAGE#1185:725001:01/2",
dissect: {
tokenizer: "server%{p1->}",
field: "nwparser.p0",
},
}),
]);
var dup471 = set_field({
dest: "nwparser.event_description",
value: constant("Starting SSL handshake"),
});
var dup472 = match({
id: "MESSAGE#951:713259/2",
dissect: {
tokenizer: "%{saddr->}, Session is being torn down. Reason: %{result->}",
field: "nwparser.p1",
},
});
var dup473 = set_field({
dest: "nwparser.event_description",
value: constant("Session is being torn down"),
});
var dup474 = set_field({
dest: "nwparser.context",
value: constant("Content type not found"),
});
var dup475 = match({
id: "MESSAGE#886:713120/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}' , IP = %{p1->}",
field: "nwparser.p0",
},
});
var dup476 = constant("INSIDE");
var dup477 = constant("OUTSIDE");
var hdr1 = match({
id: "HEADER#0:0001",
dissect: {
tokenizer: "%ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr2 = match({
id: "HEADER#1:0033",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{hostip->} : %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr3 = match({
id: "HEADER#2:0002",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{hhost->}: %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr4 = match({
id: "HEADER#3:0003/0",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{p0->}",
field: "message",
},
});
var msg1 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{hhour->}:%{hmin->}:%{hsec->}: %ASA-%{p1->}",
field: "nwparser.p0",
},
});
var msg2 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{hhour->}:%{hmin->}:%{hsec->} %ASA-%{p1->}",
field: "nwparser.p0",
},
});
var select1 = linear_select([
msg1,
msg2,
]);
var msg3 = match({
id: "HEADER#3:0003/2",
dissect: {
tokenizer: "%{level->}-%{messageid->}: %{payload->}",
field: "nwparser.p1",
},
});
var all1 = all_match({
processors: [
hdr4,
select1,
msg3,
],
});
var hdr5 = match({
id: "HEADER#4:0012",
dissect: {
tokenizer: "%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{hostip->} %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr6 = match({
id: "HEADER#5:0004",
dissect: {
tokenizer: "%{paddr->} %ASA-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr7 = match({
id: "HEADER#6:0010",
dissect: {
tokenizer: ":%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{timezone->}: %ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr8 = match({
id: "HEADER#7:0014",
dissect: {
tokenizer: "%{month->} %{day->} %{hhour->}:%{hmin->}:%{hsec->} %{timezone->}: %ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr9 = match({
id: "HEADER#8:0011",
dissect: {
tokenizer: "%ASA-%{hfld1->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr10 = match({
id: "HEADER#9:0005",
dissect: {
tokenizer: "%ASA-%{level->}-%{messageid->} %{payload->}",
field: "message",
},
});
var hdr11 = match({
id: "HEADER#10:0006",
dissect: {
tokenizer: "%FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr12 = match({
id: "HEADER#11:0007",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %{paddr->} : %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr13 = match({
id: "HEADER#12:0008",
dissect: {
tokenizer: "%{month->} %{day->} %{year->} %{hhour->}:%{hmin->}:%{hsec->} %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr14 = match({
id: "HEADER#13:0009",
dissect: {
tokenizer: "%{paddr->} %FWSM-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr15 = match({
id: "HEADER#14:0013",
dissect: {
tokenizer: ":%ASA-%{group->}-%{level->}-%{messageid->}: %{payload->}",
field: "message",
},
});
var hdr16 = match({
id: "HEADER#15:9999",
dissect: {
tokenizer: "%ASA-%{payload->}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var hdr17 = match({
id: "HEADER#16:9998",
dissect: {
tokenizer: "%{fld->}%ASA-%{payload->}",
field: "message",
},
on_success: processor_chain([
dup0,
]),
});
var select2 = linear_select([
hdr1,
hdr2,
hdr3,
all1,
hdr5,
hdr6,
hdr7,
hdr8,
hdr9,
hdr10,
hdr11,
hdr12,
hdr13,
hdr14,
hdr15,
hdr16,
hdr17,
]);
var msg4 = match({
id: "MESSAGE#17:103005",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
set_field({
dest: "nwparser.msg_id1",
value: constant("103005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg5 = match({
id: "MESSAGE#936:713222",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Static Crypto Map check, map = %{fld1->}, seq = %{fld2->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("713222"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup8,
]),
});
var msg6 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, Username = '%{username->}', IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var msg7 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var msg8 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Pitcher: %{p1->}",
field: "nwparser.p0",
},
});
var select3 = linear_select([
msg6,
msg7,
msg8,
]);
var msg9 = match({
id: "MESSAGE#1042:715077/2",
dissect: {
tokenizer: "%{action->}, spi %{dst_spi->}",
field: "nwparser.p1",
},
});
var all2 = all_match({
processors: [
dup9,
select3,
msg9,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715077"),
}),
dup7,
dup11,
dup12,
dup13,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg10 = match({
id: "MESSAGE#1043:715077:01/0",
dissect: {
tokenizer: "Pitcher: %{result->} %{p0->}",
field: "nwparser.payload",
},
});
var msg11 = match({
id: "MESSAGE#1043:715077:01/2",
dissect: {
tokenizer: ", %{p1->}",
field: "nwparser.p0",
},
});
var select4 = linear_select([
msg11,
]);
var msg12 = match({
id: "MESSAGE#1043:715077:01/2",
dissect: {
tokenizer: "spi %{dst_spi->}",
field: "nwparser.p1",
},
});
var all3 = all_match({
processors: [
msg10,
select4,
msg12,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715077:01"),
}),
dup7,
dup11,
dup12,
dup13,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var select5 = linear_select([
all2,
all3,
]);
var msg13 = match({
id: "MESSAGE#192:113015/0",
dissect: {
tokenizer: "%{action->} : reason = %{result->} : local database : user = %{p0->}",
field: "nwparser.payload",
},
});
var msg14 = match({
id: "MESSAGE#192:113015/1",
dissect: {
tokenizer: "%{username->} : user IP = %{saddr->}",
field: "nwparser.p0",
},
});
var select6 = linear_select([
msg14,
dup15,
]);
var all4 = all_match({
processors: [
msg13,
select6,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("113015"),
}),
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg15 = match({
id: "MESSAGE#241:210001",
dissect: {
tokenizer: "LU SMNAME error = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("210001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg16 = match({
id: "MESSAGE#360:304008/0",
dissect: {
tokenizer: "%{->}L%{p0->}",
field: "nwparser.payload",
},
});
var msg17 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "EAVING%{p1->}",
field: "nwparser.p0",
},
});
var msg18 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "eaving%{p1->}",
field: "nwparser.p0",
},
});
var select7 = linear_select([
msg17,
msg18,
]);
var msg19 = match({
id: "MESSAGE#360:304008/2",
dissect: {
tokenizer: "%{->}ALLOW mode, URL Server",
field: "nwparser.p1",
},
});
var all5 = all_match({
processors: [
msg16,
select7,
msg19,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("304008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg20 = match({
id: "MESSAGE#362:305001",
dissect: {
tokenizer: "Portmapped translation built for gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Portmapped translation built"),
}),
]),
});
var msg21 = match({
id: "MESSAGE#1278:752004",
dissect: {
tokenizer: "Tunnel Manager dispatching a %{fld3->} message to IKEv1. Map Tag = %{fld1->}. Map Sequence Number = %{fld2->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg22 = match({
id: "MESSAGE#872:713066/2",
dissect: {
tokenizer: "%{saddr->}, IKE Remote Peer configured for crypto map: %{fld1->}",
field: "nwparser.p1",
},
});
var all6 = all_match({
processors: [
dup22,
dup23,
msg22,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713066"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg23 = match({
id: "MESSAGE#873:713066:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE Remote Peer configured for crypto map: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713066:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select8 = linear_select([
all6,
msg23,
]);
var msg24 = match({
id: "MESSAGE#1294:769004",
dissect: {
tokenizer: "UPDATE: ASA image checksum error copying '%{filename->}' to '%{fld22->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("769004"),
}),
dup14,
dup2,
dup25,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("image checksum error"),
}),
]),
});
var msg25 = match({
id: "MESSAGE#498:400001",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400001"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all7 = all_match({
processors: [
dup31,
dup32,
dup33,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("602304"),
}),
dup7,
dup2,
dup35,
dup4,
dup5,
]),
});
var msg26 = match({
id: "MESSAGE#743:606004",
dissect: {
tokenizer: "ASDM logging session number %{sessionid->} from %{hostip->} ended",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("606004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg27 = match({
id: "MESSAGE#839:709006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709006"),
}),
dup38,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg28 = match({
id: "MESSAGE#792:617001",
dissect: {
tokenizer: "GTPv version %{fld1->} from %{sinterface->}:%{saddr->}/%{sport->} not accepted by %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("617001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("GTP version not accepted"),
}),
dup4,
dup5,
]),
});
var msg29 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}', IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var msg30 = match({
id: "MESSAGE#921:713194/2",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, %{p1->}",
field: "nwparser.p0",
},
});
var select9 = linear_select([
msg29,
msg30,
dup45,
dup46,
]);
var all8 = all_match({
processors: [
dup44,
select9,
dup33,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713194"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all9 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715048"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg31 = match({
id: "MESSAGE#3:101004",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg32 = match({
id: "MESSAGE#225:201009",
dissect: {
tokenizer: "TCP connection limit of %{dclass_counter1->} for host %{hostip->} on %{interface->} exceeded",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201009"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("Number of connections"),
}),
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("TCP connection limit exceeded"),
}),
]),
});
var msg33 = match({
id: "MESSAGE#610:409008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("409008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg34 = match({
id: "MESSAGE#779:611323",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("611323"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg35 = match({
id: "MESSAGE#542:400045",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400045"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg36 = match({
id: "MESSAGE#1250:737031/2",
dissect: {
tokenizer: "Removed%{hostip->} from standby",
field: "nwparser.p1",
},
});
var all10 = all_match({
processors: [
dup53,
dup54,
msg36,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737031"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Removed host from standby"),
}),
]),
});
var msg37 = match({
id: "MESSAGE#561:402118",
dissect: {
tokenizer: "IPSEC: Received an ESP packet (SPI= %{protocol->}, sequence number=%{fld1->}) from %{saddr->} (user=%{username->}) to %{daddr->} containing an illegal IP fragment of length %{dclass_counter1->} with offset %{dclass_counter2->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402118"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("illegal IP fragment on IPSEC packet"),
}),
dup56,
]),
});
var msg38 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "%{product->} Module in slot %{fld1->}, application up \"%{p0->}",
field: "nwparser.payload",
},
});
var msg39 = match({
id: "MESSAGE#700:505015/1",
dissect: {
tokenizer: "Module ips, application up \"%{p0->}",
field: "nwparser.payload",
},
});
var select10 = linear_select([
msg38,
msg39,
]);
var all11 = all_match({
processors: [
select10,
dup57,
],
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("505015"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg40 = match({
id: "MESSAGE#774:611318",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("611318"),
}),
dup7,
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg41 = match({
id: "MESSAGE#1227:737001/2",
dissect: {
tokenizer: "Received message '%{info->}'",
field: "nwparser.p1",
},
});
var all12 = all_match({
processors: [
dup53,
dup54,
msg41,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737001"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Received message"),
}),
dup4,
dup5,
]),
});
var msg42 = match({
id: "MESSAGE#729:604101",
dissect: {
tokenizer: "DHCP client interface %{interface->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg43 = match({
id: "MESSAGE#128:109007/0",
dissect: {
tokenizer: "Authorization permitted for user %{p0->}",
field: "nwparser.payload",
},
});
var all13 = all_match({
processors: [
msg43,
dup61,
dup62,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("109007"),
}),
dup17,
dup64,
dup65,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Successful Authorization"),
}),
]),
});
var msg44 = match({
id: "MESSAGE#160:110002",
dissect: {
tokenizer: "No ARP for host %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("No ARP for host"),
}),
]),
});
var msg45 = match({
id: "MESSAGE#161:110002:01",
dissect: {
tokenizer: "Failed to locate egress interface for %{protocol->} from %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Failed to locate egress interface"),
}),
]),
});
var select11 = linear_select([
msg44,
msg45,
]);
var msg46 = match({
id: "MESSAGE#351:304001/2",
dissect: {
tokenizer: "%{saddr->} Accessed %{p2->}",
field: "nwparser.p1",
},
});
var msg47 = match({
id: "MESSAGE#351:304001/4",
dissect: {
tokenizer: "JAVA %{p3->}",
field: "nwparser.p2",
},
});
var select12 = linear_select([
msg47,
]);
var msg48 = match({
id: "MESSAGE#351:304001/4",
dissect: {
tokenizer: "URL %{daddr->}: %{url->}",
field: "nwparser.p3",
},
});
var all14 = all_match({
processors: [
dup44,
dup66,
msg46,
select12,
msg48,
],
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("304001"),
}),
dup2,
dup3,
dup4,
dup5,
dup68,
dup69,
dup70,
dup71,
dup72,
dup73,
]),
});
var msg49 = match({
id: "MESSAGE#352:304001:01/0",
dissect: {
tokenizer: "%{saddr->} Accessed %{p0->}",
field: "nwparser.payload",
},
});
var msg50 = match({
id: "MESSAGE#352:304001:01/2",
dissect: {
tokenizer: "JAVA %{p1->}",
field: "nwparser.p0",
},
});
var select13 = linear_select([
msg50,
]);
var msg51 = match({
id: "MESSAGE#352:304001:01/2",
dissect: {
tokenizer: "URL %{daddr->}: %{url->}",
field: "nwparser.p1",
},
});
var all15 = all_match({
processors: [
msg49,
select13,
msg51,
],
on_success: processor_chain([
dup67,
set_field({
dest: "nwparser.msg_id1",
value: constant("304001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup68,
dup69,
dup70,
dup71,
dup72,
dup73,
]),
});
var select14 = linear_select([
all14,
all15,
]);
var msg52 = match({
id: "MESSAGE#545:400048",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400048"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg53 = match({
id: "MESSAGE#256:212003",
dissect: {
tokenizer: "Unable to receive an %{protocol->} request on interface %{interface->}, error code = %{resultcode->}, will try again.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg54 = match({
id: "MESSAGE#589:405002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("405002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg55 = match({
id: "MESSAGE#1046:716002/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} session terminated: %{result->}",
field: "nwparser.p1",
},
});
var all16 = all_match({
processors: [
dup77,
dup78,
msg55,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("716002"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session terminated"),
}),
]),
});
var msg56 = match({
id: "MESSAGE#703:507002",
dissect: {
tokenizer: "Moving connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} to non-proxy mode - %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("507002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Moving connection"),
}),
]),
});
var all17 = all_match({
processors: [
dup79,
dup80,
dup81,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("715006"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg57 = match({
id: "MESSAGE#993:715006:01",
dissect: {
tokenizer: "IKE got SPI from key engine: SPI = %{dst_spi->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715006:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got SPI from key engine"),
}),
]),
});
var select15 = linear_select([
all17,
msg57,
]);
var msg58 = match({
id: "MESSAGE#1064:717003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("717003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg59 = match({
id: "MESSAGE#1086:717055",
dissect: {
tokenizer: "The \u003c\u003c%{fld1->}> certificate in the trustpoint \u003c\u003c%{cert_hostname->}> has expired. Expiration \u003c\u003c%{fld2->}> Subject Name \u003c\u003c%{cert_subject->}> Issuer Name \u003c\u003c%{dn->}> Serial Number \u003c\u003c%{serial_number->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717055"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("The certificate in the trustpoint has expired."),
}),
]),
});
var msg60 = match({
id: "MESSAGE#146:109022",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("109022"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg61 = match({
id: "MESSAGE#413:315001",
dissect: {
tokenizer: "Denied SSH session from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Denied session"),
}),
]),
});
var msg62 = match({
id: "MESSAGE#530:400033",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("400033"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg63 = match({
id: "MESSAGE#532:400035",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400035"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg64 = match({
id: "MESSAGE#1119:720021",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720021"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg65 = match({
id: "MESSAGE#197:113020",
dissect: {
tokenizer: "Kerberos error : Clock skew with server %{hostip->} greater than 300 seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("113020"),
}),
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Kerberos error"),
}),
]),
});
var msg66 = match({
id: "MESSAGE#804:702201:01/2",
dissect: {
tokenizer: "%{->}received (local %{saddr->} (initiator), remote %{daddr->})",
field: "nwparser.p1",
},
});
var all18 = all_match({
processors: [
dup88,
dup89,
msg66,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702201:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup90,
]),
});
var msg67 = match({
id: "MESSAGE#805:702201/2",
dissect: {
tokenizer: "%{->}received (local %{daddr->} (responder), remote %{saddr->})",
field: "nwparser.p1",
},
});
var all19 = all_match({
processors: [
dup88,
dup89,
msg67,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702201"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup90,
]),
});
var select16 = linear_select([
all18,
all19,
]);
var msg68 = match({
id: "MESSAGE#913:713167/2",
dissect: {
tokenizer: "%{saddr->}, Remote peer has failed user authentication - %{info->}",
field: "nwparser.p1",
},
});
var all20 = all_match({
processors: [
dup22,
dup23,
msg68,
],
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("713167"),
}),
dup7,
dup17,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup91,
]),
});
var msg69 = match({
id: "MESSAGE#914:713167:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Remote peer has failed user authentication - %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("713167:01"),
}),
dup7,
dup17,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup91,
]),
});
var select17 = linear_select([
all20,
msg69,
]);
var msg70 = match({
id: "MESSAGE#1196:725009:01/0",
dissect: {
tokenizer: "Device proposes the following %{dclass_counter1->} cipher(s) to %{p0->}",
field: "nwparser.payload",
},
});
var msg71 = match({
id: "MESSAGE#1196:725009:01/2",
dissect: {
tokenizer: "%{->} %{interface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all21 = all_match({
processors: [
msg70,
dup92,
msg71,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725009:01"),
}),
dup2,
dup3,
dup4,
dup5,
dup93,
set_field({
dest: "nwparser.dclass_counter1_string",
value: constant("The number of supported ciphers"),
}),
]),
});
var msg72 = match({
id: "MESSAGE#1197:725009",
dissect: {
tokenizer: "Device proposes %{fld1->} cipher(s) to server %{interface->}:%{hostip->}/%{network_port->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725009"),
}),
dup2,
dup3,
dup4,
dup5,
dup93,
]),
});
var select18 = linear_select([
all21,
msg72,
]);
var msg73 = match({
id: "MESSAGE#602:408002/0",
dissect: {
tokenizer: "ospf %{p0->}",
field: "nwparser.payload",
},
});
var msg74 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "E1%{p1->}",
field: "nwparser.p0",
},
});
var msg75 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "E2%{p1->}",
field: "nwparser.p0",
},
});
var msg76 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "IA%{p1->}",
field: "nwparser.p0",
},
});
var select19 = linear_select([
msg74,
msg75,
msg76,
]);
var msg77 = match({
id: "MESSAGE#602:408002/2",
dissect: {
tokenizer: "%{->}update %{stransaddr->} %{fld1->} [%{fld2->}] via %{daddr->}:%{host->} overriding conflict with %{dtransaddr->} %{fld3->} [%{fld4->}] %{interface->}",
field: "nwparser.p1",
},
});
var all22 = all_match({
processors: [
msg73,
select19,
msg77,
],
on_success: processor_chain([
dup94,
set_field({
dest: "nwparser.msg_id1",
value: constant("408002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Ospf IA update conflict"),
}),
]),
});
var msg78 = match({
id: "MESSAGE#685:503001",
dissect: {
tokenizer: "Process %{fld1->}, Nbr %{hostip->} on %{interface->} from %{fld2->} to %{fld3->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup95,
set_field({
dest: "nwparser.msg_id1",
value: constant("503001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg79 = match({
id: "MESSAGE#756:611104",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("611104"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg80 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "'%{listnum->}' has parsing error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var msg81 = match({
id: "MESSAGE#143:109019/2",
dissect: {
tokenizer: "%{listnum->} has parsing error; ACE %{p1->}",
field: "nwparser.p0",
},
});
var select20 = linear_select([
msg80,
msg81,
]);
var all23 = all_match({
processors: [
dup96,
select20,
dup97,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109019"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("ACL has parsing error"),
}),
]),
});
var msg82 = match({
id: "MESSAGE#149:109024",
dissect: {
tokenizer: "Authorization denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} (%{result->}) on interface %{interface->} using %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup98,
set_field({
dest: "nwparser.msg_id1",
value: constant("109024"),
}),
dup65,
dup99,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg83 = match({
id: "MESSAGE#427:317005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("317005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg84 = match({
id: "MESSAGE#597:450001",
dissect: {
tokenizer: "Deny traffic for protocol %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}, licensed host limit of %{fld1->} exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup101,
set_field({
dest: "nwparser.msg_id1",
value: constant("450001"),
}),
dup43,
dup99,
dup102,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg85 = match({
id: "MESSAGE#568:402127/0",
dissect: {
tokenizer: "CRYPTO: The ASA is skipping the writing of latest Crypto Archive File as the maximum # of files (%{fld2->}) allowed have been written to %{p0->}",
field: "nwparser.payload",
},
});
var msg86 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "\u003c\u003c%{filename->}> . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var msg87 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "'%{filename->}' . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var msg88 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "%{filename->} . Please archive \u0026 remove files from %{p1->}",
field: "nwparser.p0",
},
});
var select21 = linear_select([
msg86,
msg87,
msg88,
]);
var msg89 = match({
id: "MESSAGE#568:402127/2",
dissect: {
tokenizer: "%{fld3->} if you want more Crypto Archive Files saved",
field: "nwparser.p1",
},
});
var all24 = all_match({
processors: [
msg85,
select21,
msg89,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402127"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Latest Crypto File not written"),
}),
]),
});
var msg90 = match({
id: "MESSAGE#232:202004",
dissect: {
tokenizer: "Could not build portmap translation for %{saddr->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("202004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg91 = match({
id: "MESSAGE#257:212004",
dissect: {
tokenizer: "Unable to send an %{protocol->} response to IP Address %{daddr->} Port %{dport->} interface %{interface->}, error code = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg92 = match({
id: "MESSAGE#400:309004",
dissect: {
tokenizer: "Manager session limit exceeded. Connection request from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("309004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Manager session limit exceeded"),
}),
]),
});
var msg93 = match({
id: "MESSAGE#418:315005",
dissect: {
tokenizer: "SSH session limit exceeded.%{space->}Connection request from %{saddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315005"),
}),
dup2,
dup3,
dup4,
dup5,
dup103,
]),
});
var msg94 = match({
id: "MESSAGE#170:111006/0",
dissect: {
tokenizer: "Console Login from %{p0->}",
field: "nwparser.payload",
},
});
var msg95 = match({
id: "MESSAGE#170:111006/2",
dissect: {
tokenizer: "%{saddr->}",
field: "nwparser.p1",
},
});
var all25 = all_match({
processors: [
msg94,
dup104,
msg95,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("111006"),
}),
dup17,
dup106,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg96 = match({
id: "MESSAGE#176:112001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("112001"),
}),
dup38,
dup108,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg97 = match({
id: "MESSAGE#835:709002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("709002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg98 = match({
id: "MESSAGE#1283:715071",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715071"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg99 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: "%{hostip->} is attacking%{p1->}",
field: "nwparser.p0",
},
});
var msg100 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: "%{hostip->} is targeted%{p1->}",
field: "nwparser.p0",
},
});
var select22 = linear_select([
msg99,
msg100,
]);
var msg101 = match({
id: "MESSAGE#1211:733101/2",
dissect: {
tokenizer: ". %{info->}",
field: "nwparser.p1",
},
});
var all26 = all_match({
processors: [
dup44,
select22,
msg101,
],
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("733101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg102 = match({
id: "MESSAGE#253:211003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("211003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg103 = match({
id: "MESSAGE#367:305005",
dissect: {
tokenizer: "No translation group found for %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005"),
}),
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var msg104 = match({
id: "MESSAGE#368:305005:01",
dissect: {
tokenizer: "No translation group found for icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
dup111,
]),
});
var msg105 = match({
id: "MESSAGE#369:305005:02",
dissect: {
tokenizer: "No translation group found for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var msg106 = match({
id: "MESSAGE#370:305005:03",
dissect: {
tokenizer: "No translation group found for protocol %{protocol->} src %{saddr->} dst %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("305005:03"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup110,
]),
});
var select23 = linear_select([
msg103,
msg104,
msg105,
msg106,
]);
var msg107 = match({
id: "MESSAGE#465:332003",
dissect: {
tokenizer: "Web Cache %{saddr->}/%{shost->} acquired",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("332003"),
}),
dup2,
dup3,
dup4,
dup5,
dup112,
]),
});
var msg108 = match({
id: "MESSAGE#506:400009",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400009"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg109 = match({
id: "MESSAGE#291:302012/2",
dissect: {
tokenizer: "allocate %{network_service->} Call Signalling Connection for faddr %{saddr->}/%{sport->} to laddr %{daddr->}",
field: "nwparser.p1",
},
});
var all27 = all_match({
processors: [
dup114,
dup115,
msg109,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302012"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup116,
]),
});
var msg110 = match({
id: "MESSAGE#751:610101/0",
dissect: {
tokenizer: "Authorization fail%{p0->}",
field: "nwparser.payload",
},
});
var msg111 = match({
id: "MESSAGE#751:610101/2",
dissect: {
tokenizer: "%{->}: Cmd: %{action->} Cmdtype: %{fld1->}",
field: "nwparser.p1",
},
});
var all28 = all_match({
processors: [
msg110,
dup117,
msg111,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("610101"),
}),
dup65,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg112 = match({
id: "MESSAGE#591:405102/2",
dissect: {
tokenizer: "allocate %{service->} Connection for f%{p2->}",
field: "nwparser.p1",
},
});
var all29 = all_match({
processors: [
dup118,
dup115,
msg112,
dup119,
dup120,
dup121,
dup122,
dup123,
dup124,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("405102"),
}),
dup2,
dup3,
dup125,
dup4,
dup5,
]),
});
var msg113 = match({
id: "MESSAGE#759:611303",
dissect: {
tokenizer: "VPNClient: NAT configured for Client Mode with split tunneling: NAT addr: %{stransaddr->} Split Tunnel Networks:",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611303"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup127,
]),
});
var msg114 = match({
id: "MESSAGE#885:713119",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713119"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg115 = match({
id: "MESSAGE#0:101001",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("101001"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg116 = match({
id: "MESSAGE#188:113011/0",
dissect: {
tokenizer: "AAA retrieved user specific group policy %{p0->}",
field: "nwparser.payload",
},
});
var msg117 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "(%{policyname->}) for user = %{p1->}",
field: "nwparser.p0",
},
});
var msg118 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "%{policyname->} for user = %{p1->}",
field: "nwparser.p0",
},
});
var select24 = linear_select([
msg117,
msg118,
]);
var msg119 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "'%{username->}' ",
field: "nwparser.p1",
},
});
var msg120 = match({
id: "MESSAGE#188:113011/2",
dissect: {
tokenizer: "%{username->} ",
field: "nwparser.p1",
},
});
var select25 = linear_select([
msg119,
msg120,
]);
var all30 = all_match({
processors: [
msg116,
select24,
select25,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("113011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA retrieved user specific group policy"),
}),
]),
});
var msg121 = match({
id: "MESSAGE#237:209002",
dissect: {
tokenizer: "IPFRAG: First Frag have not been seen %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("209002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("First Frag have not been seen"),
}),
]),
});
var msg122 = match({
id: "MESSAGE#403:311003",
dissect: {
tokenizer: "LU recv thread up%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311003"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU recv thread"),
}),
dup4,
dup5,
]),
});
var msg123 = match({
id: "MESSAGE#1146:721002",
dissect: {
tokenizer: "(WebVPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("721002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg124 = match({
id: "MESSAGE#539:400042",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400042"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all31 = all_match({
processors: [
dup128,
dup129,
dup130,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602202:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
dup131,
]),
});
var all32 = all_match({
processors: [
dup128,
dup129,
dup132,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("602202"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup131,
]),
});
var select26 = linear_select([
all31,
all32,
]);
var msg125 = match({
id: "MESSAGE#789:615002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("615002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg126 = match({
id: "MESSAGE#874:713068/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->}, Received non-routine %{p1->}",
field: "nwparser.p0",
},
});
var msg127 = match({
id: "MESSAGE#874:713068/2",
dissect: {
tokenizer: "IP = %{saddr->}, Received non-routine %{p1->}",
field: "nwparser.p0",
},
});
var select27 = linear_select([
msg126,
msg127,
]);
var msg128 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "N%{p2->}",
field: "nwparser.p1",
},
});
var msg129 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "n%{p2->}",
field: "nwparser.p1",
},
});
var select28 = linear_select([
msg128,
msg129,
]);
var msg130 = match({
id: "MESSAGE#874:713068/3",
dissect: {
tokenizer: "otify message: %{p3->}",
field: "nwparser.p2",
},
});
var msg131 = match({
id: "MESSAGE#874:713068/4",
dissect: {
tokenizer: "%{result->} (%{info->}) ",
field: "nwparser.p3",
},
});
var msg132 = match({
id: "MESSAGE#874:713068/4",
dissect: {
tokenizer: "%{result->} ",
field: "nwparser.p3",
},
});
var select29 = linear_select([
msg131,
msg132,
]);
var all33 = all_match({
processors: [
dup79,
select27,
select28,
msg130,
select29,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713068"),
}),
dup7,
dup133,
dup134,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received non-routine Notify message"),
}),
]),
});
var all34 = all_match({
processors: [
dup44,
dup135,
dup136,
],
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("111004"),
}),
dup38,
dup137,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg133 = match({
id: "MESSAGE#504:400007",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400007"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all35 = all_match({
processors: [
dup22,
dup23,
dup138,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg134 = match({
id: "MESSAGE#961:713903:01/2",
dissect: {
tokenizer: "Group = %{group->} , IP = %{p1->}",
field: "nwparser.p0",
},
});
var select30 = linear_select([
msg134,
dup139,
dup140,
]);
var all36 = all_match({
processors: [
dup44,
select30,
dup138,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg135 = match({
id: "MESSAGE#962:713903:02",
dissect: {
tokenizer: "IP = %{saddr->} , %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:02"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg136 = match({
id: "MESSAGE#963:713903:03/0",
dissect: {
tokenizer: "%{event_description->} on Port %{network_port->} from %{saddr->}:%{sport->} ",
field: "nwparser.payload",
},
});
var select31 = linear_select([
msg136,
dup141,
]);
var all37 = all_match({
processors: [
select31,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713903:03"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Runt ISAKMP packet discarded on Port"),
}),
]),
});
var select32 = linear_select([
all35,
all36,
msg135,
all37,
]);
var msg137 = match({
id: "MESSAGE#1259:746013",
dissect: {
tokenizer: "%{application->}: Delete IP-User mapping %{saddr->} - %{domain->}\\%{username->} Succeeded - %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup142,
set_field({
dest: "nwparser.msg_id1",
value: constant("746013"),
}),
dup17,
dup143,
dup40,
dup4,
dup5,
dup2,
dup3,
dup144,
]),
});
var msg138 = match({
id: "MESSAGE#1260:746013:01",
dissect: {
tokenizer: "%{application->}: Delete IP-User mapping %{saddr->} - %{domain->}\\%{username->} Failed - VPN user logout",
field: "nwparser.payload",
},
on_success: processor_chain([
dup142,
set_field({
dest: "nwparser.msg_id1",
value: constant("746013:01"),
}),
dup17,
dup143,
dup19,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VPN user logout"),
}),
set_field({
dest: "nwparser.result",
value: dup145,
}),
]),
});
var select33 = linear_select([
msg137,
msg138,
]);
var msg139 = match({
id: "MESSAGE#313:302016:05/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p2->}",
field: "nwparser.p1",
},
});
var msg140 = match({
id: "MESSAGE#313:302016:05/3",
dissect: {
tokenizer: "%{bytes->} (%{username->})",
field: "nwparser.p2",
},
});
var msg141 = match({
id: "MESSAGE#313:302016:05/3",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p2",
},
});
var select34 = linear_select([
msg140,
msg141,
]);
var all38 = all_match({
processors: [
dup146,
dup147,
msg139,
select34,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:05"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg142 = match({
id: "MESSAGE#314:302016:07/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->}(%{fld1->}) to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p0->}",
field: "nwparser.payload",
},
});
var all39 = all_match({
processors: [
msg142,
dup150,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:07"),
}),
dup42,
dup43,
dup40,
dup14,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg143 = match({
id: "MESSAGE#315:302016:04/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{p0->}",
field: "nwparser.payload",
},
});
var all40 = all_match({
processors: [
msg143,
dup150,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:04"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg144 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{fld20->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var select35 = linear_select([
dup153,
msg144,
]);
var msg145 = match({
id: "MESSAGE#316:302016:06/4",
dissect: {
tokenizer: "%{duration->} bytes %{p4->}",
field: "nwparser.p3",
},
});
var msg146 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->} '%{username->}' ",
field: "nwparser.p4",
},
});
var msg147 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->} (%{username->}) ",
field: "nwparser.p4",
},
});
var msg148 = match({
id: "MESSAGE#316:302016:06/5",
dissect: {
tokenizer: "%{bytes->}",
field: "nwparser.p4",
},
});
var select36 = linear_select([
msg146,
msg147,
msg148,
]);
var all41 = all_match({
processors: [
dup146,
dup151,
dup152,
select35,
msg145,
select36,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:06"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select37 = linear_select([
dup153,
dup154,
]);
var msg149 = match({
id: "MESSAGE#317:302016/4",
dissect: {
tokenizer: "%{duration->} bytes %{bytes->} %{p4->}",
field: "nwparser.p3",
},
});
var msg150 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "'%{username->}'%{p5->}",
field: "nwparser.p4",
},
});
var msg151 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "(%{username->})%{p5->}",
field: "nwparser.p4",
},
});
var select38 = linear_select([
msg150,
msg151,
]);
var msg152 = match({
id: "MESSAGE#317:302016/6",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p5",
},
});
var all42 = all_match({
processors: [
dup146,
dup151,
dup152,
select37,
msg149,
select38,
msg152,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg153 = match({
id: "MESSAGE#318:302016:01/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->}(%{fld20->}) to %{p1->}",
field: "nwparser.p0",
},
});
var select39 = linear_select([
dup155,
msg153,
dup156,
]);
var msg154 = match({
id: "MESSAGE#318:302016:01/4",
dissect: {
tokenizer: "%{daddr->}/%{dport->}(%{c_username->}) duration %{p3->}",
field: "nwparser.p2",
},
});
var select40 = linear_select([
dup153,
msg154,
dup154,
]);
var msg155 = match({
id: "MESSAGE#318:302016:01/4",
dissect: {
tokenizer: "%{duration->} bytes %{bytes->}",
field: "nwparser.p3",
},
});
var all43 = all_match({
processors: [
dup146,
select39,
dup152,
select40,
msg155,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg156 = match({
id: "MESSAGE#319:302016:02",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:02"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg157 = match({
id: "MESSAGE#320:302016:03",
dissect: {
tokenizer: "Teardown %{protocol->} connection for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302016:03"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup149,
]),
});
var select41 = linear_select([
all38,
all39,
all40,
all41,
all42,
all43,
msg156,
msg157,
]);
var msg158 = match({
id: "MESSAGE#389:306001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("306001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg159 = match({
id: "MESSAGE#864:713042",
dissect: {
tokenizer: "IKE Initiator unable to find policy: Intf %{interface->}, Src: %{saddr->}, Dst: %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713042"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all44 = all_match({
processors: [
dup77,
dup78,
dup158,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722029"),
}),
dup2,
dup3,
dup4,
dup5,
dup159,
]),
});
var msg160 = match({
id: "MESSAGE#1083:717037",
dissect: {
tokenizer: "Tunnel group search using certificate maps failed for peer certificate: serial number: %{serial_number->}, subject name: %{cert_subject->} issuer_name: %{dn->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("717037"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg161 = match({
id: "MESSAGE#19:103007",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup161,
set_field({
dest: "nwparser.msg_id1",
value: constant("103007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg162 = match({
id: "MESSAGE#508:400011",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400011"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg163 = match({
id: "MESSAGE#550:401002/1",
dissect: {
tokenizer: "%{->}added: %{result->} ",
field: "nwparser.p0",
},
});
var msg164 = match({
id: "MESSAGE#550:401002/1",
dissect: {
tokenizer: "s added %{->}",
field: "nwparser.p0",
},
});
var select42 = linear_select([
msg163,
msg164,
]);
var all45 = all_match({
processors: [
dup162,
select42,
],
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("401002"),
}),
dup164,
dup38,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Shun(s) added"),
}),
]),
});
var msg165 = match({
id: "MESSAGE#1014:715041",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} of type %{event_description->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("715041"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg166 = match({
id: "MESSAGE#1069:717008",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("717008"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg167 = match({
id: "MESSAGE#1303:717041",
dissect: {
tokenizer: "Local CA Server event: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("717041"),
}),
dup14,
dup2,
dup5,
dup3,
]),
});
var msg168 = match({
id: "MESSAGE#16:103004",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup1,
set_field({
dest: "nwparser.msg_id1",
value: constant("103004"),
}),
dup2,
dup3,
dup4,
dup5,
dup167,
]),
});
var msg169 = match({
id: "MESSAGE#583:403504",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403504"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg170 = match({
id: "MESSAGE#1011:715039/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}.",
field: "nwparser.p1",
},
});
var all46 = all_match({
processors: [
dup22,
dup23,
msg170,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("715039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg171 = match({
id: "MESSAGE#1012:715039:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("715039:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select43 = linear_select([
all46,
msg171,
]);
var msg172 = match({
id: "MESSAGE#1150:721012",
dissect: {
tokenizer: "(WebVPN-%{context->}) Enable APCF XML file path %{filename->} on the standby unit",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("721012"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Enable APCF XML file path on standby unit"),
}),
]),
});
var all47 = all_match({
processors: [
dup77,
dup78,
dup168,
],
on_success: processor_chain([
dup169,
set_field({
dest: "nwparser.msg_id1",
value: constant("724004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg173 = match({
id: "MESSAGE#36:105011",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("105011"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg174 = match({
id: "MESSAGE#248:210010",
dissect: {
tokenizer: "LU make UDP connection for %{saddr->}:%{sport->} %{daddr->}:%{dport->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("210010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate a new record for a UDP connection"),
}),
dup170,
]),
});
var msg175 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "Group = %{group->}, Username = '%{username->}' , IP = %{p0->}",
field: "nwparser.payload",
},
});
var msg176 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, Username = %{username->} , IP = %{p0->}",
field: "nwparser.payload",
},
});
var msg177 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{->}Group = %{group->}, IP = %{p0->}",
field: "nwparser.payload",
},
});
var select44 = linear_select([
msg175,
msg176,
msg177,
]);
var msg178 = match({
id: "MESSAGE#902:713136/1",
dissect: {
tokenizer: "%{saddr->}, %{action->} [%{fld1->}]",
field: "nwparser.p0",
},
});
var all48 = all_match({
processors: [
select44,
msg178,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713136"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg179 = match({
id: "MESSAGE#1044:715080",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}: %{duration->} seconds.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("715080"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg180 = match({
id: "MESSAGE#14:120012/0",
dissect: {
tokenizer: "User \"%{username->}\" chose to %{p0->}",
field: "nwparser.payload",
},
});
var msg181 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "disabl%{p1->}",
field: "nwparser.p0",
},
});
var msg182 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "postpon%{p1->}",
field: "nwparser.p0",
},
});
var select45 = linear_select([
msg181,
msg182,
]);
var msg183 = match({
id: "MESSAGE#14:120012/2",
dissect: {
tokenizer: "e call-home anonymous reporting at the prompt.%{->}",
field: "nwparser.p1",
},
});
var all49 = all_match({
processors: [
msg180,
select45,
msg183,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120012"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("User chose to disable or postpone call-home anonymous reporting"),
}),
]),
});
var msg184 = match({
id: "MESSAGE#393:307003",
dissect: {
tokenizer: "telnet login session failed from %{saddr->} (%{result->}) on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("307003"),
}),
dup43,
dup106,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup172,
]),
});
var msg185 = match({
id: "MESSAGE#394:307003:01",
dissect: {
tokenizer: "telnet login session failed from %{saddr->} (%{result->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("307003:01"),
}),
dup43,
dup106,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup172,
]),
});
var select46 = linear_select([
msg184,
msg185,
]);
var msg186 = match({
id: "MESSAGE#723:603104/0",
dissect: {
tokenizer: "PPTP Tunnel created, tunnel_id is %{fld1->}, remote_peer_ip is %{saddr->}, ppp_virtual_interface_id is %{fld2->}, client_dynamic_ip is %{daddr->}, username is %{p0->}",
field: "nwparser.payload",
},
});
var msg187 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "'%{username->}' , MPPE_key_strength is %{p1->}",
field: "nwparser.p0",
},
});
var msg188 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "%{username->} , MPPE_key_strength is %{p1->}",
field: "nwparser.p0",
},
});
var select47 = linear_select([
msg187,
msg188,
]);
var msg189 = match({
id: "MESSAGE#723:603104/2",
dissect: {
tokenizer: "%{fld3->}",
field: "nwparser.p1",
},
});
var all50 = all_match({
processors: [
msg186,
select47,
msg189,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("603104"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("PPTP Tunnel created"),
}),
]),
});
var msg190 = match({
id: "MESSAGE#1123:720027",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("720027"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg191 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->}, Old P1 SA is being deleted but new SA is DEAD, %{p1->}",
field: "nwparser.p0",
},
});
var msg192 = match({
id: "MESSAGE#1024:715052/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Old P1 SA is being deleted but new SA is DEAD, %{p1->}",
field: "nwparser.p0",
},
});
var select48 = linear_select([
msg191,
msg192,
]);
var all51 = all_match({
processors: [
dup9,
select48,
dup173,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715052"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Old P1 SA is being deleted but new SA is DEAD"),
}),
]),
});
var msg193 = match({
id: "MESSAGE#1084:717039",
dissect: {
tokenizer: "Local CA Server internal error detected: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("717039"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Local CA Server internal error detected"),
}),
]),
});
var msg194 = match({
id: "MESSAGE#1108:718069",
dissect: {
tokenizer: "Stop VPN Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718069"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Stop VPN Load Balancing"),
}),
]),
});
var msg195 = match({
id: "MESSAGE#109:107001:01",
dissect: {
tokenizer: "%{saddr->} attempted to ping %{daddr->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("107001:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
]),
});
var msg196 = match({
id: "MESSAGE#110:107001",
dissect: {
tokenizer: "RIP auth failed from %{saddr->}: version=%{fld1->}, type=%{fld2->}, mode=%{fld3->}, sequence=%{fld4->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("107001"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("RIP auth failure"),
}),
]),
});
var select49 = linear_select([
msg195,
msg196,
]);
var msg197 = match({
id: "MESSAGE#607:409005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("409005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg198 = match({
id: "MESSAGE#918:713184/2",
dissect: {
tokenizer: "%{saddr->}, Client Type: %{product->} Client Application Version: %{version->}",
field: "nwparser.p1",
},
});
var all52 = all_match({
processors: [
dup22,
dup23,
msg198,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713184"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg199 = match({
id: "MESSAGE#919:713184:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Client Type: %{product->} Client Application Version: %{version->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713184:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select50 = linear_select([
all52,
msg199,
]);
var msg200 = match({
id: "MESSAGE#970:713905:04",
dissect: {
tokenizer: "IKE port %{network_port->} for IPSec UDP already reserved on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:04"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("IKE port for IPSec UDP already reserved on interface"),
}),
]),
});
var all53 = all_match({
processors: [
dup22,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg201 = match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "%{event_description->} from %{fld1->} port %{sport->} to %{daddr->} port %{dport->} ",
field: "nwparser.p1",
},
});
var msg202 = match({
id: "MESSAGE#972:713905:01/2",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p1",
},
});
var select51 = linear_select([
msg201,
msg202,
]);
var all54 = all_match({
processors: [
dup44,
dup175,
select51,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var msg203 = match({
id: "MESSAGE#973:713905:02",
dissect: {
tokenizer: "INFO: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:02"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var all55 = all_match({
processors: [
dup176,
dup23,
dup174,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713905:03"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
]),
});
var select52 = linear_select([
msg200,
all53,
all54,
msg203,
all55,
]);
var msg204 = match({
id: "MESSAGE#227:201013",
dissect: {
tokenizer: "Per-client connection limit exceeded %{fld1->}/%{fld2->} for %{direction->} packet from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201013"),
}),
dup2,
dup3,
dup4,
dup5,
dup177,
]),
});
var msg205 = match({
id: "MESSAGE#238:209003",
dissect: {
tokenizer: "Fragment database limit of %{fld1->} exceeded: %{space->} src = %{saddr->}, %{space->} dest = %{daddr->}, proto = %{protocol->}, id = %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("209003"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("Fragment database limit exceeded"),
}),
]),
});
var msg206 = match({
id: "MESSAGE#1162:722025",
dissect: {
tokenizer: "SVC Global Compression Disabled%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722025"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg207 = match({
id: "MESSAGE#525:400028",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400028"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg208 = match({
id: "MESSAGE#541:400044",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400044"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg209 = match({
id: "MESSAGE#1050:716009",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> %{result->}. ACL parse error",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("716009"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("ACL parse error"),
}),
]),
});
var msg210 = match({
id: "MESSAGE#1132:720039",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("720039"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg211 = match({
id: "MESSAGE#111:107002",
dissect: {
tokenizer: "RIP pkt failed from %{saddr->}: version=%{fld1->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("107002"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("RIP packet failure"),
}),
]),
});
var msg212 = match({
id: "MESSAGE#147:109023",
dissect: {
tokenizer: "User from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} using %{protocol->} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109023"),
}),
dup17,
dup18,
dup178,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg213 = match({
id: "MESSAGE#148:109023:01",
dissect: {
tokenizer: "User from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} must authenticate before using this service",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109023:01"),
}),
dup17,
dup18,
dup178,
dup14,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var select53 = linear_select([
msg212,
msg213,
]);
var msg214 = match({
id: "MESSAGE#150:109025/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} on interface %{interface->} using %{protocol->}",
field: "nwparser.p1",
},
});
var all56 = all_match({
processors: [
dup179,
dup61,
msg214,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("109025"),
}),
dup65,
dup17,
dup99,
dup2,
dup3,
dup4,
dup5,
dup100,
]),
});
var msg215 = match({
id: "MESSAGE#1282:713177",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Received remote Proxy Host FQDN in ID Payload: Host Name: %{hostname->} Address %{hostip->}, Protocol %{protocol->}, Port %{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713177"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received remote Proxy Host"),
}),
]),
});
var msg216 = match({
id: "MESSAGE#745:608001:01",
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1->} secondary channel for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->} from %{info->} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("608001:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg217 = match({
id: "MESSAGE#746:608001",
dissect: {
tokenizer: "Pre-allocate Skinny %{fld1->} secondary channel for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}/%{dport->} from %{info->} message",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("608001"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var select54 = linear_select([
msg216,
msg217,
]);
var msg218 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{saddr->} (%{fld1->}) > SVC closing connection: %{p2->}",
field: "nwparser.p1",
},
});
var msg219 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{saddr->} > SVC closing connection: %{p2->}",
field: "nwparser.p1",
},
});
var select55 = linear_select([
msg218,
msg219,
]);
var msg220 = match({
id: "MESSAGE#1172:722037/3",
dissect: {
tokenizer: "%{info->}.",
field: "nwparser.p2",
},
});
var all57 = all_match({
processors: [
dup181,
dup182,
select55,
msg220,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722037"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("closing connection"),
}),
]),
});
var msg221 = match({
id: "MESSAGE#1181:722055/0",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> Client Type: %{application->} %{p0->}",
field: "nwparser.payload",
},
});
var msg222 = match({
id: "MESSAGE#1181:722055/1",
dissect: {
tokenizer: "for %{product->} %{version->}",
field: "nwparser.p0",
},
});
var msg223 = match({
id: "MESSAGE#1181:722055/1",
dissect: {
tokenizer: "v%{version->}",
field: "nwparser.p0",
},
});
var select56 = linear_select([
msg222,
msg223,
]);
var all58 = all_match({
processors: [
msg221,
select56,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("722055"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg224 = match({
id: "MESSAGE#475:338005/2",
dissect: {
tokenizer: "ilter dropped blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all59 = all_match({
processors: [
dup183,
dup184,
msg224,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338005"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg225 = match({
id: "MESSAGE#537:400040",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup109,
set_field({
dest: "nwparser.msg_id1",
value: constant("400040"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg226 = match({
id: "MESSAGE#949:713255",
dissect: {
tokenizer: "IP = %{saddr->}, Received %{protocol->} Aggressive Mode message %{fld1->} with unknown tunnel group name '%{group->}'.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713255"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg227 = match({
id: "MESSAGE#842:710001",
dissect: {
tokenizer: "%{protocol->} access requested from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("710001"),
}),
dup42,
dup43,
set_field({
dest: "nwparser.ec_activity",
value: constant("Request"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.result",
value: constant("access requested"),
}),
]),
});
var msg228 = match({
id: "MESSAGE#371:305006:02",
dissect: {
tokenizer: "%{service->} translation creation failed for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006:02"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("translation creation failed for protocol"),
}),
]),
});
var msg229 = match({
id: "MESSAGE#372:305006",
dissect: {
tokenizer: "%{service->} translation creation failed for %{protocol->} src %{sinterface->}:%{saddr->}/%{sport->} dst %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup185,
]),
});
var msg230 = match({
id: "MESSAGE#373:305006:01",
dissect: {
tokenizer: "%{service->} translation creation failed for icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305006:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup111,
dup185,
]),
});
var select57 = linear_select([
msg228,
msg229,
msg230,
]);
var msg231 = match({
id: "MESSAGE#1168:722032/2",
dissect: {
tokenizer: "%{saddr->}> New %{p2->}",
field: "nwparser.p1",
},
});
var msg232 = match({
id: "MESSAGE#1168:722032/4",
dissect: {
tokenizer: "%{protocol->} %{p3->}",
field: "nwparser.p2",
},
});
var select58 = linear_select([
msg232,
]);
var msg233 = match({
id: "MESSAGE#1168:722032/4",
dissect: {
tokenizer: "SVC connection replacing old connection.%{->}",
field: "nwparser.p3",
},
});
var all60 = all_match({
processors: [
dup77,
dup78,
msg231,
select58,
msg233,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("722032"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("replacing old connection"),
}),
]),
});
var msg234 = match({
id: "MESSAGE#1239:737014",
dissect: {
tokenizer: "%{process->}: Freeing AAA address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Freeing AAA address"),
}),
]),
});
var msg235 = match({
id: "MESSAGE#512:400015",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400015"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg236 = match({
id: "MESSAGE#664:421006",
dissect: {
tokenizer: "There are %{fld1->} users of %{product->} during the past %{fld2->} hours",
field: "nwparser.payload",
},
on_success: processor_chain([
dup186,
set_field({
dest: "nwparser.msg_id1",
value: constant("421006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg237 = match({
id: "MESSAGE#736:605004/0",
dissect: {
tokenizer: "Login denied from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{service->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all61 = all_match({
processors: [
msg237,
dup187,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("605004"),
}),
dup17,
dup106,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: dup188,
}),
set_field({
dest: "nwparser.result",
value: dup188,
}),
]),
});
var msg238 = match({
id: "MESSAGE#737:605004:01/0",
dissect: {
tokenizer: "%{action->} for user %{p0->}",
field: "nwparser.payload",
},
});
var all62 = all_match({
processors: [
msg238,
dup187,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("605004:01"),
}),
dup17,
dup106,
dup18,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select59 = linear_select([
all61,
all62,
]);
var msg239 = match({
id: "MESSAGE#1151:721016/2",
dissect: {
tokenizer: "%{saddr->} has been created.",
field: "nwparser.p1",
},
});
var all63 = all_match({
processors: [
dup189,
dup190,
msg239,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("721016"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("session created"),
}),
]),
});
var msg240 = match({
id: "MESSAGE#130:109009",
dissect: {
tokenizer: "Authorization denied from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} (not authenticated)",
field: "nwparser.payload",
},
on_success: processor_chain([
dup98,
set_field({
dest: "nwparser.msg_id1",
value: constant("109009"),
}),
dup17,
dup99,
dup65,
dup2,
dup3,
dup4,
dup5,
dup191,
]),
});
var msg241 = match({
id: "MESSAGE#321:302017",
dissect: {
tokenizer: "Built inbound GRE connection %{connectionid->} from %{sinterface->}:%{saddr->} (%{stransaddr->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("302017"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg242 = match({
id: "MESSAGE#322:302017:01",
dissect: {
tokenizer: "Built outbound GRE connection %{connectionid->} from %{dinterface->}:%{daddr->} (%{dtransaddr->}) to %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("302017:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var select60 = linear_select([
msg241,
msg242,
]);
var msg243 = match({
id: "MESSAGE#398:309001",
dissect: {
tokenizer: "Denied manager connection from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("309001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied manager connection"),
}),
]),
});
var msg244 = match({
id: "MESSAGE#429:318002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("318002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg245 = match({
id: "MESSAGE#1188:725003/0",
dissect: {
tokenizer: "SSL client %{interface->}:%{hostip->}/%{network_port->} %{p0->}",
field: "nwparser.payload",
},
});
var msg246 = match({
id: "MESSAGE#1188:725003/1",
dissect: {
tokenizer: "to %{daddr->}/%{dport->} %{action->}",
field: "nwparser.p0",
},
});
var msg247 = match({
id: "MESSAGE#1188:725003/1",
dissect: {
tokenizer: "%{action->}.",
field: "nwparser.p0",
},
});
var select61 = linear_select([
msg246,
msg247,
]);
var all64 = all_match({
processors: [
msg245,
select61,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("725003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg248 = match({
id: "MESSAGE#1288:752006",
dissect: {
tokenizer: "Tunnel Manager failed to dispatch a %{fld1->} message. Probable mis-configuration of the crypto map or tunnel-group. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752006"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Tunnel Manager failed to dispatch a message. Probable mis-configuration of the crypto map or tunnel-group"),
}),
]),
});
var msg249 = match({
id: "MESSAGE#661:421001",
dissect: {
tokenizer: "TCP flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} is skipped because %{application->} has failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("421001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("TCP flow skipped"),
}),
set_field({
dest: "nwparser.result",
value: constant("process failure"),
}),
]),
});
var msg250 = match({
id: "MESSAGE#901:713134",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Mismatch: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713134"),
}),
dup7,
dup38,
dup39,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("algorithm mismatch"),
}),
]),
});
var msg251 = match({
id: "MESSAGE#44:105036",
dissect: {
tokenizer: "(%{context->}) %{event_description->} %{fld1->}, seq = %{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("105036"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg252 = match({
id: "MESSAGE#45:105036:01",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("105036:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select62 = linear_select([
msg251,
msg252,
]);
var msg253 = match({
id: "MESSAGE#80:106015",
dissect: {
tokenizer: "Deny %{protocol->} (no connection) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106015"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg254 = match({
id: "MESSAGE#81:106015:01",
dissect: {
tokenizer: "Deny %{protocol->} (no connection) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} flags %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106015:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var select63 = linear_select([
msg253,
msg254,
]);
var msg255 = match({
id: "MESSAGE#104:106102:02/0",
dissect: {
tokenizer: "access-list %{listnum->} denied %{p0->}",
field: "nwparser.payload",
},
});
var all65 = all_match({
processors: [
msg255,
dup197,
dup198,
dup199,
dup200,
dup201,
dup202,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102:02"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup203,
set_field({
dest: "nwparser.event_description",
value: constant("deny"),
}),
]),
});
var msg256 = match({
id: "MESSAGE#105:106102:01/0",
dissect: {
tokenizer: "access-list %{listnum->} permitted %{p0->}",
field: "nwparser.payload",
},
});
var all66 = all_match({
processors: [
msg256,
dup197,
dup198,
dup199,
dup200,
dup201,
dup202,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup203,
set_field({
dest: "nwparser.event_description",
value: constant("permit"),
}),
]),
});
var msg257 = match({
id: "MESSAGE#106:106102",
dissect: {
tokenizer: "access-list %{listnum->} url %{url->} hit-cnt %{dclass_counter1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("106102"),
}),
dup2,
dup3,
dup203,
dup4,
dup5,
]),
});
var select64 = linear_select([
all65,
all66,
msg257,
]);
var msg258 = match({
id: "MESSAGE#587:404102",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup85,
set_field({
dest: "nwparser.msg_id1",
value: constant("404102"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg259 = match({
id: "MESSAGE#1241:737016",
dissect: {
tokenizer: "%{process->}: Freeing local pool address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737016"),
}),
dup2,
dup3,
dup205,
dup4,
dup5,
]),
});
var msg260 = match({
id: "MESSAGE#1242:737016:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Freeing local pool address %{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737016:01"),
}),
dup2,
dup3,
dup205,
dup4,
dup5,
]),
});
var select65 = linear_select([
msg259,
msg260,
]);
var msg261 = match({
id: "MESSAGE#643:415010",
dissect: {
tokenizer: "%{sigid->} HTTP protocol violation detected - %{listnum->} HTTP Protocol not detected from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP protocol violation detected"),
}),
]),
});
var msg262 = match({
id: "MESSAGE#653:419001",
dissect: {
tokenizer: "%{action->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("419001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg263 = match({
id: "MESSAGE#691:505002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup207,
set_field({
dest: "nwparser.msg_id1",
value: constant("505002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg264 = match({
id: "MESSAGE#1114:720005",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720005"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg265 = match({
id: "MESSAGE#431:318004",
dissect: {
tokenizer: "area %{fld1->} lsid %{fld2->} mask %{fld3->} adv %{fld4->} type %{fld5->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select66 = linear_select([
dup208,
dup209,
dup210,
]);
var msg266 = match({
id: "MESSAGE#1037:715065/2",
dissect: {
tokenizer: "%{action->} history (%{fld1->})",
field: "nwparser.p1",
},
});
var all67 = all_match({
processors: [
dup44,
select66,
msg266,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("715065"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg267 = match({
id: "MESSAGE#1216:734003:01/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.device.hostname=\"%{hostname->}\"",
field: "nwparser.p1",
},
});
var all68 = all_match({
processors: [
dup211,
dup212,
msg267,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg268 = match({
id: "MESSAGE#1217:734003:02/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.device.MAC[\"%{macaddr->}\"]=\"%{fld2->}\"",
field: "nwparser.p1",
},
});
var all69 = all_match({
processors: [
dup211,
dup212,
msg268,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg269 = match({
id: "MESSAGE#1218:734003:03/2",
dissect: {
tokenizer: "%{hostip->}: Session Attribute endpoint.os.version=\"%{version->}\"",
field: "nwparser.p1",
},
});
var all70 = all_match({
processors: [
dup211,
dup212,
msg269,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003:03"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg270 = match({
id: "MESSAGE#1219:734003/2",
dissect: {
tokenizer: "%{hostip->}: %{result->}",
field: "nwparser.p1",
},
});
var all71 = all_match({
processors: [
dup211,
dup212,
msg270,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734003"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.result",
value: constant("Session Attribute assignment"),
}),
dup4,
dup5,
]),
});
var select67 = linear_select([
all68,
all69,
all70,
all71,
]);
var msg271 = match({
id: "MESSAGE#771:611315",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("611315"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg272 = match({
id: "MESSAGE#838:709005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709005"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg273 = match({
id: "MESSAGE#37:105020",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("105020"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg274 = match({
id: "MESSAGE#474:338004/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{fld3->} /%{p4->}",
field: "nwparser.p3",
},
});
var msg275 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{mask->}, threat-level: %{p5->}",
field: "nwparser.p4",
},
});
var msg276 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{mask->} threat-level: %{p5->}",
field: "nwparser.p4",
},
});
var select68 = linear_select([
msg275,
msg276,
]);
var msg277 = match({
id: "MESSAGE#474:338004/6",
dissect: {
tokenizer: "%{severity->}, category: %{result->}",
field: "nwparser.p5",
},
});
var all72 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg274,
select68,
msg277,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg278 = match({
id: "MESSAGE#681:502102/0",
dissect: {
tokenizer: "User deleted from local dbase: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all73 = all_match({
processors: [
msg278,
dup215,
dup216,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402020100"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502102"),
}),
dup17,
dup108,
dup217,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("User deleted from local DB"),
}),
]),
});
var msg279 = match({
id: "MESSAGE#706:602101/0",
dissect: {
tokenizer: "PMTU-D packet %{fld1->} byte%{p0->}",
field: "nwparser.payload",
},
});
var select69 = linear_select([
dup218,
]);
var msg280 = match({
id: "MESSAGE#706:602101/2",
dissect: {
tokenizer: "%{->}greater than effective mtu %{fld2->} dest_addr=%{daddr->}, src_addr=%{saddr->}, prot=%{protocol->}",
field: "nwparser.p1",
},
});
var all74 = all_match({
processors: [
msg279,
select69,
msg280,
],
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("602101"),
}),
dup7,
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("PMTU-D packet bytes greater than effective mtu"),
}),
]),
});
var msg281 = match({
id: "MESSAGE#1254:746001",
dissect: {
tokenizer: "%{application->}: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746001"),
}),
dup3,
]),
});
var msg282 = match({
id: "MESSAGE#292:302013:07",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{domain->}\\%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{ddomain->}\\%{c_username->}) (%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:07"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg283 = match({
id: "MESSAGE#293:302013/2",
dissect: {
tokenizer: "to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) %{p2->}",
field: "nwparser.p1",
},
});
var msg284 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "'%{username->}'%{p3->}",
field: "nwparser.p2",
},
});
var msg285 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "(%{username->})%{p3->}",
field: "nwparser.p2",
},
});
var select70 = linear_select([
msg284,
msg285,
]);
var msg286 = match({
id: "MESSAGE#293:302013/4",
dissect: {
tokenizer: "%{->} ",
field: "nwparser.p3",
},
});
var all75 = all_match({
processors: [
dup219,
dup220,
msg283,
select70,
msg286,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var all76 = all_match({
processors: [
dup221,
dup222,
dup223,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:01"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg287 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{stransport->})(%{domain->}\\%{username->})%{p1->}",
field: "nwparser.p0",
},
});
var select71 = linear_select([
msg287,
dup224,
]);
var msg288 = match({
id: "MESSAGE#295:302013:02/2",
dissect: {
tokenizer: "%{->}to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.p1",
},
});
var all77 = all_match({
processors: [
dup219,
select71,
msg288,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:02"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg289 = match({
id: "MESSAGE#296:302013:03/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{p0->}",
field: "nwparser.payload",
},
});
var msg290 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{dinterface->}:%{fld1->} :%{p1->}",
field: "nwparser.p0",
},
});
var msg291 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{dinterface->} :%{p1->}",
field: "nwparser.p0",
},
});
var select72 = linear_select([
msg290,
msg291,
]);
var msg292 = match({
id: "MESSAGE#296:302013:03/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}) to %{p2->}",
field: "nwparser.p1",
},
});
var msg293 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sinterface->}:%{fld2->}:%{saddr->}/%{p3->}",
field: "nwparser.p2",
},
});
var msg294 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{p3->}",
field: "nwparser.p2",
},
});
var select73 = linear_select([
msg293,
msg294,
]);
var msg295 = match({
id: "MESSAGE#296:302013:03/4",
dissect: {
tokenizer: "%{sport->} (%{stransaddr->}/%{stransport->})",
field: "nwparser.p3",
},
});
var all78 = all_match({
processors: [
msg289,
select72,
msg292,
select73,
msg295,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:03"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg296 = match({
id: "MESSAGE#297:302013:04",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:04"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg297 = match({
id: "MESSAGE#298:302013:05",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->} %{daddr->}/%{dport->} gaddr %{hostip->}/%{network_port->} %{sinterface->} %{saddr->}/%{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:05"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg298 = match({
id: "MESSAGE#299:302013:06/0",
dissect: {
tokenizer: "Built outbound %{protocol->} connection %{connectionid->} for %{dinterface->} :%{daddr->}/%{dport->} (%{p0->}",
field: "nwparser.payload",
},
});
var select74 = linear_select([
dup225,
dup226,
]);
var all79 = all_match({
processors: [
msg298,
select74,
dup227,
dup228,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:06"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg299 = match({
id: "MESSAGE#300:302013:09",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{domain->}\\%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:09"),
}),
dup64,
dup102,
dup43,
dup14,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg300 = match({
id: "MESSAGE#301:302013:08",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{fld->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302013:08"),
}),
dup64,
dup102,
dup43,
dup14,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var select75 = linear_select([
msg282,
all75,
all76,
all77,
all78,
msg296,
msg297,
all79,
msg299,
msg300,
]);
var msg301 = match({
id: "MESSAGE#361:304009",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("304009"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg302 = match({
id: "MESSAGE#614:409012",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("409012"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg303 = match({
id: "MESSAGE#638:415006",
dissect: {
tokenizer: "%{sigid->} Content size %{priority->} out of range - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415006"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("Content size out of range"),
}),
]),
});
var msg304 = match({
id: "MESSAGE#159:110001",
dissect: {
tokenizer: "No route to %{daddr->} from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("110001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg305 = match({
id: "MESSAGE#472:338002/4",
dissect: {
tokenizer: "ed blacklisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all80 = all_match({
processors: [
dup183,
dup184,
dup213,
dup214,
msg305,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338002"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg306 = match({
id: "MESSAGE#1287:113034/2",
dissect: {
tokenizer: "%{hostip->}> User ACL \u003c\u003c%{info->}> from AAA ignored, AV-PAIR ACL used instead",
field: "nwparser.p1",
},
});
var all81 = all_match({
processors: [
dup77,
dup78,
msg306,
],
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("113034"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("specified ACL was not used because a Cisco AV-PAIR ACL was used"),
}),
]),
});
var msg307 = match({
id: "MESSAGE#484:338202/4",
dissect: {
tokenizer: "ed greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p3",
},
});
var all82 = all_match({
processors: [
dup183,
dup184,
dup230,
dup214,
msg307,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338202"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg308 = match({
id: "MESSAGE#889:713123:01",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713123:01"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup231,
]),
});
var msg309 = match({
id: "MESSAGE#890:713123",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, IKE lost contact with remote peer, deleting connection (keepalive type: %{fld1->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("713123"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup231,
]),
});
var select76 = linear_select([
msg308,
msg309,
]);
var msg310 = match({
id: "MESSAGE#1068:717007",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg311 = match({
id: "MESSAGE#1112:720003",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720003"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg312 = match({
id: "MESSAGE#51:105042",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("105042"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg313 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg314 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Username = '%{username->}', IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg315 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "Username = %{username->}, IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var msg316 = match({
id: "MESSAGE#862:713041/2",
dissect: {
tokenizer: "IP = %{saddr->} , IKE Initiator: %{p1->}",
field: "nwparser.p0",
},
});
var select77 = linear_select([
msg313,
msg314,
msg315,
msg316,
]);
var msg317 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "Rekeying%{p2->}",
field: "nwparser.p1",
},
});
var msg318 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "New%{p2->}",
field: "nwparser.p1",
},
});
var select78 = linear_select([
msg317,
msg318,
]);
var msg319 = match({
id: "MESSAGE#862:713041/3",
dissect: {
tokenizer: "%{->}Phase %{p3->}",
field: "nwparser.p2",
},
});
var msg320 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "1%{p4->}",
field: "nwparser.p3",
},
});
var msg321 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "2%{p4->}",
field: "nwparser.p3",
},
});
var select79 = linear_select([
msg320,
msg321,
]);
var msg322 = match({
id: "MESSAGE#862:713041/5",
dissect: {
tokenizer: "%{->}, Intf %{fld1->}, IKE Peer %{fld2->} %{info->}",
field: "nwparser.p4",
},
});
var all83 = all_match({
processors: [
dup44,
select77,
select78,
msg319,
select79,
msg322,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713041"),
}),
dup7,
dup11,
dup12,
dup13,
dup2,
dup3,
dup4,
dup5,
dup232,
]),
});
var msg323 = match({
id: "MESSAGE#863:713041:01/0",
dissect: {
tokenizer: "IKE Initiator: %{p0->}",
field: "nwparser.payload",
},
});
var msg324 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "Rekeying%{p1->}",
field: "nwparser.p0",
},
});
var msg325 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "New%{p1->}",
field: "nwparser.p0",
},
});
var select80 = linear_select([
msg324,
msg325,
]);
var msg326 = match({
id: "MESSAGE#863:713041:01/2",
dissect: {
tokenizer: "%{->}Phase 2, Intf %{fld1->}, IKE Peer %{fld2->} %{info->}",
field: "nwparser.p1",
},
});
var all84 = all_match({
processors: [
msg323,
select80,
msg326,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713041:01"),
}),
dup7,
dup11,
dup12,
dup13,
dup14,
dup2,
dup3,
dup4,
dup5,
dup232,
]),
});
var select81 = linear_select([
all83,
all84,
]);
var msg327 = match({
id: "MESSAGE#1107:718068",
dissect: {
tokenizer: "Start VPN Load Balancing in context %{context->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718068"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Start VPN Load Balancing"),
}),
]),
});
var msg328 = match({
id: "MESSAGE#1311:434002",
dissect: {
tokenizer: "SFR requested to drop %{protocol->} packet from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("434002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SFR requested to drop packet"),
}),
]),
});
var msg329 = match({
id: "MESSAGE#1231:737006",
dissect: {
tokenizer: "%{process->}: Local pool request succeeded for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737006"),
}),
dup2,
dup3,
dup233,
dup4,
dup5,
]),
});
var msg330 = match({
id: "MESSAGE#1232:737006:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Local pool request succeeded for tunnel-group '%{info->}'",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737006:01"),
}),
dup2,
dup3,
dup233,
dup4,
dup5,
]),
});
var select82 = linear_select([
msg329,
msg330,
]);
var msg331 = match({
id: "MESSAGE#376:305009",
dissect: {
tokenizer: "Built %{context->} translation from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305009"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg332 = match({
id: "MESSAGE#634:415003",
dissect: {
tokenizer: "%{sigid->} HTTP Peer-to-Peer detected - %{listnum->} %{protocol->} from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415003"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP Peer-to-Peer detected"),
}),
]),
});
var msg333 = match({
id: "MESSAGE#726:603107/0",
dissect: {
tokenizer: "L2TP Tunnel deleted%{p0->}",
field: "nwparser.payload",
},
});
var msg334 = match({
id: "MESSAGE#726:603107/2",
dissect: {
tokenizer: "%{->}tunnel_id = %{fld1->} remote_peer_ip =%{saddr->}",
field: "nwparser.p1",
},
});
var all85 = all_match({
processors: [
msg333,
dup235,
msg334,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("603107"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("L2TP tunnel deleted"),
}),
]),
});
var msg335 = match({
id: "MESSAGE#1158:722012/2",
dissect: {
tokenizer: "%{saddr->}> SVC Message: %{info->}/NOTICE: %{p2->}",
field: "nwparser.p1",
},
});
var msg336 = match({
id: "MESSAGE#1158:722012/3",
dissect: {
tokenizer: "%{event_description->}(%{fld1->}) ",
field: "nwparser.p2",
},
});
var msg337 = match({
id: "MESSAGE#1158:722012/3",
dissect: {
tokenizer: "%{->} %{event_description->}",
field: "nwparser.p2",
},
});
var select83 = linear_select([
msg336,
msg337,
]);
var all86 = all_match({
processors: [
dup77,
dup78,
msg335,
select83,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("722012"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg338 = match({
id: "MESSAGE#152:109027/0",
dissect: {
tokenizer: "[%{protocol->}] Unable to dec%{p0->}",
field: "nwparser.payload",
},
});
var msg339 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "y%{p1->}",
field: "nwparser.p0",
},
});
var select84 = linear_select([
dup236,
msg339,
]);
var msg340 = match({
id: "MESSAGE#152:109027/2",
dissect: {
tokenizer: "pher response message Server = %{hostip->}, User = %{p2->}",
field: "nwparser.p1",
},
});
var all87 = all_match({
processors: [
msg338,
select84,
msg340,
dup237,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109027"),
}),
dup17,
dup18,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg341 = match({
id: "MESSAGE#189:113012/0",
dissect: {
tokenizer: "AAA user authentication Successful : local database : user = %{p0->}",
field: "nwparser.payload",
},
});
var all88 = all_match({
processors: [
msg341,
dup238,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113012"),
}),
dup17,
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA user authentication successful"),
}),
]),
});
var msg342 = match({
id: "MESSAGE#595:406001",
dissect: {
tokenizer: "FTP port command low port: %{saddr->}/%{sport->} to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup239,
set_field({
dest: "nwparser.msg_id1",
value: constant("406001"),
}),
dup2,
dup3,
dup4,
dup5,
dup240,
]),
});
var all89 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715059"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg343 = match({
id: "MESSAGE#1032:715059:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715059:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select85 = linear_select([
all89,
msg343,
]);
var all90 = all_match({
processors: [
dup9,
dup242,
dup243,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713024"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg344 = match({
id: "MESSAGE#876:713073",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, Responder forcing change of %{ike->} rekeying duration from %{fld1->} to %{fld2->} seconds",
field: "nwparser.payload",
},
on_success: processor_chain([
dup244,
set_field({
dest: "nwparser.msg_id1",
value: constant("713073"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg345 = match({
id: "MESSAGE#1053:716039/0",
dissect: {
tokenizer: "Authentication: %{action->}, group = \u003c\u003c%{group->}> user = %{p0->}",
field: "nwparser.payload",
},
});
var msg346 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "\u003c\u003c%{username->}> IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var msg347 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "'%{username->}' IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var msg348 = match({
id: "MESSAGE#1053:716039/2",
dissect: {
tokenizer: "%{username->} IP = \u003c\u003c %{p1->}",
field: "nwparser.p0",
},
});
var select86 = linear_select([
msg346,
msg347,
msg348,
]);
var msg349 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{saddr->} (%{info->}) >, Session Type: %{p2->}",
field: "nwparser.p1",
},
});
var msg350 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{saddr->} >, Session Type: %{p2->}",
field: "nwparser.p1",
},
});
var select87 = linear_select([
msg349,
msg350,
]);
var msg351 = match({
id: "MESSAGE#1053:716039/3",
dissect: {
tokenizer: "%{network_service->}",
field: "nwparser.p2",
},
});
var all91 = all_match({
processors: [
msg345,
select86,
select87,
msg351,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("716039"),
}),
dup18,
dup17,
dup99,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg352 = match({
id: "MESSAGE#1054:716039:01/0",
dissect: {
tokenizer: "Group \u003c\u003c %{group->}> User %{p0->}",
field: "nwparser.payload",
},
});
var msg353 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{saddr->} (%{info->}) > Authentication:%{p2->}",
field: "nwparser.p1",
},
});
var msg354 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{saddr->} > Authentication:%{p2->}",
field: "nwparser.p1",
},
});
var select88 = linear_select([
msg353,
msg354,
]);
var msg355 = match({
id: "MESSAGE#1054:716039:01/3",
dissect: {
tokenizer: "%{result->} Session Type: %{network_service->}",
field: "nwparser.p2",
},
});
var all92 = all_match({
processors: [
msg352,
dup182,
select88,
msg355,
],
on_success: processor_chain([
dup171,
set_field({
dest: "nwparser.msg_id1",
value: constant("716039:01"),
}),
dup18,
dup17,
dup106,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Session connection rejected"),
}),
]),
});
var select89 = linear_select([
all91,
all92,
]);
var msg356 = match({
id: "MESSAGE#363:305002",
dissect: {
tokenizer: "Translation built for gaddr %{hostip->} to laddr %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Translation built"),
}),
]),
});
var msg357 = match({
id: "MESSAGE#722:603103",
dissect: {
tokenizer: "PPP virtual interface %{interface->} - user: %{username->} aaa authentication %{disposition->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("603103"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg358 = match({
id: "MESSAGE#768:611312",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("611312"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all93 = all_match({
processors: [
dup246,
dup247,
dup132,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702204:01"),
}),
dup7,
dup14,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var all94 = all_match({
processors: [
dup246,
dup247,
dup130,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("702204"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
dup248,
]),
});
var select90 = linear_select([
all93,
all94,
]);
var msg359 = match({
id: "MESSAGE#103:106101",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("106101"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg360 = match({
id: "MESSAGE#439:320001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("320001"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg361 = match({
id: "MESSAGE#548:400051",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1001020205"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("400051"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg362 = match({
id: "MESSAGE#1182:724002",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> %{event_description->}. %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("724002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg363 = match({
id: "MESSAGE#514:400017",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400017"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg364 = match({
id: "MESSAGE#644:415011",
dissect: {
tokenizer: "%{sigid->} HTTP URL Length exceeded. Received %{priority->} byte URL - %{listnum->} URI length exceeded from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415011"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP URL Length exceeded"),
}),
]),
});
var msg365 = match({
id: "MESSAGE#786:614001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("614001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg366 = match({
id: "MESSAGE#1187:725002/0",
dissect: {
tokenizer: "Device completed SSL handshake with %{p0->}",
field: "nwparser.payload",
},
});
var msg367 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{fld1->}_%{fld2->}_%{saddr->}/%{sport->} to %{daddr->}/%{dport->} for %{version->} session ",
field: "nwparser.p2",
},
});
var msg368 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->} for %{version->} session ",
field: "nwparser.p2",
},
});
var msg369 = match({
id: "MESSAGE#1187:725002/3",
dissect: {
tokenizer: "%{hostip->}/%{network_port->}",
field: "nwparser.p2",
},
});
var select91 = linear_select([
msg367,
msg368,
msg369,
]);
var all95 = all_match({
processors: [
msg366,
dup92,
dup249,
select91,
],
on_success: processor_chain([
dup250,
set_field({
dest: "nwparser.msg_id1",
value: constant("725002"),
}),
dup11,
dup43,
dup40,
dup2,
dup35,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Device completed SSL handshake"),
}),
]),
});
var msg370 = match({
id: "MESSAGE#219:201004:01/0",
dissect: {
tokenizer: "Too many %{protocol->} connections on %{p0->}",
field: "nwparser.payload",
},
});
var msg371 = match({
id: "MESSAGE#219:201004:01/2",
dissect: {
tokenizer: "%{->} %{hostip->}! %{fld1->}",
field: "nwparser.p1",
},
});
var all96 = all_match({
processors: [
msg370,
dup251,
msg371,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201004:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg372 = match({
id: "MESSAGE#220:201004",
dissect: {
tokenizer: "Too many embryonic connections on STRING %{hostip->} %{fld1->}/%{fld2->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("201004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select92 = linear_select([
all96,
msg372,
]);
var msg373 = match({
id: "MESSAGE#415:315003/0",
dissect: {
tokenizer: "SSH login session failed from %{saddr->} on (%{fld1->} attempts) on interface %{interface->} by user %{p0->}",
field: "nwparser.payload",
},
});
var all97 = all_match({
processors: [
msg373,
dup238,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315003"),
}),
dup2,
dup3,
dup4,
dup5,
dup252,
]),
});
var msg374 = match({
id: "MESSAGE#416:315003:01/0",
dissect: {
tokenizer: "SSH login session failed from %{saddr->}(%{fld1->} attempts) on interface %{interface->} by user %{p0->}",
field: "nwparser.payload",
},
});
var all98 = all_match({
processors: [
msg374,
dup187,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("315003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup252,
]),
});
var select93 = linear_select([
all97,
all98,
]);
var msg375 = match({
id: "MESSAGE#449:323001",
dissect: {
tokenizer: "Module in slot %{fld1->} experienced a control channel communication failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("323001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg376 = match({
id: "MESSAGE#453:324000/0",
dissect: {
tokenizer: "Drop GTP%{p0->}",
field: "nwparser.payload",
},
});
var msg377 = match({
id: "MESSAGE#453:324000/2",
dissect: {
tokenizer: "v%{p1->}",
field: "nwparser.p0",
},
});
var select94 = linear_select([
msg377,
]);
var msg378 = match({
id: "MESSAGE#453:324000/2",
dissect: {
tokenizer: "%{->} %{misc->} message %{fld1->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} Reason: %{result->}",
field: "nwparser.p1",
},
});
var all99 = all_match({
processors: [
msg376,
select94,
msg378,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("324000"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Drop GTPv"),
}),
]),
});
var msg379 = match({
id: "MESSAGE#1273:752010",
dissect: {
tokenizer: "IKEv2 Doesn't have a proposal specified%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("752010"),
}),
dup4,
dup5,
dup2,
dup3,
]),
});
var msg380 = match({
id: "MESSAGE#1310:747016",
dissect: {
tokenizer: "Clustering: Found a split cluster with both %{fld1->} and %{fld2->} as master units. Master role retained by %{fld3->}, %{fld4->} will leave then join as a slave",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("747016"),
}),
dup2,
dup3,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Found a split cluster"),
}),
]),
});
var msg381 = match({
id: "MESSAGE#754:611102/0",
dissect: {
tokenizer: "User authentication failed: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all100 = all_match({
processors: [
msg381,
dup238,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("611102"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
dup253,
]),
});
var msg382 = match({
id: "MESSAGE#1299:611102:01/0",
dissect: {
tokenizer: "User authentication failed: IP address: %{p0->}",
field: "nwparser.payload",
},
});
var msg383 = match({
id: "MESSAGE#1299:611102:01/1",
dissect: {
tokenizer: "%{saddr->}, Uname: %{username->}",
field: "nwparser.p0",
},
});
var msg384 = match({
id: "MESSAGE#1299:611102:01/1",
dissect: {
tokenizer: "%{saddr->}",
field: "nwparser.p0",
},
});
var select95 = linear_select([
msg383,
msg384,
]);
var all101 = all_match({
processors: [
msg382,
select95,
],
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("611102:01"),
}),
dup7,
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
dup253,
]),
});
var select96 = linear_select([
all100,
all101,
]);
var msg385 = match({
id: "MESSAGE#1198:725010/0",
dissect: {
tokenizer: "Device supports the following %{fld1->} cipher(s)%{p0->}",
field: "nwparser.payload",
},
});
var all102 = all_match({
processors: [
msg385,
dup254,
dup255,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725010"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg386 = match({
id: "MESSAGE#119:108005:01",
dissect: {
tokenizer: "Out of SMTP connections! %{saddr->}/%{sport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("108005:01"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Out of SMTP connections"),
}),
]),
});
var msg387 = match({
id: "MESSAGE#120:108005",
dissect: {
tokenizer: "%{network_service->}: Received ESMTP Request from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}; %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup256,
set_field({
dest: "nwparser.msg_id1",
value: constant("108005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Received ESMTP request"),
}),
]),
});
var select97 = linear_select([
msg386,
msg387,
]);
var msg388 = match({
id: "MESSAGE#432:318005",
dissect: {
tokenizer: "lsid %{fld1->} adv %{fld2->} type %{fld3->} gateway %{fld4->} metric %{fld5->} network %{fld6->} mask %{fld7->} protocol %{protocol->} attr %{fld8->} net-metric %{fld9->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("318005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg389 = match({
id: "MESSAGE#546:400049",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup74,
set_field({
dest: "nwparser.msg_id1",
value: constant("400049"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg390 = match({
id: "MESSAGE#649:418001:02",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: icmp src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:02"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup257,
dup258,
dup259,
]),
});
var msg391 = match({
id: "MESSAGE#650:418001:03",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:03"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup257,
dup258,
]),
});
var msg392 = match({
id: "MESSAGE#651:418001:01/0",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol->} src %{p0->}",
field: "nwparser.payload",
},
});
var msg393 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{sport->} (%{domain->}\\%{username->}) dst %{p1->}",
field: "nwparser.p0",
},
});
var msg394 = match({
id: "MESSAGE#651:418001:01/2",
dissect: {
tokenizer: "%{sinterface->}:%{saddr->}/%{sport->} dst %{p1->}",
field: "nwparser.p0",
},
});
var select98 = linear_select([
msg393,
msg394,
]);
var all103 = all_match({
processors: [
msg392,
select98,
dup260,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup261,
dup258,
]),
});
var msg395 = match({
id: "MESSAGE#652:418001",
dissect: {
tokenizer: "Through-the-device packet to/from management-only network is denied: %{protocol->} from %{sinterface->} %{saddr->} (%{sport->}) to %{dinterface->} %{daddr->} (%{dport->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("418001"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup261,
dup258,
]),
});
var select99 = linear_select([
msg390,
msg391,
all103,
msg395,
]);
var msg396 = match({
id: "MESSAGE#64:106007",
dissect: {
tokenizer: "Deny %{direction->} %{protocol->} from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} due to DNS %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106007"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg397 = match({
id: "MESSAGE#392:307002",
dissect: {
tokenizer: "%{result->} session from %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("307002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg398 = match({
id: "MESSAGE#417:315004/0",
dissect: {
tokenizer: "Fail to establish SSH session because%{p0->}",
field: "nwparser.payload",
},
});
var msg399 = match({
id: "MESSAGE#417:315004/1",
dissect: {
tokenizer: "%{->}PIX RSA host key retrieval failed.",
field: "nwparser.p0",
},
});
var msg400 = match({
id: "MESSAGE#417:315004/1",
dissect: {
tokenizer: "%{space->}RSA host key retrieval failed.",
field: "nwparser.p0",
},
});
var select100 = linear_select([
msg399,
msg400,
]);
var all104 = all_match({
processors: [
msg398,
select100,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("315004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg401 = match({
id: "MESSAGE#1006:715034",
dissect: {
tokenizer: "IP = %{saddr->}, %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715034"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg402 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "'%{username->}' , running '%{p1->}",
field: "nwparser.p0",
},
});
var msg403 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "%{username->} , running '%{p1->}",
field: "nwparser.p0",
},
});
var select101 = linear_select([
msg402,
msg403,
]);
var msg404 = match({
id: "MESSAGE#174:111010/2",
dissect: {
tokenizer: "%{fld1->}' from IP %{saddr->}, executed '%{action->}'",
field: "nwparser.p1",
},
});
var all105 = all_match({
processors: [
dup262,
select101,
msg404,
],
on_success: processor_chain([
dup263,
set_field({
dest: "nwparser.msg_id1",
value: constant("111010"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("User executed cmd"),
}),
]),
});
var msg405 = match({
id: "MESSAGE#682:502103/0",
dissect: {
tokenizer: "User priv level changed: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var msg406 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "'%{username->}' From: %{p1->}",
field: "nwparser.p0",
},
});
var msg407 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "%{username->} From: %{p1->}",
field: "nwparser.p0",
},
});
var select102 = linear_select([
msg406,
msg407,
]);
var msg408 = match({
id: "MESSAGE#682:502103/2",
dissect: {
tokenizer: "%{fld1->} To: %{fld2->}",
field: "nwparser.p1",
},
});
var all106 = all_match({
processors: [
msg405,
select102,
msg408,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1402020300"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502103"),
}),
dup17,
dup13,
dup217,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("User priv level change"),
}),
]),
});
var msg409 = match({
id: "MESSAGE#1313:199015",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{saddr->} %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199015"),
}),
dup3,
dup4,
dup5,
]),
});
var msg410 = match({
id: "MESSAGE#47:105038",
dissect: {
tokenizer: "(%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("105038"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg411 = match({
id: "MESSAGE#486:338204/2",
dissect: {
tokenizer: "ilter dropped greylisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), destination %{fld1->} resolved from %{fld2->} list:%{web_domain->} threat-level: %{severity->}, category: %{result->}",
field: "nwparser.p1",
},
});
var all107 = all_match({
processors: [
dup183,
dup184,
msg411,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338204"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg412 = match({
id: "MESSAGE#732:604104",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("604104"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg413 = match({
id: "MESSAGE#1243:737017/2",
dissect: {
tokenizer: "%{->}DHCP request attempt %{dclass_counter1->} succeeded",
field: "nwparser.p1",
},
});
var all108 = all_match({
processors: [
dup53,
dup265,
msg413,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737017"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("DHCP request attempt succeeded"),
}),
]),
});
var msg414 = match({
id: "MESSAGE#575:403107",
dissect: {
tokenizer: "PPP virtual interface %{interface->} missing aaa server group info",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("403107"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg415 = match({
id: "MESSAGE#625:411005/2",
dissect: {
tokenizer: "nterface %{interface->} experienced a hardware transmit hang. %{result->}.",
field: "nwparser.p1",
},
});
var all109 = all_match({
processors: [
dup44,
dup266,
msg415,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("411005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.misc",
value: constant("Interface experienced a hardware transmit hang"),
}),
]),
});
var msg416 = match({
id: "MESSAGE#907:713145",
dissect: {
tokenizer: "Group = %{group->}, Username = %{username->}, IP = %{saddr->}, Detected Hardware Client in network extension mode, %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713145"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Detected Hardware Client in network extension mode"),
}),
]),
});
var msg417 = match({
id: "MESSAGE#1269:751014",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} %{severity->} Configuration Payload request for attribute %{obj_name->} could not be processed. Error: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("751014"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Configuration Payload request for attribute could not be processed"),
}),
]),
});
var msg418 = match({
id: "MESSAGE#426:317004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("317004"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg419 = match({
id: "MESSAGE#1163:722027/4",
dissect: {
tokenizer: "SVC decompression history reset%{->}",
field: "nwparser.p3",
},
});
var all110 = all_match({
processors: [
dup77,
dup182,
dup267,
dup268,
msg419,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722027"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg420 = match({
id: "MESSAGE#761:611305",
dissect: {
tokenizer: "VPNClient: DHCP Policy installed:%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611305"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup269,
]),
});
var msg421 = match({
id: "MESSAGE#1225:735011",
dissect: {
tokenizer: "Power Supply %{dclass_counter1->}: Fan OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("735011"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Power Supply Fan OK"),
}),
]),
});
var msg422 = match({
id: "MESSAGE#1285:746014",
dissect: {
tokenizer: "user-identity: [FQDN] %{domain->} address %{hostip->} obsolete",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("746014"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg423 = match({
id: "MESSAGE#836:709003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709003"),
}),
dup38,
dup39,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg424 = match({
id: "MESSAGE#895:713129",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->} payload type: %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("713129"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg425 = match({
id: "MESSAGE#1161:722023/4",
dissect: {
tokenizer: "SVC connection terminated with%{p4->}",
field: "nwparser.p3",
},
});
var msg426 = match({
id: "MESSAGE#1161:722023/6",
dissect: {
tokenizer: "%{->}compression",
field: "nwparser.p5",
},
});
var all111 = all_match({
processors: [
dup77,
dup182,
dup267,
dup268,
msg425,
dup270,
msg426,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("722023"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg427 = match({
id: "MESSAGE#1214:734001/2",
dissect: {
tokenizer: "%{hostip->}, %{result->}",
field: "nwparser.p1",
},
});
var all112 = all_match({
processors: [
dup211,
dup212,
msg427,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("734001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg428 = match({
id: "MESSAGE#254:212001",
dissect: {
tokenizer: "Unable to open %{protocol->} channel (UDP port %{network_port->}) on interface %{interface->}, error code = %{resultcode->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup75,
set_field({
dest: "nwparser.msg_id1",
value: constant("212001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg429 = match({
id: "MESSAGE#787:614002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("614002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg430 = match({
id: "MESSAGE#847:710006",
dissect: {
tokenizer: "%{protocol->} request discarded from %{saddr->} to %{dinterface->}:%{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("710006"),
}),
dup42,
dup43,
dup99,
dup2,
dup3,
dup4,
dup5,
dup27,
dup271,
]),
});
var msg431 = match({
id: "MESSAGE#1039:715068",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("715068"),
}),
dup7,
dup13,
dup38,
dup2,
dup3,
dup4,
dup5,
dup245,
]),
});
var msg432 = match({
id: "MESSAGE#2:101003",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("101003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg433 = match({
id: "MESSAGE#142:109018/1",
dissect: {
tokenizer: "'%{listnum->}' is empty",
field: "nwparser.p0",
},
});
var msg434 = match({
id: "MESSAGE#142:109018/1",
dissect: {
tokenizer: "%{listnum->} is empty",
field: "nwparser.p0",
},
});
var select103 = linear_select([
msg433,
msg434,
]);
var all113 = all_match({
processors: [
dup96,
select103,
],
on_success: processor_chain([
dup6,
set_field({
dest: "nwparser.msg_id1",
value: constant("109018"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("ACL is empty"),
}),
]),
});
var msg435 = match({
id: "MESSAGE#695:505006",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup272,
set_field({
dest: "nwparser.msg_id1",
value: constant("505006"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all114 = all_match({
processors: [
dup79,
dup273,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715021"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg436 = match({
id: "MESSAGE#96:106027/0",
dissect: {
tokenizer: "Deny %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} by access-group %{p0->}",
field: "nwparser.payload",
},
});
var all115 = all_match({
processors: [
msg436,
dup274,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106027"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup275,
dup27,
]),
});
var msg437 = match({
id: "MESSAGE#385:305013/0",
dissect: {
tokenizer: "%{result->}; Connection for %{protocol->} src %{sinterface->}:%{saddr->}/%{p0->}",
field: "nwparser.payload",
},
});
var select104 = linear_select([
dup276,
dup277,
]);
var msg438 = match({
id: "MESSAGE#385:305013/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} denied due to NAT reverse path failure",
field: "nwparser.p1",
},
});
var all116 = all_match({
processors: [
msg437,
select104,
msg438,
],
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013"),
}),
dup2,
dup35,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var msg439 = match({
id: "MESSAGE#386:305013:01",
dissect: {
tokenizer: "%{result->}; Connection for %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->}) denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var msg440 = match({
id: "MESSAGE#388:305013:02",
dissect: {
tokenizer: "%{result->}; Connection for protocol %{protocol->} src %{sinterface->}:%{saddr->} dst %{dinterface->}:%{daddr->} denied due to NAT reverse path failure",
field: "nwparser.payload",
},
on_success: processor_chain([
dup24,
set_field({
dest: "nwparser.msg_id1",
value: constant("305013:02"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
dup278,
]),
});
var select105 = linear_select([
all116,
msg439,
msg440,
]);
var msg441 = match({
id: "MESSAGE#796:617004",
dissect: {
tokenizer: "GTP connection created for response from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("617004"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("GTP connection created"),
}),
]),
});
var msg442 = match({
id: "MESSAGE#905:713141",
dissect: {
tokenizer: "IP = %{saddr->}, %{event_description->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713141"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg443 = match({
id: "MESSAGE#552:401004/2",
dissect: {
tokenizer: "%{->}packet: %{saddr->} ==> %{daddr->} on interface %{interface->}",
field: "nwparser.p1",
},
});
var all117 = all_match({
processors: [
dup162,
dup279,
msg443,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("401004"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Packet dropped"),
}),
]),
});
var msg444 = match({
id: "MESSAGE#569:402130",
dissect: {
tokenizer: "CRYPTO: Received an ESP packet (SPI = %{dst_spi->}, sequence number= %{fld2->}) from %{saddr->} (user= %{username->}) to %{daddr->} with incorrect IPsec padding. (padding: %{fld3->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402130"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Received an ESP packet with incorrect IPsec padding"),
}),
]),
});
var msg445 = match({
id: "MESSAGE#944:713235/2",
dissect: {
tokenizer: "%{saddr->}, %{event_description->}. %{fld1->}",
field: "nwparser.p1",
},
});
var all118 = all_match({
processors: [
dup22,
dup23,
msg445,
],
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713235"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg446 = match({
id: "MESSAGE#945:713235:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, %{action->}. %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup50,
set_field({
dest: "nwparser.msg_id1",
value: constant("713235:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select106 = linear_select([
all118,
msg446,
]);
var msg447 = match({
id: "MESSAGE#1141:720055",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("720055"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg448 = match({
id: "MESSAGE#349:303004",
dissect: {
tokenizer: "FTP %{action->} command unsupported - failed strict inspection, %{result->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("303004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("FTP command unsupported - failed strict inspection"),
}),
]),
});
var msg449 = match({
id: "MESSAGE#1082:717036",
dissect: {
tokenizer: "Looking for a tunnel group match based on certificate maps for peer certificate with serial number: %{serial_number->}, subject name: %{cert_subject->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("717036"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var all119 = all_match({
processors: [
dup44,
dup280,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("714011"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg450 = match({
id: "MESSAGE#990:714011:01/0",
dissect: {
tokenizer: "%{->}ID_IPV4_ADDR%{p0->}",
field: "nwparser.payload",
},
});
var msg451 = match({
id: "MESSAGE#990:714011:01/2",
dissect: {
tokenizer: "_SUBNET%{p1->}",
field: "nwparser.p0",
},
});
var select107 = linear_select([
msg451,
]);
var msg452 = match({
id: "MESSAGE#990:714011:01/2",
dissect: {
tokenizer: "%{->}ID %{fld1->}",
field: "nwparser.p1",
},
});
var all120 = all_match({
processors: [
msg450,
select107,
msg452,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("714011:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select108 = linear_select([
all119,
all120,
]);
var msg453 = match({
id: "MESSAGE#302:302014:03/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var msg454 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "\u003c\u003c%{result->}> (%{username->})",
field: "nwparser.p2",
},
});
var msg455 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "%{result->} (%{username->})",
field: "nwparser.p2",
},
});
var msg456 = match({
id: "MESSAGE#302:302014:03/3",
dissect: {
tokenizer: "(%{result->}) ",
field: "nwparser.p2",
},
});
var select109 = linear_select([
msg454,
msg455,
msg456,
dup281,
]);
var all121 = all_match({
processors: [
dup146,
dup147,
msg453,
select109,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:03"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg457 = match({
id: "MESSAGE#303:302014:02/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}(%{ddomain->}\\%{c_username->}) duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var msg458 = match({
id: "MESSAGE#303:302014:02/1",
dissect: {
tokenizer: "%{->} %{result->}",
field: "nwparser.p0",
},
});
var select110 = linear_select([
dup282,
msg458,
]);
var all122 = all_match({
processors: [
msg457,
select110,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg459 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{->} %{saddr->}/%{sport->}(%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var msg460 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to%{p1->}",
field: "nwparser.p0",
},
});
var select111 = linear_select([
dup283,
msg459,
msg460,
]);
var msg461 = match({
id: "MESSAGE#304:302014:04/2",
dissect: {
tokenizer: "%{->} %{dinterface->}:%{daddr->}/%{dport->}(%{fld20->}) duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var all123 = all_match({
processors: [
dup146,
select111,
msg461,
dup284,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:04"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg462 = match({
id: "MESSAGE#305:302014:05/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->}(%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var msg463 = match({
id: "MESSAGE#305:302014:05/1",
dissect: {
tokenizer: "%{info->} (%{username->})",
field: "nwparser.p0",
},
});
var msg464 = match({
id: "MESSAGE#305:302014:05/1",
dissect: {
tokenizer: "%{info->}",
field: "nwparser.p0",
},
});
var select112 = linear_select([
msg463,
msg464,
]);
var all124 = all_match({
processors: [
msg462,
select112,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:05"),
}),
dup42,
dup43,
dup40,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select113 = linear_select([
dup283,
dup156,
]);
var msg465 = match({
id: "MESSAGE#306:302014/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p2->}",
field: "nwparser.p1",
},
});
var all125 = all_match({
processors: [
dup146,
select113,
msg465,
dup284,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var msg466 = match({
id: "MESSAGE#307:302014:01/0",
dissect: {
tokenizer: "Teardown %{protocol->} connection %{connectionid->} faddr %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} laddr %{daddr->}/%{dport->} duration %{duration->} bytes %{bytes->} %{p0->}",
field: "nwparser.payload",
},
});
var select114 = linear_select([
dup282,
dup285,
]);
var all126 = all_match({
processors: [
msg466,
select114,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("302014:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup27,
dup148,
dup149,
]),
});
var select115 = linear_select([
all121,
all122,
all123,
all124,
all125,
all126,
]);
var msg467 = match({
id: "MESSAGE#760:611304",
dissect: {
tokenizer: "VPNClient: NAT exemption configured for Network Extension Mode with split tunneling: Split Tunnel Networks:%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup126,
set_field({
dest: "nwparser.msg_id1",
value: constant("611304"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
dup286,
]),
});
var all127 = all_match({
processors: [
dup287,
dup89,
dup288,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702211:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var all128 = all_match({
processors: [
dup287,
dup89,
dup290,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702211"),
}),
dup7,
dup2,
dup3,
dup289,
dup4,
dup5,
]),
});
var select116 = linear_select([
all127,
all128,
]);
var msg468 = match({
id: "MESSAGE#849:711001",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("711001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg469 = match({
id: "MESSAGE#12:120008",
dissect: {
tokenizer: "Call-Home client %{action->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("120008"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Call-Home client activity"),
}),
]),
});
var msg470 = match({
id: "MESSAGE#236:209001",
dissect: {
tokenizer: "IPFRAG: Unable to allocate frag record for %{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("209001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Unable to allocate frag record"),
}),
]),
});
var msg471 = match({
id: "MESSAGE#659:420004",
dissect: {
tokenizer: "Virtual Sensor %{vsys->} was added on the %{product->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("420004"),
}),
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Virtual Sensor added"),
}),
]),
});
var msg472 = match({
id: "MESSAGE#580:403501",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("403501"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg473 = match({
id: "MESSAGE#1095:718033",
dissect: {
tokenizer: "Send TOPOLOGY indicator failure to [%{daddr->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718033"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Sent TOPOLOGY indicator failure"),
}),
]),
});
var msg474 = match({
id: "MESSAGE#123:109002/0",
dissect: {
tokenizer: "%{->}Auth %{p0->}",
field: "nwparser.payload",
},
});
var msg475 = match({
id: "MESSAGE#123:109002/2",
dissect: {
tokenizer: "from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} failed (server %{hostip->} failed) on interface %{sinterface->}",
field: "nwparser.p1",
},
});
var all129 = all_match({
processors: [
msg474,
dup254,
msg475,
],
on_success: processor_chain([
dup86,
set_field({
dest: "nwparser.msg_id1",
value: constant("109002"),
}),
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
dup291,
set_field({
dest: "nwparser.result",
value: constant("server failed"),
}),
]),
});
var msg476 = match({
id: "MESSAGE#239:209004",
dissect: {
tokenizer: "Invalid IP fragment, size = %{icmptype->} exceeds maximum size = %{icmpcode->}: %{space->} src = %{saddr->}, dest = %{daddr->}, proto = %{protocol->}, id = %{fld1->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("209004"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("Invalid IP fragment"),
}),
set_field({
dest: "nwparser.result",
value: constant("size exceeded"),
}),
]),
});
var msg477 = match({
id: "MESSAGE#421:316001",
dissect: {
tokenizer: "Denied new tunnel to %{saddr->} VPN peer limit (%{fld1->}) exceeded.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("316001"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("denied new VPN tunnel"),
}),
set_field({
dest: "nwparser.result",
value: constant("VPN peer limit exceeded"),
}),
]),
});
var msg478 = match({
id: "MESSAGE#422:316001:01/0",
dissect: {
tokenizer: "Cannot %{p0->}",
field: "nwparser.payload",
},
});
var msg479 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "%{->}create%{p1->}",
field: "nwparser.p0",
},
});
var msg480 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "creat%{p1->}",
field: "nwparser.p0",
},
});
var select117 = linear_select([
msg479,
msg480,
]);
var msg481 = match({
id: "MESSAGE#422:316001:01/2",
dissect: {
tokenizer: "%{->}more isakmp peers, exceeding the limit of %{fld1->} peers",
field: "nwparser.p1",
},
});
var all130 = all_match({
processors: [
msg478,
select117,
msg481,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("316001:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("cannot create isakmp peers"),
}),
set_field({
dest: "nwparser.result",
value: constant("peer limit exceeded"),
}),
]),
});
var select118 = linear_select([
msg477,
all130,
]);
var msg482 = match({
id: "MESSAGE#494:338308",
dissect: {
tokenizer: "Dynamic filter updater server dynamically changed from %{change_old->} to %{change_new->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup157,
set_field({
dest: "nwparser.msg_id1",
value: constant("338308"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Dynamic filter updater server dynamically changed"),
}),
]),
});
var msg483 = match({
id: "MESSAGE#1078:717028",
dissect: {
tokenizer: "Certificate chain was successfully validated %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup292,
set_field({
dest: "nwparser.msg_id1",
value: constant("717028"),
}),
dup293,
dup38,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Certificate chain successfully validated"),
}),
]),
});
var msg484 = match({
id: "MESSAGE#77:106013:01",
dissect: {
tokenizer: "Dropping echo request from %{saddr->} to PAT address %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106013:01"),
}),
dup99,
dup102,
dup43,
dup14,
dup2,
dup3,
dup294,
dup4,
dup5,
]),
});
var msg485 = match({
id: "MESSAGE#78:106013",
dissect: {
tokenizer: "Dropping echo request from %{saddr->} to address %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106013"),
}),
dup99,
dup102,
dup43,
dup2,
dup3,
dup294,
dup4,
dup5,
]),
});
var select119 = linear_select([
msg484,
msg485,
]);
var msg486 = match({
id: "MESSAGE#382:305012:02",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->}(%{fld51->}) to %{dinterface->}(%{fld52->}):%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg487 = match({
id: "MESSAGE#383:305012/0",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var msg488 = match({
id: "MESSAGE#383:305012/2",
dissect: {
tokenizer: "%{dinterface->}:%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all131 = all_match({
processors: [
msg487,
dup296,
msg488,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg489 = match({
id: "MESSAGE#384:305012:01/0",
dissect: {
tokenizer: "Teardown %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{p0->}",
field: "nwparser.payload",
},
});
var msg490 = match({
id: "MESSAGE#384:305012:01/2",
dissect: {
tokenizer: "%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all132 = all_match({
processors: [
msg489,
dup297,
msg490,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305012:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select120 = linear_select([
msg486,
all131,
all132,
]);
var msg491 = match({
id: "MESSAGE#401:311001",
dissect: {
tokenizer: "LU loading standby start%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311001"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU loading standby start"),
}),
dup4,
dup5,
]),
});
var msg492 = match({
id: "MESSAGE#455:324002",
dissect: {
tokenizer: "No %{fld1->} exists to process GTPv0 %{fld2->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}, TID: %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("nonexistent resource to process GTP request"),
}),
]),
});
var msg493 = match({
id: "MESSAGE#95:106025",
dissect: {
tokenizer: "%{event_description->}: %{interface->} %{protocol->} src %{saddr->}/%{sport->} dest %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("106025"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg494 = match({
id: "MESSAGE#629:413003/0",
dissect: {
tokenizer: "Module in slot %{fld1->} is not a recognized type%{p0->}",
field: "nwparser.payload",
},
});
var select121 = linear_select([
dup298,
]);
var all133 = all_match({
processors: [
msg494,
select121,
dup223,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("413003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg495 = match({
id: "MESSAGE#1115:720006",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720006"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg496 = match({
id: "MESSAGE#1246:737026",
dissect: {
tokenizer: "%{process->}: Client assigned %{hostip->} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737026"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg497 = match({
id: "MESSAGE#1247:737026:01",
dissect: {
tokenizer: "%{process->}: Session=%{sessionid->}, Client assigned %{hostip->} from local pool",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("737026:01"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select122 = linear_select([
msg496,
msg497,
]);
var msg498 = match({
id: "MESSAGE#626:412001",
dissect: {
tokenizer: "MAC %{interface->} moved from %{src_zone->} to %{dst_zone->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("412001"),
}),
dup38,
dup13,
dup39,
dup40,
dup3,
dup4,
dup5,
]),
});
var msg499 = match({
id: "MESSAGE#656:420002:01",
dissect: {
tokenizer: "IPS requested to drop %{protocol->} packets %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} (type %{icmptype->}, code %{icmpcode->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("420002:01"),
}),
dup42,
dup43,
dup19,
dup14,
dup2,
dup3,
dup4,
dup5,
dup299,
]),
});
var msg500 = match({
id: "MESSAGE#657:420002",
dissect: {
tokenizer: "%{service->} requested to drop %{protocol->} packet from %{sinterface->}:%{saddr->}/%{sport->} %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("420002"),
}),
dup42,
dup43,
dup19,
dup2,
dup3,
dup4,
dup5,
dup299,
]),
});
var select123 = linear_select([
msg499,
msg500,
]);
var msg501 = match({
id: "MESSAGE#676:500003",
dissect: {
tokenizer: "Bad %{protocol->} hdr length (hdrlen=%{fld1->}, pktlen=%{fld2->}) from %{saddr->}/%{sport->} to %{daddr->}/%{dport->}, flags: %{fld3->}, on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("500003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Bad hdr length"),
}),
]),
});
var all134 = all_match({
processors: [
dup22,
dup23,
dup300,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713035"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg502 = match({
id: "MESSAGE#861:713035:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{action->}:%{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713035:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select124 = linear_select([
all134,
msg502,
]);
var msg503 = match({
id: "MESSAGE#162:110003:01/0",
dissect: {
tokenizer: "Routing failed to locate %{p0->}",
field: "nwparser.payload",
},
});
var msg504 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "next-hop %{p1->}",
field: "nwparser.p0",
},
});
var msg505 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "%{->}next hop%{p1->}",
field: "nwparser.p0",
},
});
var select125 = linear_select([
msg504,
msg505,
]);
var msg506 = match({
id: "MESSAGE#162:110003:01/2",
dissect: {
tokenizer: "%{->}for %{protocol->} from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all135 = all_match({
processors: [
msg503,
select125,
msg506,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: dup301,
}),
set_field({
dest: "nwparser.event_description",
value: dup301,
}),
]),
});
var msg507 = match({
id: "MESSAGE#163:110003:02",
dissect: {
tokenizer: "No interface is configured (with %{interface->}).",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003:02"),
}),
dup14,
dup2,
dup4,
dup5,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("No interface configured"),
}),
]),
});
var msg508 = match({
id: "MESSAGE#164:110003",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("110003"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select126 = linear_select([
all135,
msg507,
msg508,
]);
var msg509 = match({
id: "MESSAGE#308:302015:05",
dissect: {
tokenizer: "Built inbound %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->})(%{domain->}\\%{fld3->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->})(%{fld4->}) (%{username->})",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:05"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var msg510 = match({
id: "MESSAGE#309:302015/2",
dissect: {
tokenizer: "%{->}to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->} )%{p2->}",
field: "nwparser.p1",
},
});
var msg511 = match({
id: "MESSAGE#309:302015/3",
dissect: {
tokenizer: "%{->}'%{username->}' ",
field: "nwparser.p2",
},
});
var msg512 = match({
id: "MESSAGE#309:302015/3",
dissect: {
tokenizer: "%{->}(%{username->})",
field: "nwparser.p2",
},
});
var select127 = linear_select([
msg511,
msg512,
]);
var all136 = all_match({
processors: [
dup219,
dup220,
msg510,
select127,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015"),
}),
dup64,
dup102,
dup43,
dup2,
dup3,
dup4,
dup5,
dup192,
dup193,
]),
});
var all137 = all_match({
processors: [
dup221,
dup222,
dup223,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:01"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup194,
dup193,
]),
});
var msg513 = match({
id: "MESSAGE#311:302015:03/0",
dissect: {
tokenizer: "Built %{fld1->} %{protocol->} connection %{connectionid->} for %{dinterface->}:%{daddr->}/%{dport->} (%{p0->}",
field: "nwparser.payload",
},
});
var msg514 = match({
id: "MESSAGE#311:302015:03/2",
dissect: {
tokenizer: "%{dtransaddr->}/%{dtransport->})(%{fld3->}) to %{p1->}",
field: "nwparser.p0",
},
});
var select128 = linear_select([
dup225,
msg514,
dup226,
]);
var all138 = all_match({
processors: [
msg513,
select128,
dup227,
dup228,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:03"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.direction",
value: field("fld1"),
}),
dup193,
]),
});
var msg515 = match({
id: "MESSAGE#312:302015:04",
dissect: {
tokenizer: "Built %{protocol->} connection %{connectionid->} for %{sinterface->} %{saddr->}/%{sport->} gaddr %{hostip->}/%{network_port->} %{dinterface->} %{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302015:04"),
}),
dup64,
dup102,
dup43,
dup14,
dup2,
dup3,
dup4,
dup5,
dup193,
]),
});
var select129 = linear_select([
msg509,
all136,
all137,
all138,
msg515,
]);
var msg516 = match({
id: "MESSAGE#527:400030",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400030"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg517 = match({
id: "MESSAGE#592:405103",
dissect: {
tokenizer: "H225 message from %{saddr->}/%{sport->} to %{daddr->}/%{dport->} contains bad protocol discriminator %{protocol->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup41,
set_field({
dest: "nwparser.msg_id1",
value: constant("405103"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("H225 message contains bad protocol discriminator"),
}),
]),
});
var msg518 = match({
id: "MESSAGE#1034:715061",
dissect: {
tokenizer: "Group = %{group->} IP = %{saddr->}, %{action->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715061"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg519 = match({
id: "MESSAGE#1208:730010",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> VLAN Mapping is enabled on VLAN \u003c\u003c%{instance->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("730010"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VLAN Mapping is enabled on VLAN"),
}),
]),
});
var msg520 = match({
id: "MESSAGE#27:105002",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup59,
set_field({
dest: "nwparser.msg_id1",
value: constant("105002"),
}),
dup60,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg521 = match({
id: "MESSAGE#461:325001",
dissect: {
tokenizer: "Router %{hostip_v6->} on %{interface->} has conflicting ND (Neighbor Discovery) settings",
field: "nwparser.payload",
},
on_success: processor_chain([
dup229,
set_field({
dest: "nwparser.msg_id1",
value: constant("325001"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg522 = match({
id: "MESSAGE#1013:715040",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715040"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg523 = match({
id: "MESSAGE#1025:715053/2",
dissect: {
tokenizer: "%{saddr->}, MODE_CFG: %{action->}",
field: "nwparser.p1",
},
});
var all139 = all_match({
processors: [
dup22,
dup23,
msg523,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715053"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg524 = match({
id: "MESSAGE#1026:715053:01",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->}, MODE_CFG: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715053:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select130 = linear_select([
all139,
msg524,
]);
var msg525 = match({
id: "MESSAGE#1307:776252",
dissect: {
tokenizer: "CTS SGT-MAP: Binding %{saddr->}/%{sport->}->%{fld1->}:%{group->} from %{fld2->} deleted from binding manager.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("776252"),
}),
dup14,
dup3,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("deleted to binding manager"),
}),
]),
});
var msg526 = match({
id: "MESSAGE#7:103002:01",
dissect: {
tokenizer: "(%{context->}) %{event_description->} failed",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("103002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup302,
]),
});
var msg527 = match({
id: "MESSAGE#8:103002",
dissect: {
tokenizer: "(%{context->})%{event_description->} OK",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("103002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.disposition",
value: constant("OK"),
}),
]),
});
var select131 = linear_select([
msg526,
msg527,
]);
var msg528 = match({
id: "MESSAGE#184:113008/0",
dissect: {
tokenizer: "AAA transaction status %{disposition->} : user = %{p0->}",
field: "nwparser.payload",
},
});
var all140 = all_match({
processors: [
msg528,
dup238,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113008"),
}),
dup17,
dup65,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg529 = match({
id: "MESSAGE#374:305007",
dissect: {
tokenizer: "%{fld1->}(): Orphan IP %{hostip->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("305007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Orphan IP detected on interface"),
}),
]),
});
var msg530 = match({
id: "MESSAGE#505:400008",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup113,
set_field({
dest: "nwparser.msg_id1",
value: constant("400008"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all141 = all_match({
processors: [
dup22,
dup23,
dup241,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("713132"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg531 = match({
id: "MESSAGE#364:305003",
dissect: {
tokenizer: "Teardown translation for global %{hostip->} local %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305003"),
}),
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg532 = match({
id: "MESSAGE#365:305003:01",
dissect: {
tokenizer: "Teardown translation for %{hostip->} %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305003:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select132 = linear_select([
msg531,
msg532,
]);
var msg533 = match({
id: "MESSAGE#481:338103/2",
dissect: {
tokenizer: "ilter %{action->} whitelisted %{protocol->} traffic from %{sinterface->}:%{saddr->}/%{sport->} (%{stransaddr->}/%{stransport->}) to %{dinterface->}:%{daddr->}/%{dport->} (%{dtransaddr->}/%{dtransport->}), source %{hostip->} resolved from %{listnum->} list:%{info->}",
field: "nwparser.p1",
},
});
var all142 = all_match({
processors: [
dup183,
dup184,
msg533,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("338103"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg534 = match({
id: "MESSAGE#767:611311",
dissect: {
tokenizer: "VPNClient: XAUTH Failed: Peer: %{saddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup16,
set_field({
dest: "nwparser.msg_id1",
value: constant("611311"),
}),
dup7,
dup18,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("XAUTH failed"),
}),
]),
});
var msg535 = match({
id: "MESSAGE#833:703002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("703002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg536 = match({
id: "MESSAGE#1100:718046",
dissect: {
tokenizer: "Create group policy [%{policyname->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("718046"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Create group policy"),
}),
]),
});
var msg537 = match({
id: "MESSAGE#264:214001",
dissect: {
tokenizer: "Terminating manager session from %{saddr->} on interface %{interface->}.%{space->}Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("214001"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Terminated manager session"),
}),
]),
});
var msg538 = match({
id: "MESSAGE#544:400047",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400047"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg539 = match({
id: "MESSAGE#933:713219/2",
dissect: {
tokenizer: "Group = %{group->} %{p1->}",
field: "nwparser.p0",
},
});
var select133 = linear_select([
msg539,
]);
var msg540 = match({
id: "MESSAGE#933:713219/2",
dissect: {
tokenizer: "IP = %{saddr->} Queuing KEY-ACQUIRE messages to be processed when P1 SA is complete",
field: "nwparser.p1",
},
});
var all143 = all_match({
processors: [
dup44,
select133,
msg540,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("713219"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("messages enqueued"),
}),
]),
});
var msg541 = match({
id: "MESSAGE#1066:717005",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg542 = match({
id: "MESSAGE#1016:715046:01/1",
dissect: {
tokenizer: "%{->}Username = %{username->}, IP = %{saddr->}, %{p0->}",
field: "nwparser.payload",
},
});
var select134 = linear_select([
dup303,
msg542,
]);
var all144 = all_match({
processors: [
select134,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715046:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all145 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715046"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select135 = linear_select([
all144,
all145,
]);
var msg543 = match({
id: "MESSAGE#1058:716051",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{hostip->}> Error adding dynamic ACL for user",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("716051"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Error adding dynamic ACL for user"),
}),
]),
});
var msg544 = match({
id: "MESSAGE#1074:717024",
dissect: {
tokenizer: "Checking CRL from trustpoint: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("717024"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg545 = match({
id: "MESSAGE#1136:720044",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("720044"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg546 = match({
id: "MESSAGE#1202:725013",
dissect: {
tokenizer: "SSL Server %{interface->}:%{hostip->}/%{network_port->} choose cipher : %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("725013"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("SSL Server choose cipher"),
}),
dup4,
dup5,
]),
});
var msg547 = match({
id: "MESSAGE#112:108001/0",
dissect: {
tokenizer: "SMTP made noop: out %{fld1->} in %{fld2->} data%{p0->}",
field: "nwparser.payload",
},
});
var msg548 = match({
id: "MESSAGE#112:108001/2",
dissect: {
tokenizer: ":%{p1->}",
field: "nwparser.p0",
},
});
var select136 = linear_select([
msg548,
]);
var msg549 = match({
id: "MESSAGE#112:108001/2",
dissect: {
tokenizer: "%{->} %{info->}",
field: "nwparser.p1",
},
});
var all146 = all_match({
processors: [
msg547,
select136,
msg549,
],
on_success: processor_chain([
dup195,
set_field({
dest: "nwparser.msg_id1",
value: constant("108001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg550 = match({
id: "MESSAGE#573:403104",
dissect: {
tokenizer: "PPP virtual interface %{interface->} requires mschap for MPPE",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("403104"),
}),
dup38,
dup39,
dup87,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg551 = match({
id: "MESSAGE#734:605002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("605002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg552 = match({
id: "MESSAGE#837:709004",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("709004"),
}),
dup38,
dup39,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var all147 = all_match({
processors: [
dup305,
dup304,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715049:01"),
}),
dup7,
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var all148 = all_match({
processors: [
dup44,
dup47,
dup48,
],
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("715049"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var select137 = linear_select([
all147,
all148,
]);
var msg553 = match({
id: "MESSAGE#1268:751007",
dissect: {
tokenizer: "Local:%{saddr->}:%{sport->} Remote:%{daddr->}:%{dport->} Username:%{username->} Configured attribute not supported for IKEv2. Attribute: %{obj_name->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("751007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Configured attribute not supported for IKEv2"),
}),
]),
});
var msg554 = match({
id: "MESSAGE#167:111003",
dissect: {
tokenizer: "%{hostip->} Erase configuration",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("111003"),
}),
dup38,
dup108,
dup39,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Erase configuration"),
}),
]),
});
var msg555 = match({
id: "MESSAGE#536:400039",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup52,
set_field({
dest: "nwparser.msg_id1",
value: constant("400039"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var all149 = all_match({
processors: [
dup79,
dup80,
dup81,
],
on_success: processor_chain([
dup82,
set_field({
dest: "nwparser.msg_id1",
value: constant("715007"),
}),
dup7,
dup11,
dup12,
dup164,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg556 = match({
id: "MESSAGE#995:715007:01",
dissect: {
tokenizer: "IKE got a KEY_ADD msg for SA: SPI = %{dst_spi->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup250,
set_field({
dest: "nwparser.msg_id1",
value: constant("715007:01"),
}),
dup7,
dup11,
dup12,
dup164,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("IKE got a KEY_ADD msg for SA"),
}),
]),
});
var select138 = linear_select([
all149,
msg556,
]);
var msg557 = match({
id: "MESSAGE#1048:716004/2",
dissect: {
tokenizer: "%{saddr->}> %{network_service->} access DENIED to specified location: %{info->}",
field: "nwparser.p1",
},
});
var all150 = all_match({
processors: [
dup77,
dup78,
msg557,
],
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("716004"),
}),
dup18,
dup17,
dup106,
dup19,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("access DENIED"),
}),
]),
});
var msg558 = match({
id: "MESSAGE#1206:730001",
dissect: {
tokenizer: "Group \u003c\u003c%{group->}> User \u003c\u003c%{username->}> IP \u003c\u003c%{saddr->}> VLAN Mapping to VLAN \u003c\u003c%{instance->}>",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("730001"),
}),
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("VLAN Mapping to VLAN"),
}),
]),
});
var msg559 = match({
id: "MESSAGE#1312:434004",
dissect: {
tokenizer: "SFR requested ASA to bypass further packet redirection and process %{protocol->} flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} locally",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("434004"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("SFR requested ASA to bypass further packet redirection"),
}),
]),
});
var msg560 = match({
id: "MESSAGE#377:305010",
dissect: {
tokenizer: "Teardown %{context->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305010"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var msg561 = match({
id: "MESSAGE#378:305010:01",
dissect: {
tokenizer: "Teardown %{context->} translation from %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} duration %{duration->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305010:01"),
}),
dup42,
dup43,
dup40,
dup14,
dup2,
dup3,
dup4,
dup5,
dup295,
]),
});
var select139 = linear_select([
msg560,
msg561,
]);
var msg562 = match({
id: "MESSAGE#871:713061",
dissect: {
tokenizer: "Group = %{group->}, IP = %{saddr->} , %{action->}:%{info->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup180,
set_field({
dest: "nwparser.msg_id1",
value: constant("713061"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("no matching crypto map entry"),
}),
]),
});
var msg563 = match({
id: "MESSAGE#89:106021",
dissect: {
tokenizer: "Deny %{protocol->} reverse path check from %{saddr->} to %{daddr->} on interface %{interface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("106021"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup196,
]),
});
var msg564 = match({
id: "MESSAGE#122:109001/0",
dissect: {
tokenizer: "Auth start for user %{p0->}",
field: "nwparser.payload",
},
});
var msg565 = match({
id: "MESSAGE#122:109001/2",
dissect: {
tokenizer: "%{saddr->}/%{sport->} to %{daddr->}/%{dport->}",
field: "nwparser.p1",
},
});
var all151 = all_match({
processors: [
msg564,
dup61,
msg565,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("109001"),
}),
dup17,
dup60,
dup18,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Start_Session"),
}),
]),
});
var msg566 = match({
id: "MESSAGE#208:199007/0",
dissect: {
tokenizer: "Reload scheduled for %{fld1->} by %{p0->}",
field: "nwparser.payload",
},
});
var msg567 = match({
id: "MESSAGE#208:199007/2",
dissect: {
tokenizer: "%{fld2->}. Reload reason: %{result->}",
field: "nwparser.p1",
},
});
var all152 = all_match({
processors: [
msg566,
dup104,
msg567,
],
on_success: processor_chain([
dup166,
set_field({
dest: "nwparser.msg_id1",
value: constant("199007"),
}),
dup13,
dup38,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Reload scheduled"),
}),
dup4,
dup5,
]),
});
var msg568 = match({
id: "MESSAGE#336:302023",
dissect: {
tokenizer: "Teardown IP protocol %{protocol->} connection %{connectionid->} for %{sinterface->}:%{saddr->} to %{dinterface->}:%{daddr->} duration %{duration->} bytes %{bytes->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302023"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup306,
]),
});
var msg569 = match({
id: "MESSAGE#337:302023:01",
dissect: {
tokenizer: "Teardown stub %{protocol->} connection for %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} duration %{duration->} forwarded bytes %{bytes->} %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("302023:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
]),
});
var select140 = linear_select([
msg568,
msg569,
]);
var msg570 = match({
id: "MESSAGE#1315:199017",
dissect: {
tokenizer: "%{fld1->} %{fld2->} %{fld3->}:%{fld4->}:%{fld5->} %{fld6->}: %{info->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup264,
set_field({
dest: "nwparser.msg_id1",
value: constant("199017"),
}),
dup3,
dup4,
dup5,
]),
});
var select141 = linear_select([
dup308,
dup309,
]);
var all153 = all_match({
processors: [
dup307,
select141,
dup310,
],
on_success: processor_chain([
dup204,
set_field({
dest: "nwparser.msg_id1",
value: constant("302026"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup311,
]),
});
var msg571 = match({
id: "MESSAGE#559:402116/2",
dissect: {
tokenizer: "%{daddr->}. %{result->}",
field: "nwparser.p1",
},
});
var all154 = all_match({
processors: [
dup312,
dup313,
msg571,
],
on_success: processor_chain([
dup55,
set_field({
dest: "nwparser.msg_id1",
value: constant("402116"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("Bad ESP packet"),
}),
dup56,
]),
});
var msg572 = match({
id: "MESSAGE#844:710003",
dissect: {
tokenizer: "%{protocol->} access denied by ACL from %{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup84,
set_field({
dest: "nwparser.msg_id1",
value: constant("710003"),
}),
dup42,
dup43,
dup99,
dup2,
dup3,
dup4,
dup5,
dup27,
set_field({
dest: "nwparser.event_description",
value: constant("access denied"),
}),
]),
});
var msg573 = match({
id: "MESSAGE#1143:720063",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup58,
set_field({
dest: "nwparser.msg_id1",
value: constant("720063"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg574 = match({
id: "MESSAGE#180:113004/0",
dissect: {
tokenizer: "AAA user a%{p0->}",
field: "nwparser.payload",
},
});
var msg575 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "uthentication%{p1->}",
field: "nwparser.p0",
},
});
var msg576 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "uthorization%{p1->}",
field: "nwparser.p0",
},
});
var msg577 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "ccounting%{p1->}",
field: "nwparser.p0",
},
});
var select142 = linear_select([
msg575,
msg576,
msg577,
]);
var msg578 = match({
id: "MESSAGE#180:113004/2",
dissect: {
tokenizer: "%{->}Successful : server = %{hostip->} : user = %{p2->}",
field: "nwparser.p1",
},
});
var all155 = all_match({
processors: [
msg574,
select142,
msg578,
dup237,
],
on_success: processor_chain([
dup63,
set_field({
dest: "nwparser.msg_id1",
value: constant("113004"),
}),
dup18,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("AAA user accounting/authentication successful"),
}),
]),
});
var msg579 = match({
id: "MESSAGE#637:415005",
dissect: {
tokenizer: "%{sigid->} Content type does not match specified type - %{listnum->} Content Verification Failed from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415005"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("Content type does not match specified type"),
}),
]),
});
var msg580 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "ud%{p1->}",
field: "nwparser.p0",
},
});
var msg581 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "tc%{p1->}",
field: "nwparser.p0",
},
});
var select143 = linear_select([
msg580,
msg581,
]);
var msg582 = match({
id: "MESSAGE#704:507003/2",
dissect: {
tokenizer: "p flow from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->} terminated by %{service->}, reason - %{result->}",
field: "nwparser.p1",
},
});
var all156 = all_match({
processors: [
dup44,
select143,
msg582,
],
on_success: processor_chain([
dup36,
set_field({
dest: "nwparser.msg_id1",
value: constant("507003"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("tcp/udp flow terminated"),
}),
]),
});
var msg583 = match({
id: "MESSAGE#1116:720010",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup160,
set_field({
dest: "nwparser.msg_id1",
value: constant("720010"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg584 = match({
id: "MESSAGE#404:311004",
dissect: {
tokenizer: "LU xmit thread up%{->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup37,
set_field({
dest: "nwparser.msg_id1",
value: constant("311004"),
}),
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("LU xmit thread up"),
}),
dup4,
dup5,
]),
});
var msg585 = match({
id: "MESSAGE#531:400034",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup76,
set_field({
dest: "nwparser.msg_id1",
value: constant("400034"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg586 = match({
id: "MESSAGE#900:713133/2",
dissect: {
tokenizer: "%{saddr->}, Mismatch: %{event_description->}",
field: "nwparser.p1",
},
});
var all157 = all_match({
processors: [
dup22,
dup23,
msg586,
],
on_success: processor_chain([
dup51,
set_field({
dest: "nwparser.msg_id1",
value: constant("713133"),
}),
dup7,
dup38,
dup39,
dup19,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg587 = match({
id: "MESSAGE#1113:720004",
dissect: {
tokenizer: "(VPN-%{context->}) %{event_description->}.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("720004"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var all158 = all_match({
processors: [
dup44,
dup175,
dup33,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("715063"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg588 = match({
id: "MESSAGE#359:304007",
dissect: {
tokenizer: "URL Server %{hostip->} not responding, ENTERING ALLOW mode",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("304007"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg589 = match({
id: "MESSAGE#379:305011:02",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->}(%{fld51->}) to %{dinterface->}(%{fld52->}):%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011:02"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg590 = match({
id: "MESSAGE#380:305011/0",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{p0->}",
field: "nwparser.payload",
},
});
var all159 = all_match({
processors: [
msg590,
dup296,
dup260,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var msg591 = match({
id: "MESSAGE#381:305011:01/0",
dissect: {
tokenizer: "Built %{context->} %{protocol->} translation from %{sinterface->}:%{saddr->}/%{sport->} to %{p0->}",
field: "nwparser.payload",
},
});
var all160 = all_match({
processors: [
msg591,
dup297,
dup314,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("305011:01"),
}),
dup42,
dup43,
dup40,
dup2,
dup3,
dup4,
dup5,
dup234,
]),
});
var select144 = linear_select([
msg589,
all159,
all160,
]);
var msg592 = match({
id: "MESSAGE#747:609001",
dissect: {
tokenizer: "Built local-host %{interface->}:%{hostip->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("609001"),
}),
dup4,
dup5,
dup2,
dup3,
]),
});
var msg593 = match({
id: "MESSAGE#830:702303",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("702303"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg594 = match({
id: "MESSAGE#627:413001",
dissect: {
tokenizer: "Module in slot%{fld1->}is not able to shut down. %{space->} Module Error: %{fld2->} %{fld3->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("413001"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg595 = match({
id: "MESSAGE#748:609002:01/0",
dissect: {
tokenizer: "Teardown local%{p0->}",
field: "nwparser.payload",
},
});
var msg596 = match({
id: "MESSAGE#748:609002:01/2",
dissect: {
tokenizer: "host %{interface->}:%{hostip->} duration %{duration->}",
field: "nwparser.p1",
},
});
var all161 = all_match({
processors: [
msg595,
dup115,
msg596,
],
on_success: processor_chain([
dup21,
set_field({
dest: "nwparser.msg_id1",
value: constant("609002:01"),
}),
dup43,
dup42,
dup40,
dup14,
dup4,
dup5,
dup2,
dup3,
dup306,
]),
});
var msg597 = match({
id: "MESSAGE#799:620002:01",
dissect: {
tokenizer: "Unsupported CTIQBE version: %{fld1->}: from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("620002:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg598 = match({
id: "MESSAGE#800:620002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("620002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var select145 = linear_select([
msg597,
msg598,
]);
var msg599 = match({
id: "MESSAGE#213:199908",
dissect: {
tokenizer: "%{protocol->} detected an attached application using local port %{sport->} and destination port %{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("199908"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg600 = match({
id: "MESSAGE#460:324007",
dissect: {
tokenizer: "Unable to create GTP connection for response from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("324007"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Unable to create GTP connection"),
}),
]),
});
var msg601 = match({
id: "MESSAGE#488:338302/0",
dissect: {
tokenizer: "Address %{hostip->} discovered for domain %{web_domain->} from %{p0->}",
field: "nwparser.payload",
},
});
var msg602 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{category->}.%{p1->}",
field: "nwparser.p0",
},
});
var msg603 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{category->},%{p1->}",
field: "nwparser.p0",
},
});
var select146 = linear_select([
msg602,
msg603,
]);
var msg604 = match({
id: "MESSAGE#488:338302/2",
dissect: {
tokenizer: "%{->}Adding rule",
field: "nwparser.p1",
},
});
var all162 = all_match({
processors: [
msg601,
select146,
msg604,
],
on_success: processor_chain([
dup163,
set_field({
dest: "nwparser.msg_id1",
value: constant("338302"),
}),
dup164,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var msg605 = match({
id: "MESSAGE#501:400004",
dissect: {
tokenizer: "%{product->}:%{sigid->} %{context->} from %{saddr->} to %{daddr->} on interface %{dinterface->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup26,
set_field({
dest: "nwparser.msg_id1",
value: constant("400004"),
}),
dup2,
dup3,
dup4,
dup5,
dup27,
dup28,
dup29,
dup30,
]),
});
var msg606 = match({
id: "MESSAGE#688:504002:01",
dissect: {
tokenizer: "Security context %{info->} was removed from the system",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("504002:01"),
}),
dup108,
dup38,
dup14,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Security context removed"),
}),
dup4,
dup5,
]),
});
var msg607 = match({
id: "MESSAGE#689:504002",
dissect: {
tokenizer: "%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup107,
set_field({
dest: "nwparser.msg_id1",
value: constant("504002"),
}),
dup108,
dup38,
dup2,
dup3,
dup4,
dup5,
]),
});
var select147 = linear_select([
msg606,
msg607,
]);
var msg608 = match({
id: "MESSAGE#1256:746006",
dissect: {
tokenizer: "%{application->}: %{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup20,
set_field({
dest: "nwparser.msg_id1",
value: constant("746006"),
}),
dup3,
]),
});
var msg609 = match({
id: "MESSAGE#684:502112/0",
dissect: {
tokenizer: "Group policy deleted: name: %{p0->}",
field: "nwparser.payload",
},
});
var all163 = all_match({
processors: [
msg609,
dup315,
dup316,
],
on_success: processor_chain([
set_field({
dest: "nwparser.eventcategory",
value: constant("1502040000"),
}),
set_field({
dest: "nwparser.msg_id1",
value: constant("502112"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Group policy deleted"),
}),
]),
});
var msg610 = match({
id: "MESSAGE#752:611101/0",
dissect: {
tokenizer: "User authentication succeeded: Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all164 = all_match({
processors: [
msg610,
dup238,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("611101"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
dup317,
]),
});
var msg611 = match({
id: "MESSAGE#753:611101:01/0",
dissect: {
tokenizer: "User authentication succeeded: IP address: %{saddr->}, Uname: %{p0->}",
field: "nwparser.payload",
},
});
var all165 = all_match({
processors: [
msg611,
dup238,
],
on_success: processor_chain([
dup105,
set_field({
dest: "nwparser.msg_id1",
value: constant("611101:01"),
}),
dup7,
dup18,
dup17,
dup106,
dup40,
dup2,
dup3,
dup4,
dup5,
dup317,
]),
});
var select148 = linear_select([
all164,
all165,
]);
var msg612 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{group->}, Username = %{username->}, IP = %{saddr->} Received Invalid SPI notify (SPI %{p1->}",
field: "nwparser.p0",
},
});
var msg613 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{group->}, IP = %{saddr->}, Received Invalid SPI notify (SPI %{p1->}",
field: "nwparser.p0",
},
});
var select149 = linear_select([
msg612,
msg613,
]);
var msg614 = match({
id: "MESSAGE#884:713117/2",
dissect: {
tokenizer: "%{dst_spi->})!",
field: "nwparser.p1",
},
});
var all166 = all_match({
processors: [
dup9,
select149,
msg614,
],
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("713117"),
}),
dup7,
dup4,
dup5,
dup2,
dup3,
set_field({
dest: "nwparser.event_description",
value: constant("Received Invalid SPI notify"),
}),
]),
});
var msg615 = match({
id: "MESSAGE#1189:725005:01/0",
dissect: {
tokenizer: "SSL server %{sinterface->}:%{saddr->}/%{sport->} to %{daddr->}/%{dport->} requesting our device certificate for authentication%{p0->}",
field: "nwparser.payload",
},
});
var all167 = all_match({
processors: [
msg615,
dup254,
dup255,
],
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("725005:01"),
}),
dup2,
dup3,
dup318,
dup4,
dup5,
]),
});
var msg616 = match({
id: "MESSAGE#1190:725005",
dissect: {
tokenizer: "SSL server %{interface->}:%{hostip->}/%{network_port->} requesting our device certificate for authentication.",
field: "nwparser.payload",
},
on_success: processor_chain([
dup83,
set_field({
dest: "nwparser.msg_id1",
value: constant("725005"),
}),
dup2,
dup3,
dup318,
dup4,
dup5,
]),
});
var select150 = linear_select([
all167,
msg616,
]);
var msg617 = match({
id: "MESSAGE#194:113019:01/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{day->}d %{hour->}h:%{min->}m:%{second->}s, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all168 = all_match({
processors: [
dup22,
dup23,
msg617,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019:01"),
}),
dup14,
dup2,
dup3,
dup319,
dup4,
dup5,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%A%N%T%O"),
field("day"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var msg618 = match({
id: "MESSAGE#195:113019:02/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{hour->}h:%{min->}m:%{second->}s, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all169 = all_match({
processors: [
dup22,
dup23,
msg618,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019:02"),
}),
dup14,
dup2,
dup3,
dup319,
dup4,
dup5,
call({
dest: "nwparser.duration",
fn: DUR,
args: [
constant("%N%U%O"),
field("hour"),
field("min"),
field("second"),
],
}),
]),
});
var msg619 = match({
id: "MESSAGE#196:113019/2",
dissect: {
tokenizer: "%{saddr->}, %{action->} Session Type: %{network_service->}, Duration: %{duration->}, Bytes xmt: %{sbytes->}, Bytes rcv: %{rbytes->}, Reason: %{result->}",
field: "nwparser.p1",
},
});
var all170 = all_match({
processors: [
dup22,
dup23,
msg619,
],
on_success: processor_chain([
dup34,
set_field({
dest: "nwparser.msg_id1",
value: constant("113019"),
}),
dup2,
dup3,
dup319,
dup4,
dup5,
]),
});
var select151 = linear_select([
all168,
all169,
all170,
]);
var msg620 = match({
id: "MESSAGE#567:402126/0",
dissect: {
tokenizer: "CRYPTO: The %{product->} File %{p0->}",
field: "nwparser.payload",
},
});
var msg621 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "\u003c\u003c%{filename->}> as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var msg622 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "'%{filename->}' as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var msg623 = match({
id: "MESSAGE#567:402126/2",
dissect: {
tokenizer: "%{filename->} as a Soft Reset was necessary. %{p1->}",
field: "nwparser.p0",
},
});
var select152 = linear_select([
msg621,
msg622,
msg623,
]);
var all171 = all_match({
processors: [
msg620,
select152,
dup316,
],
on_success: processor_chain([
dup49,
set_field({
dest: "nwparser.msg_id1",
value: constant("402126"),
}),
dup7,
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.result",
value: constant("Crypto archive - soft reset"),
}),
]),
});
var msg624 = match({
id: "MESSAGE#640:415008",
dissect: {
tokenizer: "%{sigid->} HTTP RFC method illegal - %{listnum->} '%{protocol->}' from %{saddr->} to %{daddr->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415008"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.context",
value: constant("HTTP RFC method illegal"),
}),
]),
});
var msg625 = match({
id: "MESSAGE#641:415008:01",
dissect: {
tokenizer: "%{sigid->} HTTP - matched %{fld1->} in policy-map %{policyname->}, header matched - Resetting connection from %{sinterface->}:%{saddr->}/%{sport->} to %{dinterface->}:%{daddr->}/%{dport->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup206,
set_field({
dest: "nwparser.msg_id1",
value: constant("415008:01"),
}),
dup14,
dup2,
dup3,
dup4,
dup5,
]),
});
var select153 = linear_select([
msg624,
msg625,
]);
var msg626 = match({
id: "MESSAGE#663:421005/0",
dissect: {
tokenizer: "%{interface->}:%{hostip->} is counted as a user %{p0->}",
field: "nwparser.payload",
},
});
var msg627 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "for%{p1->}",
field: "nwparser.p0",
},
});
var msg628 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "of%{p1->}",
field: "nwparser.p0",
},
});
var select154 = linear_select([
msg627,
msg628,
]);
var msg629 = match({
id: "MESSAGE#663:421005/2",
dissect: {
tokenizer: "%{->} %{product->}",
field: "nwparser.p1",
},
});
var all172 = all_match({
processors: [
msg626,
select154,
msg629,
],
on_success: processor_chain([
dup186,
set_field({
dest: "nwparser.msg_id1",
value: constant("421005"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg630 = match({
id: "MESSAGE#631:414002",
dissect: {
tokenizer: "Failed to save logging buffer to flash:/syslog directory using filename: %{filename->}: [%{result->}]",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("414002"),
}),
dup2,
dup3,
dup4,
dup5,
]),
});
var msg631 = match({
id: "MESSAGE#35:105010",
dissect: {
tokenizer: "(%{context->})%{event_description->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup165,
set_field({
dest: "nwparser.msg_id1",
value: constant("105010"),
}),
dup2,
dup3,
dup167,
dup4,
dup5,
]),
});
var msg632 = match({
id: "MESSAGE#267:219002",
dissect: {
tokenizer: "%{service->} error, slot = %{fld1->}, device = %{fld2->}, address = %{fld3->}, byte count = %{bytes->}. Reason: %{result->}",
field: "nwparser.payload",
},
on_success: processor_chain([
dup10,
set_field({
dest: "nwparser.msg_id1",
value: constant("219002"),
}),
dup2,
dup3,
dup4,
dup5,
set_field({
dest: "nwparser.event_description",
value: constant("i2c_read_block_w_suspend() error"),
}),
]),
});
<