Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

nsyslog-parser

Package Overview
Dependencies
Maintainers
1
Versions
35
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

nsyslog-parser - npm Package Compare versions

Comparing version 0.9.2 to 0.9.3

26

dist/nsyslog-parser.js

@@ -143,2 +143,4 @@ "use strict";

"sdata": /\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,
"asdata": /^\s*[^\[]+\[/,
"bsdata": /^\s*\[/,
"cef": /^CEF:\d+/

@@ -277,2 +279,5 @@ };

if (entry.type == "RFC5424") {
// Look if sdata if before or after message
var bsdata = RXS.bsdata.test(entry.message);
var asdata = RXS.asdata.test(entry.message);
var sdata = entry.message.match(RXS.sdata) || [];

@@ -307,4 +312,18 @@ var idx = 0;

return map;
});
entry.message = entry.message.substring(idx);
}); // Structured data parsed successfuly
if (entry.structuredData.length) {
var sidx = entry.message.indexOf("["); // sdata before message
if (bsdata) {
if (sidx >= 0) entry.header = line.substring(0, line.length - entry.message.length);
entry.message = entry.message.substring(idx);
} // sdata after message
else if (asdata) {
if (sidx >= 0) {
entry.header = line.substring(0, line.length - entry.message.length);
entry.message = entry.message.substring(0, sidx);
}
}
}
} // CEF Event message

@@ -330,3 +349,4 @@

entry.header = line.substring(0, line.length - entry.message.length); // PID
entry.header = entry.header || line.substring(0, line.length - entry.message.length);
entry.message = entry.message.trim(); // PID

@@ -333,0 +353,0 @@ if (opts.pid && entry.appName && entry.appName.endsWith("]")) {

4

dist/nsyslog-parser.min.js

@@ -1,3 +0,3 @@

/*! nsyslog-parser 2019-08-27 */
/*! nsyslog-parser 2019-11-08 */
"use strict";!function s(r,n,o){function c(i,e){if(!n[i]){if(!r[i]){var t="function"==typeof require&&require;if(!e&&t)return t(i,!0);if(d)return d(i,!0);var a=new Error("Cannot find module '"+i+"'");throw a.code="MODULE_NOT_FOUND",a}var l=n[i]={exports:{}};r[i][0].call(l.exports,function(e){return c(r[i][1][e]||e)},l,l.exports,s,r,n,o)}return n[i].exports}for(var d="function"==typeof require&&require,e=0;e<o.length;e++)c(o[e]);return c}({1:[function(e,i,t){var a,l;a=window,l=e("./parser.js"),a.NSyslog=a.NSyslog||{},a.NSyslog.parse=l},{"./parser.js":3}],2:[function(e,i,t){var r=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var i=function(e){var t=[],a={},i=!1,l=7,s="";return e.split("").forEach(function(e){l?"|"==e?i?(i=!1,s+=e):(t.push(s),s="",l--):"\\"==e?(s+=e,i=!i):(i=!1,s+=e):s+=e}),s.length&&t.push(s),r.forEach(function(e,i){return a[e]=t[i]}),a}(e);return{headers:i,fields:function(e){for(var i=e.split(" "),t={},a=null;i.length;)if(a){var l=i.shift();l.indexOf("=")<0?t[a]+=" ".concat(l):(a=null,i.unshift(l))}else if(0<=(a=i.shift()).indexOf("=")){var s=a.split("=");t[a=s[0]]=s[1]}else t[a]="";return t}(i.extension||"")}}}},{}],3:[function(e,i,t){var N=e("./pri.js"),E=e("./cef.js"),x={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,cef:/^CEF:\d+/},w={cef:!0,fields:!0,pid:!0,generateTimestamp:!0};function j(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function D(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i?Object.assign({},w,i):w;var t=e.match(x.pri),s={originalMessage:e};if(t){s.pri=t[0],s.prival=parseInt(s.pri.match(x.prival)[1]);var a=N.get(s.prival);s.facilityval=a.facility,s.levelval=a.level,s.facility=N.FACILITY[a.facility].id,s.level=N.LEVEL[a.level].id}else s.pri="",s.prival=NaN;for(var l=e.substring(s.pri.length).split(" "),r=!1;e.length&&!r;){if((u=j(l)+" ").match(x.prinmr))s.version=parseInt(u),s.type="RFC5424",(u=j(l)+" ").match(x.ts)&&(s.ts=new Date(Date.parse(u.match(x.ts)[0].trim())));else if(u.match(x.month)){s.type="BSD";var n=u.trim(),o=j(l),c=j(l),d=(new Date).getYear()+1900;s.ts=new Date(Date.parse(d+" "+n+" "+o+" "+c))}else s.type="UNKNOWN",l.unshift(u.trim());r=!0}if(!s.ts&&i.generateTimestamp&&(s.ts=new Date),s.type){var f=function(e){l.unshift(e),s.message=l.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=j(l))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(x.invalid)?f(u):(D(s,p),s.message=l.join(" "),r=!0)}else if(l.length)if(u.match(x.invalid))f(u);else{var m=D(s,u.replace(/: $/,"").trim());!0===m?(l.unshift(u),s.message=l.join(" "),r=!0):!1===m&&(s.message=l.join(" "),r=!0)}else f(u);else r=!0}}else s.message=l.join(" ");if(s.chain=(s.host||"").split("/"),s.host=s.chain.pop(),"RFC5424"==s.type){var g=s.message.match(x.sdata)||[],y=0;s.structuredData=g.map(function(e){var a={},l=null;return y=s.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)a.$id=e;else{var t=e.split("=");t[0]&&t[1]&&'"'!=t[1]?(l=t.shift(),a[l]=t.join("=").replace(/\"/g,"")):t[0]&&void 0===t[1]?a[l]+=" "+(t[0]||"").replace(/\"/g,""):!t[0]||t[1].length&&'"'!=t[1]||(a[l]+=" "+(t[0]||"").replace(/\"/g,"")+"=")}}),a}),s.message=s.message.substring(y)}if(!1!==i.cef&&x.cef.test(s.message)){s.type="CEF";var v=E.parse(s.message);s.cef=v.headers,s.fields=v.fields}else if(!1!==i.fields&&"UNKNOWN"!=s.type){var h=[];s.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(h[i[0]]=i[1])}),s.fields=h}if(s.header=e.substring(0,e.length-s.message.length),i.pid&&s.appName&&s.appName.endsWith("]")){var b=s.appName.indexOf("[");0<=b&&(s.pid=s.appName.substring(b+1,s.appName.length-1),s.appName=s.appName.substring(0,b))}return s}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,t){var a=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],l=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],s=[],r=[];a.forEach(function(e,i){return s[e.id]=i}),l.forEach(function(e,i){return r[e.id]=i}),i.exports.LEVEL=l,i.exports.FACILITY=a,i.exports.LEVELS=r,i.exports.FACILITIES=s,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(s[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(r[i]||0):"string"==typeof e&&"string"==typeof i?8*(s[e]||0)+(r[i]||0):{level:0,facility:0}}},{}]},{},[1]);
"use strict";!function l(r,n,o){function d(i,e){if(!n[i]){if(!r[i]){var a="function"==typeof require&&require;if(!e&&a)return a(i,!0);if(c)return c(i,!0);var t=new Error("Cannot find module '"+i+"'");throw t.code="MODULE_NOT_FOUND",t}var s=n[i]={exports:{}};r[i][0].call(s.exports,function(e){return d(r[i][1][e]||e)},s,s.exports,l,r,n,o)}return n[i].exports}for(var c="function"==typeof require&&require,e=0;e<o.length;e++)d(o[e]);return d}({1:[function(e,i,a){var t,s;t=window,s=e("./parser.js"),t.NSyslog=t.NSyslog||{},t.NSyslog.parse=s},{"./parser.js":3}],2:[function(e,i,a){var r=["version","deviceVendor","deviceProduct","deviceVersion","deviceEventClassID","name","severity","extension"];i.exports={parse:function(e){var i=function(e){var a=[],t={},i=!1,s=7,l="";return e.split("").forEach(function(e){s?"|"==e?i?(i=!1,l+=e):(a.push(l),l="",s--):"\\"==e?(l+=e,i=!i):(i=!1,l+=e):l+=e}),l.length&&a.push(l),r.forEach(function(e,i){return t[e]=a[i]}),t}(e);return{headers:i,fields:function(e){for(var i=e.split(" "),a={},t=null;i.length;)if(t){var s=i.shift();s.indexOf("=")<0?a[t]+=" ".concat(s):(t=null,i.unshift(s))}else if(0<=(t=i.shift()).indexOf("=")){var l=t.split("=");a[t=l[0]]=l[1]}else a[t]="";return a}(i.extension||"")}}}},{}],3:[function(e,i,a){var w=e("./pri.js"),D=e("./cef.js"),j={pri:/^<\d+>/,prinmr:/^\d+ /,prival:/<(\d+)>/,month:/^[A-Za-z][a-z]{2} /,day:/^\d{1,2} /,time:/^\d+:\d+:\d+ /,ts:/^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\S+ /,invalid:/[^a-zA-Z0-9\.\$\-_#%\/\[\]\(\)]/,sdata:/\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,asdata:/^\s*[^\[]+\[/,bsdata:/^\s*\[/,cef:/^CEF:\d+/},O={cef:!0,fields:!0,pid:!0,generateTimestamp:!0};function C(e){do{var i=e.shift();if(void 0===i)return i;i=i.trim()}while(!i);return i}function I(e,i){if(e.host)if(e.appName)if(e.pid){if(e.messageid)return!!e.structuredData||(e.structuredData=i.trim(),!1);e.messageid=i.trim()}else e.pid=i.trim();else e.appName=i.trim();else e.host=i.trim()}i.exports=function(e,i){try{return function(e,i){i=i?Object.assign({},O,i):O;var a=e.match(j.pri),l={originalMessage:e};if(a){l.pri=a[0],l.prival=parseInt(l.pri.match(j.prival)[1]);var t=w.get(l.prival);l.facilityval=t.facility,l.levelval=t.level,l.facility=w.FACILITY[t.facility].id,l.level=w.LEVEL[t.level].id}else l.pri="",l.prival=NaN;for(var s=e.substring(l.pri.length).split(" "),r=!1;e.length&&!r;){if((u=C(s)+" ").match(j.prinmr))l.version=parseInt(u),l.type="RFC5424",(u=C(s)+" ").match(j.ts)&&(l.ts=new Date(Date.parse(u.match(j.ts)[0].trim())));else if(u.match(j.month)){l.type="BSD";var n=u.trim(),o=C(s),d=C(s),c=(new Date).getYear()+1900;l.ts=new Date(Date.parse(c+" "+n+" "+o+" "+d))}else l.type="UNKNOWN",s.unshift(u.trim());r=!0}if(!l.ts&&i.generateTimestamp&&(l.ts=new Date),l.type){var f=function(e){s.unshift(e),l.message=s.join(" "),r=!0};for(r=!1;e.length&&!r;){var u;if(u=C(s))if(u.endsWith(":")){var p=u.replace(/:$/,"").trim();p.match(j.invalid)?f(u):(I(l,p),l.message=s.join(" "),r=!0)}else if(s.length)if(u.match(j.invalid))f(u);else{var m=I(l,u.replace(/: $/,"").trim());!0===m?(s.unshift(u),l.message=s.join(" "),r=!0):!1===m&&(l.message=s.join(" "),r=!0)}else f(u);else r=!0}}else l.message=s.join(" ");if(l.chain=(l.host||"").split("/"),l.host=l.chain.pop(),"RFC5424"==l.type){var g=j.bsdata.test(l.message),h=j.asdata.test(l.message),y=l.message.match(j.sdata)||[],v=0;if(l.structuredData=y.map(function(e){var t={},s=null;return v=l.message.indexOf(e)+e.length+1,e.replace(/(^\[)|(\]$)/g,"").split(" ").forEach(function(e,i){if(e.trim())if(0==i)t.$id=e;else{var a=e.split("=");a[0]&&a[1]&&'"'!=a[1]?(s=a.shift(),t[s]=a.join("=").replace(/\"/g,"")):a[0]&&void 0===a[1]?t[s]+=" "+(a[0]||"").replace(/\"/g,""):!a[0]||a[1].length&&'"'!=a[1]||(t[s]+=" "+(a[0]||"").replace(/\"/g,"")+"=")}}),t}),l.structuredData.length){var b=l.message.indexOf("[");g?(0<=b&&(l.header=e.substring(0,e.length-l.message.length)),l.message=l.message.substring(v)):h&&0<=b&&(l.header=e.substring(0,e.length-l.message.length),l.message=l.message.substring(0,b))}}if(!1!==i.cef&&j.cef.test(l.message)){l.type="CEF";var N=D.parse(l.message);l.cef=N.headers,l.fields=N.fields}else if(!1!==i.fields&&"UNKNOWN"!=l.type){var x=[];l.message.split(",").forEach(function(e){var i=e.split("=");2==i.length&&(x[i[0]]=i[1])}),l.fields=x}if(l.header=l.header||e.substring(0,e.length-l.message.length),l.message=l.message.trim(),i.pid&&l.appName&&l.appName.endsWith("]")){var E=l.appName.indexOf("[");0<=E&&(l.pid=l.appName.substring(E+1,l.appName.length-1),l.appName=l.appName.substring(0,E))}return l}(e,i)}catch(e){return{err:e}}}},{"./cef.js":2,"./pri.js":4}],4:[function(e,i,a){var t=[{id:"kern",label:"kernel messages"},{id:"user",label:"user-level messages"},{id:"mail",label:"mail system"},{id:"daemon",label:"system daemons"},{id:"auth",label:"security/authorization messages"},{id:"syslog",label:"messages generated internally by syslogd"},{id:"lpr",label:"line printer subsystem"},{id:"news",label:"network news subsystem"},{id:"uucp",label:"UUCP subsystem"},{id:"cron",label:"clock daemon"},{id:"authpriv",label:"security/authorization messages"},{id:"ftp",label:"FTP daemon"},{id:"ntp",label:"NTP subsystem"},{id:"security",label:"log audit"},{id:"console",label:"log alert"},{id:"solaris-cron",label:"clock daemon"},{id:"local0",label:"locally used facility 0"},{id:"local1",label:"locally used facility 0"},{id:"local2",label:"locally used facility 0"},{id:"local3",label:"locally used facility 0"},{id:"local4",label:"locally used facility 0"},{id:"local5",label:"locally used facility 0"},{id:"local6",label:"locally used facility 0"},{id:"local7",label:"locally used facility 0"}],s=[{id:"emerg",label:"system is unusable"},{id:"alert",label:"action must be taken immediately"},{id:"crit",label:"critical conditions"},{id:"error",label:"error conditions"},{id:"warn",label:"warning conditions"},{id:"notice",label:"normal but significant condition"},{id:"info",label:"informational messages"},{id:"debug",label:"debug-level messages"}],l=[],r=[];t.forEach(function(e,i){return l[e.id]=i}),s.forEach(function(e,i){return r[e.id]=i}),i.exports.LEVEL=s,i.exports.FACILITY=t,i.exports.LEVELS=r,i.exports.FACILITIES=l,i.exports.get=function(e,i){return"number"==typeof e&&void 0===i?{level:7&e,facility:e>>3}:"number"==typeof e&&"number"==typeof i?8*e+i:"string"==typeof e&&"number"==typeof i?8*(l[e]||0)+i:"number"==typeof e&&"string"==typeof i?8*e+(r[i]||0):"string"==typeof e&&"string"==typeof i?8*(l[e]||0)+(r[i]||0):{level:0,facility:0}}},{}]},{},[1]);

2

package.json
{
"name": "nsyslog-parser",
"version": "0.9.2",
"version": "0.9.3",
"description": "Syslog Parser. Accepts RFC 3164 (BSD), RFC 5424 and CEF formats",

@@ -5,0 +5,0 @@ "author": "David Gómez Matarrodona <solzimer@gmail.com>",

27

parser.js

@@ -15,2 +15,4 @@ const

"sdata" : /\[(\S+)( [^\=]+\=\"[^\"]+\")+\]/g,
"asdata" : /^\s*[^\[]+\[/,
"bsdata" : /^\s*\[/,
"cef" : /^CEF:\d+/

@@ -169,2 +171,6 @@ }

if(entry.type=="RFC5424") {
// Look if sdata if before or after message
let bsdata = RXS.bsdata.test(entry.message);
let asdata = RXS.asdata.test(entry.message);
var sdata = entry.message.match(RXS.sdata) || [];

@@ -202,3 +208,19 @@ var idx=0;

});
entry.message = entry.message.substring(idx);
// Structured data parsed successfuly
if(entry.structuredData.length) {
let sidx = entry.message.indexOf("[");
// sdata before message
if(bsdata) {
if(sidx>=0) entry.header = line.substring(0,line.length-entry.message.length);
entry.message = entry.message.substring(idx);
}
// sdata after message
else if(asdata) {
if(sidx>=0) {
entry.header = line.substring(0,line.length-entry.message.length);
entry.message = entry.message.substring(0,sidx);
}
}
}
}

@@ -226,3 +248,4 @@

// header
entry.header = line.substring(0,line.length-entry.message.length);
entry.header = entry.header || line.substring(0,line.length-entry.message.length);
entry.message = entry.message.trim();

@@ -229,0 +252,0 @@ // PID

49

test.js

@@ -6,4 +6,42 @@ const parser = require("./parser.js");

MSGS.map(m=>parser(m,null)).forEach(e=>console.log(e));
//MSGS.map(m=>parser(m.line,null)).forEach(e=>console.log(e));
function compare(o1,o2) {
if(o1==null && o2==null) return true;
let keys = Object.keys(o1);
for(let i=0;i<keys.length;i++) {
let f1 = o1[keys[i]];
let f2 = o2[keys[i]];
if(typeof(f1)!=typeof(f2)) return false;
else if(typeof(f1)!="object") {
if(f1!=f2) return false;
}
else {
if(!compare(f1,f2)) return false;
}
}
return true;
}
let errs = [];
MSGS.forEach((m)=>{
let res = parser(m.originalMessage);
res.ts = m.ts = null;
res = JSON.parse(JSON.stringify(res));
if(!compare(m,res))
errs.push({result:res,expected:m});
});
if(errs.length) {
errs.forEach(err=>{
console.log(err);
console.log("------------------------------------------\n");
});
}
else {
console.log('All tests OK');
}
var s = Date.now();

@@ -14,7 +52,8 @@ var i=0,j=0;

function next() {
parser(MSGS[(i++)%MSGS.length],opts);
parser(MSGS[(i++)%MSGS.length].line,opts);
j++;
setImmediate(next);
setTimeout(next,1000);
}
/*
setTimeout(()=>{

@@ -27,3 +66,3 @@ var e = Date.now();

},10000);
next();
*/
//next();

988

test/examples.js
module.exports = [
"<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8",
"<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8",
'<189>May 3 16:02:05 192.168.26.254 date=2017-05-03 time=16:02:05 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.110.60 srcport=57668 srcintf="port7" dstip=192.168.15.100 dstport=443 dstintf="Gestion" sessionid=128467614 proto=6 action=close policyid=33 dstcountry="Reserved" srccountry="Reserved" trandisp=snat transip=192.168.15.254 transport=57668 service="HTTPS" duration=35 sentbyte=132 rcvdbyte=172 sentpkt=3 rcvdpkt=4 appcat="unscanned"',
'192.168.26.254 time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf="port3" dstip=216.58.210.174 dstport=443 dstintf="port7" sessionid=128625552 proto=6 action=close policyid=39 dstcountry="United States" srccountry="Reserved" trandisp=noop service="HTTPS" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<189>time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf="port3" dstip=216.58.210.174 dstport=443 dstintf="port7" sessionid=128625552 proto=6 action=close policyid=39 dstcountry="United States" srccountry="Reserved" trandisp=noop service="HTTPS" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<189>192.168.26.254 time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf="port3" dstip=216.58.210.174 dstport=443 dstintf="port7" sessionid=128625552 proto=6 action=close policyid=39 dstcountry="United States" srccountry="Reserved" trandisp=noop service="HTTPS" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<189>192.168.26.254 myApp time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf="port3" dstip=216.58.210.174 dstport=443 dstintf="port7" sessionid=128625552 proto=6 action=close policyid=39 dstcountry="United States" srccountry="Reserved" trandisp=noop service="HTTPS" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"] BOMAn application event log entry',
'<30>May 8 00:01:01 logica5_engine6 systemd: Starting Session 63 of user root.',
'<13>May 9 11:41:08 192.168.110.11 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows',
'Jun 15 17:13:50 192.168.17.72 MSWinEventLog 1 ||||MsiInstaller||11707||0||Información||Ninguna||||Clásico||2010/06/15 17:13:50||381||||||0||0||0||0|| ||Application||WIN-ZARKLN8SUVH||Administrador||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.;(NULL);(NULL);;||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.',
'<13>May 9 16:56:32 192.168.110.12 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Informaci�n||||Informaci�n||Auditor�a correcta||2017-05-09 16:56:32||267119563||||||492||384||0||0|| ||Security||GICA-DC-02.acmeco.local||||S-1-5-21-1549636476-3519663633-904275800-7216;GVDI-SEV-010$;acmeco;1C5B0D9Fh;3||Se cerr� sesi�n en una cuenta. Sujeto: \tId. de seguridad:\t\tS-1-5-21-1549636476-3519663633-904275800-7216 \tNombre de cuenta:\t\tGVDI-SEV-010$ \tDominio de cuenta:\t\tacmeco \tId. de inicio de sesi�n:\t\t0x1c5b0d9f Tipo de inicio de sesi�n:\t\t\t3 Este evento se genera cuando se destruye una sesi�n de inicio. Puede estar correlacionado de manera positiva con un evento de inicio de sesi�n mediante el valor Id. de inicio de sesi�n. Los id. de inicio de sesi�n s�lo son �nicos entre reinicios en el mismo equipo.\n',
'<7>1 2017-05-11T14:45:31.995+02:00 logica5p storm1 - - - 192.168.120.172 - - [04/Nov/2015:15:11:33 +0100] "GET /localclassifieds//classifieds/Site_Admin/admin.php HTTP/1.1" 404 1137 "-" "Mozilla/5.0 [en] (X11, U; OpenVAS 7.0.2)"',
'May 06 10:05:03 CCLogTap::profileRemoved, Owner: com.apple.iokit.IO80211Family, Name: IO80211AWDLPeerManager',
'<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut="3" eventSource="Application" eventID="1011"][exampleSDID@32474 iut="4" eventSource="Application" eventID="1012"][ssign VER="0111" RSID="1" SG="0" SPRI="0" GBC="2" FMN="1" CNT="7" HB="K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=" SIGN="AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="] BOMAn application event log entry',
'<163>8,3,00000002-0002-0002-0002-000000028629,00000001-0001-0001-0001-000000028629,"28629: SMB: Microsoft Windows Search Service Memory Corruption Vulnerability",28629,"tcp",172.19.215.118,65409,172.22.215.36,445,1,11A,11B,25,0,"madips5k01",33497931,1497449283018, ,5757687',
"<20>Jun 15 12:33:52 Syslog_LogICAV: Warning: Received an invalid DNS Response: rcode=ServFail data=\"'F\\\\x15\\\\x81\\\\x82\\\\x00\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x06health\\\\x03gov\\\\x02bh\\\\x00\\\\x00\\\\x0f\\\\x00\\\\x01'\" to IP 172.22.204.220 looking up health.gov.bh",
"<13>Jul 14 10:10:39 172.22.208.24 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Information||||Info||Audit Success||2017-07-14 10:10:39||1123805||||||612||2192||0||0|| ||Security||madcpvflexaprtl.acme.es||||S-1-5-21-1506503333-1133455874-5522801-237819;usrnnmi;acme;E8CB665h;3||An account was logged off. Subject: \tSecurity ID:\t\tS-1-5-21-1506503333-1133455874-5522801-237819 \tAccount Name:\t\tusrnnmi \tAccount Domain:\t\tacme \tLogon ID:\t\t0xE8CB665 Logon Type:\t\t\t3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.\n",
"Sep 14 00:41:58 MADARRBCKOC MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4672||0||Information||||Info||Audit Success||2017-09-14 00:41:58||154144||||||568||4612||0||0|| ||Security||madarrbckoc.acme.es||||S-1-5-18;MADARRBCKOC$;acme;309CE194h;SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege||Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: MADARRBCKOC$ Account Domain: acme Logon ID: 0x309ce194 Privileges: SeSecurityPrivilege SeBackupPrivilege SeRestorePrivilege SeTakeOwnershipPrivilege SeDebugPrivilege SeSystemEnvironmentPrivilege SeLoadDriverPrivilege SeImpersonatePrivilege",
'CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1',
'Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1',
'Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a = in message|10|src=10.0.0.1 act=blocked a \\= dst=1.1.1.1',
'Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5',
'<30>1 2018-06-24T22:22:53Z my.test.com testapp 26599 testapp - This: contains two : colons',
'<30>Aug 4 16:53:13 pinger[1334]: 64 bytes from 87.250.250.242: seq=69 ttl=37 time=33.918 ms\n',
'<190>AMP (airwave)[6944]: Your license does not allow you to create or authorize additional APs/Devices\tSystem\tSystem\t\t\t',
'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.31 srcport=49853 srcintf="WIFI_XXX" dstip=173.194.76.188 dstport=5228 dstintf="FW-310B_HP-8206" sessionid=4732460 proto=6 action=timeout policyid=37 dstcountry="United States" srccountry="Reserved" trandisp=noop service="tcp/5228" duration=39 sentbyte=156 rcvdbyte=0 sentpkt=3 rcvdpkt=0 appcat="unscanned" crscore=5 craction=262144 crlevel=low',
'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=192.168.134.9 srcport=58335 srcintf="WIFI_INVITADOS" dstip=104.36.251.158 dstport=443 dstintf="port8" sessionid=4733602 proto=6 action=close policyid=40 dstcountry="United States" srccountry="Reserved" trandisp=snat transip=192.168.98.6 transport=58335 service="HTTPS" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=10.67.24.31 srcport=137 srcintf="WIFI_XXX" dstip=10.67.24.255 dstport=137 dstintf=unknown-0 sessionid=4733634 proto=17 action=deny policyid=0 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="SMB1" app="netbios forward" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned"',
'<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.13.179.169 srcport=55386 srcintf="FW-310B_HP-8206" dstip=10.67.24.16 dstport=7680 dstintf="WIFI_XXX" sessionid=4733609 proto=6 action=close policyid=42 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="tcp/7680" duration=1 sentbyte=52 rcvdbyte=40 sentpkt=1 rcvdpkt=1 appcat="unscanned"',
'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=62407 srcintf="WIFI_XXX" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733388 proto=17 action=accept policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="DNS" duration=10 sentbyte=115 rcvdbyte=190 sentpkt=1 rcvdpkt=1 appcat="unscanned"',
'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=62407 srcintf="WIFI_XXX" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733388 proto=17 action=dns policyid=37 appcat="unscanned" crscore=5 craction=262144 crlevel=low',
'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.5 srcport=52970 srcintf="WIFI_XXX" dstip=10.13.179.156 dstport=7680 dstintf="FW-310B_HP-8206" sessionid=4733612 proto=6 action=close policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="tcp/7680" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat="unscanned"',
'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=52839 srcintf="WIFI_XXX" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733389 proto=17 action=dns policyid=37 appcat="unscanned" crscore=5 craction=262144 crlevel=low',
'<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=52839 srcintf="WIFI_XXX" dstip=10.67.11.102 dstport=53 dstintf="FW-310B_HP-8206" sessionid=4733389 proto=17 action=accept policyid=37 dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="DNS" duration=10 sentbyte=90 rcvdbyte=165 sentpkt=1 rcvdpkt=1 appcat="unscanned"',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=isdefe.coy destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b0e23596f602 dst=192.168.135.33 src=192.168.131.1 rt=Sep 12 2018 15:31:14',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\isdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:44',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:54',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\stroncoso destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [User Authenticated] dmac=bc8385e2d4b7 dst=10.67.24.3 src=192.168.131.1 rt=Sep 12 2018 15:30:25',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\senasa.mmin destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=1002b54c3088 dst=192.168.133.14 src=192.168.131.1 rt=Sep 12 2018 15:31:50',
'<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACION\isdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37',
'<30>s2413-XXX.aviacion.fomento.es Instancia3[22469]: INFO 17:33:22,521 INFO [stdout] (http--0.0.0.0-8083-299) 2018-09-25 17:33:22,521 INFO - es.XXX.dcta.core.ws.consultas.DctaCoreConsultasPortImpl - Finishing operation obtenerConsentimientos | usuario= sed1 count= 2\n',
'<166>Nov 6 13:07:13 MADCPVDS1 CEF:0|Trend Micro|Deep Security Manager|11.0.249|720|Policy Sent|3|src=172.22.225.30 suser=System target=Colbog7mtt msg=The policy (fingerprint 6B:20:C9:33:9C:C9:5D:AD:2C:51:94:67:17:53:E7:68:95:B9:2B:A1) was successfully sent to the agent. TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 '
{
"originalMessage": "<34>Oct 11 22:14:15 mymachine su: 'su root' failed for lonvick on /dev/pts/8",
"pri": "<34>",
"prival": 34,
"facilityval": 4,
"levelval": 2,
"facility": "auth",
"level": "crit",
"type": "BSD",
"ts": "2019-10-11T20:14:15.000Z",
"host": "mymachine",
"appName": "su",
"message": "'su root' failed for lonvick on /dev/pts/8",
"chain": [],
"fields": [],
"header": "<34>Oct 11 22:14:15 mymachine su: "
},
{
"originalMessage": "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - BOM'su root' failed for lonvick on /dev/pts/8",
"pri": "<34>",
"prival": 34,
"facilityval": 4,
"levelval": 2,
"facility": "auth",
"level": "crit",
"version": 1,
"type": "RFC5424",
"ts": "2003-10-11T22:14:15.003Z",
"host": "mymachine.example.com",
"appName": "su",
"pid": "-",
"messageid": "ID47",
"structuredData": [],
"message": "BOM'su root' failed for lonvick on /dev/pts/8",
"chain": [],
"fields": [],
"header": "<34>1 2003-10-11T22:14:15.003Z mymachine.example.com su - ID47 - "
},
{
"originalMessage": "<189>May 3 16:02:05 192.168.26.254 date=2017-05-03 time=16:02:05 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.110.60 srcport=57668 srcintf=\"port7\" dstip=192.168.15.100 dstport=443 dstintf=\"Gestion\" sessionid=128467614 proto=6 action=close policyid=33 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=snat transip=192.168.15.254 transport=57668 service=\"HTTPS\" duration=35 sentbyte=132 rcvdbyte=172 sentpkt=3 rcvdpkt=4 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "BSD",
"ts": "2019-05-03T14:02:05.000Z",
"host": "192.168.26.254",
"message": "date=2017-05-03 time=16:02:05 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.110.60 srcport=57668 srcintf=\"port7\" dstip=192.168.15.100 dstport=443 dstintf=\"Gestion\" sessionid=128467614 proto=6 action=close policyid=33 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=snat transip=192.168.15.254 transport=57668 service=\"HTTPS\" duration=35 sentbyte=132 rcvdbyte=172 sentpkt=3 rcvdpkt=4 appcat=\"unscanned\"",
"chain": [],
"fields": [],
"header": "<189>May 3 16:02:05 192.168.26.254 "
},
{
"originalMessage": "192.168.26.254 time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "",
"prival": null,
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.079Z",
"host": "192.168.26.254",
"message": "time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"header": "192.168.26.254 "
},
{
"originalMessage": "<189>time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.080Z",
"message": "time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>192.168.26.254 time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.080Z",
"host": "192.168.26.254",
"message": "time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"header": "<189>192.168.26.254 "
},
{
"originalMessage": "<189>192.168.26.254 myApp time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.080Z",
"host": "192.168.26.254",
"appName": "myApp",
"message": "time=16:31:28 devname=FG600B3909601440 devid=FG600B3909601440 logid=0000000013 type=traffic subtype=forward level=notice vd=VDOM-SNOC srcip=192.168.22.68 srcport=51448 srcintf=\"port3\" dstip=216.58.210.174 dstport=443 dstintf=\"port7\" sessionid=128625552 proto=6 action=close policyid=39 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"HTTPS\" duration=241 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"header": "<189>192.168.26.254 myApp "
},
{
"originalMessage": "<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"][exampleSDID@32474 iut=\"4\" eventSource=\"Application\" eventID=\"1012\"] BOMAn application event log entry",
"pri": "<165>",
"prival": 165,
"facilityval": 20,
"levelval": 5,
"facility": "local4",
"level": "notice",
"version": 1,
"type": "RFC5424",
"ts": "2003-10-11T22:14:15.003Z",
"host": "mymachine.example.com",
"appName": "evntslog",
"pid": "-",
"messageid": "ID47",
"message": "BOMAn application event log entry",
"chain": [],
"structuredData": [
{
"$id": "exampleSDID@32473",
"iut": "3",
"eventSource": "Application",
"eventID": "1011"
},
{
"$id": "exampleSDID@32474",
"iut": "4",
"eventSource": "Application",
"eventID": "1012"
}
],
"header": "<165>1 2003-10-11T22:14:15.003Z mymachine.example.com evntslog - ID47 ",
"fields": []
},
{
"originalMessage": "<30>May 8 00:01:01 logica5_engine6 systemd: Starting Session 63 of user root.",
"pri": "<30>",
"prival": 30,
"facilityval": 3,
"levelval": 6,
"facility": "daemon",
"level": "info",
"type": "BSD",
"ts": "2019-05-07T22:01:01.000Z",
"host": "logica5_engine6",
"appName": "systemd",
"message": "Starting Session 63 of user root.",
"chain": [],
"fields": [],
"header": "<30>May 8 00:01:01 logica5_engine6 systemd: "
},
{
"originalMessage": "<13>May 9 11:41:08 192.168.110.11 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows",
"pri": "<13>",
"prival": 13,
"facilityval": 1,
"levelval": 5,
"facility": "user",
"level": "notice",
"type": "BSD",
"ts": "2019-05-09T09:41:08.000Z",
"host": "192.168.110.11",
"appName": "MSWinEventLog",
"pid": "1",
"message": "||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows",
"chain": [],
"fields": [],
"header": "<13>May 9 11:41:08 192.168.110.11 MSWinEventLog 1 "
},
{
"originalMessage": "Jun 15 17:13:50 192.168.17.72 MSWinEventLog 1 ||||MsiInstaller||11707||0||Información||Ninguna||||Clásico||2010/06/15 17:13:50||381||||||0||0||0||0|| ||Application||WIN-ZARKLN8SUVH||Administrador||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.;(NULL);(NULL);;||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.",
"pri": "",
"prival": null,
"type": "BSD",
"ts": "2019-06-15T15:13:50.000Z",
"host": "192.168.17.72",
"appName": "MSWinEventLog",
"pid": "1",
"message": "||||MsiInstaller||11707||0||Información||Ninguna||||Clásico||2010/06/15 17:13:50||381||||||0||0||0||0|| ||Application||WIN-ZARKLN8SUVH||Administrador||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.;(NULL);(NULL);;||Producto: Microsoft .NET Framework 3.5 -- La instalación se completó correctamente.",
"chain": [],
"fields": [],
"header": "Jun 15 17:13:50 192.168.17.72 MSWinEventLog 1 "
},
{
"originalMessage": "<13>May 9 16:56:32 192.168.110.12 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Informaci�n||||Informaci�n||Auditor�a correcta||2017-05-09 16:56:32||267119563||||||492||384||0||0|| ||Security||GICA-DC-02.acmeco.local||||S-1-5-21-1549636476-3519663633-904275800-7216;GVDI-SEV-010$;acmeco;1C5B0D9Fh;3||Se cerr� sesi�n en una cuenta. Sujeto: \tId. de seguridad:\t\tS-1-5-21-1549636476-3519663633-904275800-7216 \tNombre de cuenta:\t\tGVDI-SEV-010$ \tDominio de cuenta:\t\tacmeco \tId. de inicio de sesi�n:\t\t0x1c5b0d9f Tipo de inicio de sesi�n:\t\t\t3 Este evento se genera cuando se destruye una sesi�n de inicio. Puede estar correlacionado de manera positiva con un evento de inicio de sesi�n mediante el valor Id. de inicio de sesi�n. Los id. de inicio de sesi�n s�lo son �nicos entre reinicios en el mismo equipo.\n",
"pri": "<13>",
"prival": 13,
"facilityval": 1,
"levelval": 5,
"facility": "user",
"level": "notice",
"type": "BSD",
"ts": "2019-05-09T14:56:32.000Z",
"host": "192.168.110.12",
"appName": "MSWinEventLog",
"pid": "1",
"message": "||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Informaci�n||||Informaci�n||Auditor�a correcta||2017-05-09 16:56:32||267119563||||||492||384||0||0|| ||Security||GICA-DC-02.acmeco.local||||S-1-5-21-1549636476-3519663633-904275800-7216;GVDI-SEV-010$;acmeco;1C5B0D9Fh;3||Se cerr� sesi�n en una cuenta. Sujeto: \tId. de seguridad:\t\tS-1-5-21-1549636476-3519663633-904275800-7216 \tNombre de cuenta:\t\tGVDI-SEV-010$ \tDominio de cuenta:\t\tacmeco \tId. de inicio de sesi�n:\t\t0x1c5b0d9f Tipo de inicio de sesi�n:\t\t\t3 Este evento se genera cuando se destruye una sesi�n de inicio. Puede estar correlacionado de manera positiva con un evento de inicio de sesi�n mediante el valor Id. de inicio de sesi�n. Los id. de inicio de sesi�n s�lo son �nicos entre reinicios en el mismo equipo.",
"chain": [],
"fields": [],
"header": "<13>May 9 16:56:32 192.168.110.12 MSWinEventLog 1 "
},
{
"originalMessage": "<7>1 2017-05-11T14:45:31.995+02:00 logica5p storm1 - - - 192.168.120.172 - - [04/Nov/2015:15:11:33 +0100] \"GET /localclassifieds//classifieds/Site_Admin/admin.php HTTP/1.1\" 404 1137 \"-\" \"Mozilla/5.0 [en] (X11, U; OpenVAS 7.0.2)\"",
"pri": "<7>",
"prival": 7,
"facilityval": 0,
"levelval": 7,
"facility": "kern",
"level": "debug",
"version": 1,
"type": "RFC5424",
"ts": "2017-05-11T12:45:31.995Z",
"host": "logica5p",
"appName": "storm1",
"pid": "-",
"messageid": "-",
"structuredData": [],
"message": "192.168.120.172 - - [04/Nov/2015:15:11:33 +0100] \"GET /localclassifieds//classifieds/Site_Admin/admin.php HTTP/1.1\" 404 1137 \"-\" \"Mozilla/5.0 [en] (X11, U; OpenVAS 7.0.2)\"",
"chain": [],
"header": "<7>1 2017-05-11T14:45:31.995+02:00 logica5p storm1 - - - ",
"fields": []
},
{
"originalMessage": "May 06 10:05:03 CCLogTap::profileRemoved, Owner: com.apple.iokit.IO80211Family, Name: IO80211AWDLPeerManager",
"pri": "",
"prival": null,
"type": "BSD",
"ts": "2019-05-06T08:05:03.000Z",
"message": "CCLogTap::profileRemoved, Owner: com.apple.iokit.IO80211Family, Name: IO80211AWDLPeerManager",
"chain": [],
"host": "",
"fields": [],
"header": "May 06 10:05:03 "
},
{
"originalMessage": "<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - [exampleSDID@32473 iut=\"3\" eventSource=\"Application\" eventID=\"1011\"][exampleSDID@32474 iut=\"4\" eventSource=\"Application\" eventID=\"1012\"][ssign VER=\"0111\" RSID=\"1\" SG=\"0\" SPRI=\"0\" GBC=\"2\" FMN=\"1\" CNT=\"7\" HB=\"K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=\" SIGN=\"AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM=\"] BOMAn application event log entry",
"pri": "<110>",
"prival": 110,
"facilityval": 13,
"levelval": 6,
"facility": "security",
"level": "info",
"version": 1,
"type": "RFC5424",
"ts": "2009-05-03T12:00:39.529Z",
"host": "relay.example.org",
"appName": "syslogd",
"pid": "2138",
"messageid": "-",
"message": "BOMAn application event log entry",
"chain": [
"host.example.org"
],
"structuredData": [
{
"$id": "exampleSDID@32473",
"iut": "3",
"eventSource": "Application",
"eventID": "1011"
},
{
"$id": "exampleSDID@32474",
"iut": "4",
"eventSource": "Application",
"eventID": "1012"
},
{
"$id": "ssign",
"VER": "0111",
"RSID": "1",
"SG": "0",
"SPRI": "0",
"GBC": "2",
"FMN": "1",
"CNT": "7",
"HB": "K6wzcombEvKJ+UTMcn9bPryAeaU= zrkDcIeaDluypaPCY8WWzwHpPok= zgrWOdpx16ADc7UmckyIFY53icE= XfopJ+S8/hODapiBBCgVQaLqBKg= J67gKMFl/OauTC20ibbydwIlJC8= M5GziVgB6KPY3ERU1HXdSi2vtdw= Wxd/lU7uG/ipEYT9xeqnsfohyH0=",
"SIGN": "AKBbX4J7QkrwuwdbV7Taujk2lvOf8gCgC62We1QYfnrNHz7FzAvdySuMyfM="
}
],
"header": "<110>1 2009-05-03T14:00:39.529966+02:00 host.example.org/relay.example.org syslogd 2138 - ",
"fields": []
},
{
"originalMessage": "<163>8,3,00000002-0002-0002-0002-000000028629,00000001-0001-0001-0001-000000028629,\"28629: SMB: Microsoft Windows Search Service Memory Corruption Vulnerability\",28629,\"tcp\",172.19.215.118,65409,172.22.215.36,445,1,11A,11B,25,0,\"madips5k01\",33497931,1497449283018, ,5757687",
"pri": "<163>",
"prival": 163,
"facilityval": 20,
"levelval": 3,
"facility": "local4",
"level": "error",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.082Z",
"message": "8,3,00000002-0002-0002-0002-000000028629,00000001-0001-0001-0001-000000028629,\"28629: SMB: Microsoft Windows Search Service Memory Corruption Vulnerability\",28629,\"tcp\",172.19.215.118,65409,172.22.215.36,445,1,11A,11B,25,0,\"madips5k01\",33497931,1497449283018, ,5757687",
"chain": [],
"host": "",
"header": "<163>"
},
{
"originalMessage": "<20>Jun 15 12:33:52 Syslog_LogICAV: Warning: Received an invalid DNS Response: rcode=ServFail data=\"'F\\\\x15\\\\x81\\\\x82\\\\x00\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x06health\\\\x03gov\\\\x02bh\\\\x00\\\\x00\\\\x0f\\\\x00\\\\x01'\" to IP 172.22.204.220 looking up health.gov.bh",
"pri": "<20>",
"prival": 20,
"facilityval": 2,
"levelval": 4,
"facility": "mail",
"level": "warn",
"type": "BSD",
"ts": "2019-06-15T10:33:52.000Z",
"host": "Syslog_LogICAV",
"message": "Warning: Received an invalid DNS Response: rcode=ServFail data=\"'F\\\\x15\\\\x81\\\\x82\\\\x00\\\\x01\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x00\\\\x06health\\\\x03gov\\\\x02bh\\\\x00\\\\x00\\\\x0f\\\\x00\\\\x01'\" to IP 172.22.204.220 looking up health.gov.bh",
"chain": [],
"fields": [],
"header": "<20>Jun 15 12:33:52 Syslog_LogICAV: "
},
{
"originalMessage": "<13>Jul 14 10:10:39 172.22.208.24 MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Information||||Info||Audit Success||2017-07-14 10:10:39||1123805||||||612||2192||0||0|| ||Security||madcpvflexaprtl.acme.es||||S-1-5-21-1506503333-1133455874-5522801-237819;usrnnmi;acme;E8CB665h;3||An account was logged off. Subject: \tSecurity ID:\t\tS-1-5-21-1506503333-1133455874-5522801-237819 \tAccount Name:\t\tusrnnmi \tAccount Domain:\t\tacme \tLogon ID:\t\t0xE8CB665 Logon Type:\t\t\t3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.\n",
"pri": "<13>",
"prival": 13,
"facilityval": 1,
"levelval": 5,
"facility": "user",
"level": "notice",
"type": "BSD",
"ts": "2019-07-14T08:10:39.000Z",
"host": "172.22.208.24",
"appName": "MSWinEventLog",
"pid": "1",
"message": "||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4634||0||Information||||Info||Audit Success||2017-07-14 10:10:39||1123805||||||612||2192||0||0|| ||Security||madcpvflexaprtl.acme.es||||S-1-5-21-1506503333-1133455874-5522801-237819;usrnnmi;acme;E8CB665h;3||An account was logged off. Subject: \tSecurity ID:\t\tS-1-5-21-1506503333-1133455874-5522801-237819 \tAccount Name:\t\tusrnnmi \tAccount Domain:\t\tacme \tLogon ID:\t\t0xE8CB665 Logon Type:\t\t\t3 This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.",
"chain": [],
"fields": [],
"header": "<13>Jul 14 10:10:39 172.22.208.24 MSWinEventLog 1 "
},
{
"originalMessage": "Sep 14 00:41:58 MADARRBCKOC MSWinEventLog 1 ||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4672||0||Information||||Info||Audit Success||2017-09-14 00:41:58||154144||||||568||4612||0||0|| ||Security||madarrbckoc.acme.es||||S-1-5-18;MADARRBCKOC$;acme;309CE194h;SeSecurityPrivilege \t\t\tSeBackupPrivilege \t\t\tSeRestorePrivilege \t\t\tSeTakeOwnershipPrivilege \t\t\tSeDebugPrivilege \t\t\tSeSystemEnvironmentPrivilege \t\t\tSeLoadDriverPrivilege \t\t\tSeImpersonatePrivilege||Special privileges assigned to new logon. Subject: \tSecurity ID:\t\tS-1-5-18 \tAccount Name:\t\tMADARRBCKOC$ \tAccount Domain:\t\tacme \tLogon ID:\t\t0x309ce194 Privileges:\t\tSeSecurityPrivilege \t\t\tSeBackupPrivilege \t\t\tSeRestorePrivilege \t\t\tSeTakeOwnershipPrivilege \t\t\tSeDebugPrivilege \t\t\tSeSystemEnvironmentPrivilege \t\t\tSeLoadDriverPrivilege \t\t\tSeImpersonatePrivilege",
"pri": "",
"prival": null,
"type": "BSD",
"ts": "2019-09-13T22:41:58.000Z",
"host": "MADARRBCKOC",
"appName": "MSWinEventLog",
"pid": "1",
"message": "||{54849625-5478-4994-A5BA-3E3B0328C30D}||Microsoft-Windows-Security-Auditing||4672||0||Information||||Info||Audit Success||2017-09-14 00:41:58||154144||||||568||4612||0||0|| ||Security||madarrbckoc.acme.es||||S-1-5-18;MADARRBCKOC$;acme;309CE194h;SeSecurityPrivilege \t\t\tSeBackupPrivilege \t\t\tSeRestorePrivilege \t\t\tSeTakeOwnershipPrivilege \t\t\tSeDebugPrivilege \t\t\tSeSystemEnvironmentPrivilege \t\t\tSeLoadDriverPrivilege \t\t\tSeImpersonatePrivilege||Special privileges assigned to new logon. Subject: \tSecurity ID:\t\tS-1-5-18 \tAccount Name:\t\tMADARRBCKOC$ \tAccount Domain:\t\tacme \tLogon ID:\t\t0x309ce194 Privileges:\t\tSeSecurityPrivilege \t\t\tSeBackupPrivilege \t\t\tSeRestorePrivilege \t\t\tSeTakeOwnershipPrivilege \t\t\tSeDebugPrivilege \t\t\tSeSystemEnvironmentPrivilege \t\t\tSeLoadDriverPrivilege \t\t\tSeImpersonatePrivilege",
"chain": [],
"fields": [],
"header": "Sep 14 00:41:58 MADARRBCKOC MSWinEventLog 1 "
},
{
"originalMessage": "CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1",
"pri": "",
"prival": null,
"type": "CEF",
"ts": "2019-11-08T11:45:23.084Z",
"message": "CEF:0|security|threatmanager|1.0|100|detected a \\| in message|10|src=10.0.0.1 act=blocked a | dst=1.1.1.1",
"chain": [],
"host": "",
"cef": {
"version": "CEF:0",
"deviceVendor": "security",
"deviceProduct": "threatmanager",
"deviceVersion": "1.0",
"deviceEventClassID": "100",
"name": "detected a \\| in message",
"severity": "10",
"extension": "src=10.0.0.1 act=blocked a | dst=1.1.1.1"
},
"fields": {
"src": "10.0.0.1",
"act": "blocked a |",
"dst": "1.1.1.1"
},
"header": ""
},
{
"originalMessage": "Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1",
"pri": "",
"prival": null,
"type": "CEF",
"ts": "2019-09-19T06:26:10.000Z",
"host": "host",
"message": "CEF:0|security|threatmanager|1.0|100|detected a \\ in packet|10|src=10.0.0.1 act=blocked a \\ dst=1.1.1.1",
"chain": [],
"cef": {
"version": "CEF:0",
"deviceVendor": "security",
"deviceProduct": "threatmanager",
"deviceVersion": "1.0",
"deviceEventClassID": "100",
"name": "detected a \\ in packet",
"severity": "10",
"extension": "src=10.0.0.1 act=blocked a \\ dst=1.1.1.1"
},
"fields": {
"src": "10.0.0.1",
"act": "blocked a \\",
"dst": "1.1.1.1"
},
"header": "Sep 19 08:26:10 host "
},
{
"originalMessage": "Sep 19 08:26:10 host CEF:0|security|threatmanager|1.0|100|detected a = in message|10|src=10.0.0.1 act=blocked a \\= dst=1.1.1.1",
"pri": "",
"prival": null,
"type": "CEF",
"ts": "2019-09-19T06:26:10.000Z",
"host": "host",
"message": "CEF:0|security|threatmanager|1.0|100|detected a = in message|10|src=10.0.0.1 act=blocked a \\= dst=1.1.1.1",
"chain": [],
"cef": {
"version": "CEF:0",
"deviceVendor": "security",
"deviceProduct": "threatmanager",
"deviceVersion": "1.0",
"deviceEventClassID": "100",
"name": "detected a = in message",
"severity": "10",
"extension": "src=10.0.0.1 act=blocked a \\= dst=1.1.1.1"
},
"fields": {
"src": "10.0.0.1",
"act": "blocked a",
"\\": "",
"dst": "1.1.1.1"
},
"header": "Sep 19 08:26:10 host "
},
{
"originalMessage": "Jan 18 11:07:53 dsmhost CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5",
"pri": "",
"prival": null,
"type": "CEF",
"ts": "2019-01-18T10:07:53.000Z",
"host": "dsmhost",
"message": "CEF:0|Trend Micro|Deep Security Manager|<DSM version>|600|User Signed In|3|src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5",
"chain": [],
"cef": {
"version": "CEF:0",
"deviceVendor": "Trend Micro",
"deviceProduct": "Deep Security Manager",
"deviceVersion": "<DSM version>",
"deviceEventClassID": "600",
"name": "User Signed In",
"severity": "3",
"extension": "src=10.52.116.160 suser=admin target=admin msg=User signed in from 2001:db8::5"
},
"fields": {
"src": "10.52.116.160",
"suser": "admin",
"target": "admin",
"msg": "User signed in from 2001:db8::5"
},
"header": "Jan 18 11:07:53 dsmhost "
},
{
"originalMessage": "<30>1 2018-06-24T22:22:53Z my.test.com testapp 26599 testapp - This: contains two : colons",
"pri": "<30>",
"prival": 30,
"facilityval": 3,
"levelval": 6,
"facility": "daemon",
"level": "info",
"version": 1,
"type": "RFC5424",
"ts": "2018-06-24T22:22:53.000Z",
"host": "my.test.com",
"appName": "testapp",
"pid": "26599",
"messageid": "testapp",
"structuredData": [],
"message": "This: contains two : colons",
"chain": [],
"fields": [],
"header": "<30>1 2018-06-24T22:22:53Z my.test.com testapp 26599 testapp - "
},
{
"originalMessage": "<30>Aug 4 16:53:13 pinger[1334]: 64 bytes from 87.250.250.242: seq=69 ttl=37 time=33.918 ms\n",
"pri": "<30>",
"prival": 30,
"facilityval": 3,
"levelval": 6,
"facility": "daemon",
"level": "info",
"type": "BSD",
"ts": "2019-08-04T14:53:13.000Z",
"host": "pinger[1334]",
"message": "64 bytes from 87.250.250.242: seq=69 ttl=37 time=33.918 ms",
"chain": [],
"fields": [],
"header": "<30>Aug 4 16:53:13 pinger[1334]: "
},
{
"originalMessage": "<190>AMP (airwave)[6944]: Your license does not allow you to create or authorize additional APs/Devices\tSystem\tSystem\t\t\t",
"pri": "<190>",
"prival": 190,
"facilityval": 23,
"levelval": 6,
"facility": "local7",
"level": "info",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"host": "AMP",
"appName": "(airwave)",
"message": "Your license does not allow you to create or authorize additional APs/Devices\tSystem\tSystem",
"chain": [],
"header": "<190>AMP (airwave)[6944]: ",
"pid": "6944"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.31 srcport=49853 srcintf=\"WIFI_XXX\" dstip=173.194.76.188 dstport=5228 dstintf=\"FW-310B_HP-8206\" sessionid=4732460 proto=6 action=timeout policyid=37 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/5228\" duration=39 sentbyte=156 rcvdbyte=0 sentpkt=3 rcvdpkt=0 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.31 srcport=49853 srcintf=\"WIFI_XXX\" dstip=173.194.76.188 dstport=5228 dstintf=\"FW-310B_HP-8206\" sessionid=4732460 proto=6 action=timeout policyid=37 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/5228\" duration=39 sentbyte=156 rcvdbyte=0 sentpkt=3 rcvdpkt=0 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=192.168.134.9 srcport=58335 srcintf=\"WIFI_INVITADOS\" dstip=104.36.251.158 dstport=443 dstintf=\"port8\" sessionid=4733602 proto=6 action=close policyid=40 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=snat transip=192.168.98.6 transport=58335 service=\"HTTPS\" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=192.168.134.9 srcport=58335 srcintf=\"WIFI_INVITADOS\" dstip=104.36.251.158 dstport=443 dstintf=\"port8\" sessionid=4733602 proto=6 action=close policyid=40 dstcountry=\"United States\" srccountry=\"Reserved\" trandisp=snat transip=192.168.98.6 transport=58335 service=\"HTTPS\" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=10.67.24.31 srcport=137 srcintf=\"WIFI_XXX\" dstip=10.67.24.255 dstport=137 dstintf=unknown-0 sessionid=4733634 proto=17 action=deny policyid=0 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"SMB1\" app=\"netbios forward\" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0001000014 type=traffic subtype=local level=notice vd=root srcip=10.67.24.31 srcport=137 srcintf=\"WIFI_XXX\" dstip=10.67.24.255 dstport=137 dstintf=unknown-0 sessionid=4733634 proto=17 action=deny policyid=0 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"SMB1\" app=\"netbios forward\" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.13.179.169 srcport=55386 srcintf=\"FW-310B_HP-8206\" dstip=10.67.24.16 dstport=7680 dstintf=\"WIFI_XXX\" sessionid=4733609 proto=6 action=close policyid=42 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/7680\" duration=1 sentbyte=52 rcvdbyte=40 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:18 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.13.179.169 srcport=55386 srcintf=\"FW-310B_HP-8206\" dstip=10.67.24.16 dstport=7680 dstintf=\"WIFI_XXX\" sessionid=4733609 proto=6 action=close policyid=42 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/7680\" duration=1 sentbyte=52 rcvdbyte=40 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=62407 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733388 proto=17 action=accept policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"DNS\" duration=10 sentbyte=115 rcvdbyte=190 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=62407 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733388 proto=17 action=accept policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"DNS\" duration=10 sentbyte=115 rcvdbyte=190 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=62407 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733388 proto=17 action=dns policyid=37 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=62407 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733388 proto=17 action=dns policyid=37 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.5 srcport=52970 srcintf=\"WIFI_XXX\" dstip=10.13.179.156 dstport=7680 dstintf=\"FW-310B_HP-8206\" sessionid=4733612 proto=6 action=close policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/7680\" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.5 srcport=52970 srcintf=\"WIFI_XXX\" dstip=10.13.179.156 dstport=7680 dstintf=\"FW-310B_HP-8206\" sessionid=4733612 proto=6 action=close policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"tcp/7680\" duration=1 sentbyte=132 rcvdbyte=92 sentpkt=3 rcvdpkt=2 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=52839 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733389 proto=17 action=dns policyid=37 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000011 type=traffic subtype=forward level=warning vd=root srcip=10.67.24.32 srcport=52839 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733389 proto=17 action=dns policyid=37 appcat=\"unscanned\" crscore=5 craction=262144 crlevel=low",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<189>date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=52839 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733389 proto=17 action=accept policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"DNS\" duration=10 sentbyte=90 rcvdbyte=165 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"pri": "<189>",
"prival": 189,
"facilityval": 23,
"levelval": 5,
"facility": "local7",
"level": "notice",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.086Z",
"message": "date=2018-09-13 time=10:12:19 devname=FW-310B-01 devid=FG300B3911601588 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=10.67.24.32 srcport=52839 srcintf=\"WIFI_XXX\" dstip=10.67.11.102 dstport=53 dstintf=\"FW-310B_HP-8206\" sessionid=4733389 proto=17 action=accept policyid=37 dstcountry=\"Reserved\" srccountry=\"Reserved\" trandisp=noop service=\"DNS\" duration=10 sentbyte=90 rcvdbyte=165 sentpkt=1 rcvdpkt=1 appcat=\"unscanned\"",
"chain": [],
"host": "",
"header": "<189>"
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=senasa.jcgp destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b49d0b950026 dst=192.168.135.50 src=192.168.131.1 rt=Sep 12 2018 15:32:11",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=isdefe.coy destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b0e23596f602 dst=192.168.135.33 src=192.168.131.1 rt=Sep 12 2018 15:31:14",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=isdefe.coy destinationServiceName=Wireless_MAC_USUARIOS dpriv=[Employee], [MAC Caching], [User Authenticated] dmac=b0e23596f602 dst=192.168.135.33 src=192.168.131.1 rt=Sep 12 2018 15:31:14",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONisdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONisdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:44",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:44",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:54",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mjtp destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=b88a60913683 dst=192.168.133.23 src=192.168.131.1 rt=Sep 12 2018 15:31:54",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONstroncoso destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [User Authenticated] dmac=bc8385e2d4b7 dst=10.67.24.3 src=192.168.131.1 rt=Sep 12 2018 15:30:25",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONstroncoso destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [User Authenticated] dmac=bc8385e2d4b7 dst=10.67.24.3 src=192.168.131.1 rt=Sep 12 2018 15:30:25",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mmin destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=1002b54c3088 dst=192.168.133.14 src=192.168.131.1 rt=Sep 12 2018 15:31:50",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONsenasa.mmin destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=1002b54c3088 dst=192.168.133.14 src=192.168.131.1 rt=Sep 12 2018 15:31:50",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<143>Sep 12 2018 15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONisdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37",
"pri": "<143>",
"prival": 143,
"facilityval": 17,
"levelval": 7,
"facility": "local1",
"level": "debug",
"type": "BSD",
"ts": "2019-09-11T22:00:00.000Z",
"message": "15:32:19 10.67.3.37 CEF:0|Aruba Networks|ClearPass|6.7.5.108264|2000|Logged in users|1|cat=Session Logs dvc=10.67.3.37 duser=AVIACIONisdefe.mag destinationServiceName=XXX_Wireless_802.1x_Servicio_Corporativo dpriv=Corporate_Machine, [Machine Authenticated], [Other], [User Authenticated] dmac=f48c50ce757f dst=10.67.24.39 src=192.168.131.1 rt=Sep 12 2018 15:31:37",
"chain": [],
"host": "",
"fields": [],
"header": "<143>Sep 12 2018 "
},
{
"originalMessage": "<30>s2413-XXX.aviacion.fomento.es Instancia3[22469]: INFO 17:33:22,521 INFO [stdout] (http--0.0.0.0-8083-299) 2018-09-25 17:33:22,521 INFO - es.XXX.dcta.core.ws.consultas.DctaCoreConsultasPortImpl - Finishing operation obtenerConsentimientos | usuario= sed1 count= 2\n",
"pri": "<30>",
"prival": 30,
"facilityval": 3,
"levelval": 6,
"facility": "daemon",
"level": "info",
"type": "UNKNOWN",
"ts": "2019-11-08T11:45:23.087Z",
"host": "s2413-XXX.aviacion.fomento.es",
"appName": "Instancia3",
"message": "INFO 17:33:22,521 INFO [stdout] (http--0.0.0.0-8083-299) 2018-09-25 17:33:22,521 INFO - es.XXX.dcta.core.ws.consultas.DctaCoreConsultasPortImpl - Finishing operation obtenerConsentimientos | usuario= sed1 count= 2",
"chain": [],
"header": "<30>s2413-XXX.aviacion.fomento.es Instancia3[22469]: ",
"pid": "22469"
},
{
"originalMessage": "<166>Nov 6 13:07:13 MADCPVDS1 CEF:0|Trend Micro|Deep Security Manager|11.0.249|720|Policy Sent|3|src=172.22.225.30 suser=System target=Colbog7mtt msg=The policy (fingerprint 6B:20:C9:33:9C:C9:5D:AD:2C:51:94:67:17:53:E7:68:95:B9:2B:A1) was successfully sent to the agent. TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 ",
"pri": "<166>",
"prival": 166,
"facilityval": 20,
"levelval": 6,
"facility": "local4",
"level": "info",
"type": "CEF",
"ts": "2019-11-06T12:07:13.000Z",
"host": "MADCPVDS1",
"message": "CEF:0|Trend Micro|Deep Security Manager|11.0.249|720|Policy Sent|3|src=172.22.225.30 suser=System target=Colbog7mtt msg=The policy (fingerprint 6B:20:C9:33:9C:C9:5D:AD:2C:51:94:67:17:53:E7:68:95:B9:2B:A1) was successfully sent to the agent. TrendMicroDsTenant=Primary TrendMicroDsTenantId=0",
"chain": [],
"cef": {
"version": "CEF:0",
"deviceVendor": "Trend Micro",
"deviceProduct": "Deep Security Manager",
"deviceVersion": "11.0.249",
"deviceEventClassID": "720",
"name": "Policy Sent",
"severity": "3",
"extension": "src=172.22.225.30 suser=System target=Colbog7mtt msg=The policy (fingerprint 6B:20:C9:33:9C:C9:5D:AD:2C:51:94:67:17:53:E7:68:95:B9:2B:A1) was successfully sent to the agent. TrendMicroDsTenant=Primary TrendMicroDsTenantId=0 "
},
"fields": {
"src": "172.22.225.30",
"suser": "System",
"target": "Colbog7mtt",
"msg": "The policy (fingerprint 6B:20:C9:33:9C:C9:5D:AD:2C:51:94:67:17:53:E7:68:95:B9:2B:A1) was successfully sent to the agent.",
"TrendMicroDsTenant": "Primary",
"TrendMicroDsTenantId": "0 "
},
"header": "<166>Nov 6 13:07:13 MADCPVDS1 "
},
{
"originalMessage": "<33>0 2019-11-07T06:09:28+01:00 destmp.ICA.age Manual - - - Scanning Finished: Spyware found [alertMeta@0 oid=\"1.3.6.1.4.1.2213.12.2147483647.104\" shost=\"ICA2827\" uid=\"56d3b8fe-602b-2548-921a-ce1a821e7b31\" domainTreePath=\"Root/ICA.age/ICA/PCs/Alcala/Planta-4/ICA2827\" suser=\"NT AUTHORITYSYSTEM\" message=\"Manual scanning was finished - spyware was found in the system.\"]",
"pri": "<33>",
"prival": 33,
"facilityval": 4,
"levelval": 1,
"facility": "auth",
"level": "alert",
"version": 0,
"type": "RFC5424",
"ts": "2019-11-07T05:09:28.000Z",
"host": "destmp.ICA.age",
"appName": "Manual",
"pid": "-",
"messageid": "-",
"structuredData": [
{
"$id": "alertMeta@0",
"oid": "1.3.6.1.4.1.2213.12.2147483647.104",
"shost": "ICA2827",
"uid": "56d3b8fe-602b-2548-921a-ce1a821e7b31",
"domainTreePath": "Root/ICA.age/ICA/PCs/Alcala/Planta-4/ICA2827",
"suser": "NT AUTHORITYSYSTEM",
"message": "Manual scanning was finished - spyware was found in the system."
}
],
"message": "Scanning Finished: Spyware found",
"chain": [],
"header": "<33>0 2019-11-07T06:09:28+01:00 destmp.ICA.age Manual - - - ",
"fields": []
},
{
"originalMessage": "<35>0 2019-11-07T13:34:02+01:00 destmp.ICA.age Reverted - - - to a backup copy of the incremental policy file [alertMeta@0 oid=\"1.3.6.1.4.1.2213.11.2147483647.240\" shost=\"CZC8028KZK\" uid=\"32112a5b-d3e6-e784-860c-edfa00d2ab28\" domainTreePath=\"Root/ICA.age/ICA/PCs/Bolivia/Planta-5/CZC8028KZK\" suser=\"ICAijgoni\" message=\"The incremental policy file (policy.ipf) was corrupted and a backup copy of it was successfully taken into use. Some local settings or statistics may have been lost.\"]",
"pri": "<35>",
"prival": 35,
"facilityval": 4,
"levelval": 3,
"facility": "auth",
"level": "error",
"version": 0,
"type": "RFC5424",
"ts": "2019-11-07T12:34:02.000Z",
"host": "destmp.ICA.age",
"appName": "Reverted",
"pid": "-",
"messageid": "-",
"structuredData": [
{
"$id": "alertMeta@0",
"oid": "1.3.6.1.4.1.2213.11.2147483647.240",
"shost": "CZC8028KZK",
"uid": "32112a5b-d3e6-e784-860c-edfa00d2ab28",
"domainTreePath": "Root/ICA.age/ICA/PCs/Bolivia/Planta-5/CZC8028KZK",
"suser": "ICAijgoni",
"message": "The incremental policy file (policy.ipf) was corrupted and a backup copy of it was successfully taken into use. Some local settings or statistics may have been lost."
}
],
"message": "to a backup copy of the incremental policy file",
"chain": [],
"header": "<35>0 2019-11-07T13:34:02+01:00 destmp.ICA.age Reverted - - - ",
"fields": []
},
{
"originalMessage": "<35>0 2019-11-07T13:34:02+01:00 destmp.ICA.age Reverted - - - [alertMeta@0 oid=\"1.3.6.1.4.1.2213.11.2147483647.240\" shost=\"CZC8028KZK\" uid=\"32112a5b-d3e6-e784-860c-edfa00d2ab28\" domainTreePath=\"Root/ICA.age/ICA/PCs/Bolivia/Planta-5/CZC8028KZK\" suser=\"ICAijgoni\" message=\"The incremental policy file (policy.ipf) was corrupted and a backup copy of it was successfully taken into use. Some local settings or statistics may have been lost.\"] to a backup copy of the incremental policy file",
"pri": "<35>",
"prival": 35,
"facilityval": 4,
"levelval": 3,
"facility": "auth",
"level": "error",
"version": 0,
"type": "RFC5424",
"ts": "2019-11-07T12:34:02.000Z",
"host": "destmp.ICA.age",
"appName": "Reverted",
"pid": "-",
"messageid": "-",
"structuredData": [
{
"$id": "alertMeta@0",
"oid": "1.3.6.1.4.1.2213.11.2147483647.240",
"shost": "CZC8028KZK",
"uid": "32112a5b-d3e6-e784-860c-edfa00d2ab28",
"domainTreePath": "Root/ICA.age/ICA/PCs/Bolivia/Planta-5/CZC8028KZK",
"suser": "ICAijgoni",
"message": "The incremental policy file (policy.ipf) was corrupted and a backup copy of it was successfully taken into use. Some local settings or statistics may have been lost."
}
],
"message": "to a backup copy of the incremental policy file",
"chain": [],
"header": "<35>0 2019-11-07T13:34:02+01:00 destmp.ICA.age Reverted - - - ",
"fields": []
}
];
dist/nsyslog-parser.js.map

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc