-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathRegex Overrides.txt
107 lines (85 loc) · 3.23 KB
/
Regex Overrides.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
Destination IP:
Expression Type: Regex
Expression: filterlog\:\s.*?\,(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\,(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\,
Format String: $2
Expression Type: Regex
Expression: (?:dhcpd|dhclient|dhclient\[\d+\])\:.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Format String: $1
Destination MAC
Expression Type: Regex
Expression: (([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}))
Format String: $2
Destination Port
Expression Type: Regex
Expression: filterlog\:\s.*?\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,(\d{1,5})\,(\d{1,5})\,
Capture Group: 2
Expression Type: Regex
Expression: filterlog\:\s.*?\,6\,.*?\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,([\d]{1,5})\,([\d]{1,5})\,
Capture Group: 2
Event Category:
Expression Type: Regex
Expression: \w+\s+\d+\s+[\d:]+\s(\w+)(?:\:\s|\[\d+\]\:\s)
Format String: $1
Event ID:
Expression Type: Regex
Expression: filterlog\:\s.*?\,.*?\,.*?\,.*?\,.*?\,.*?\,(.*?)\,
Format String: $1
Expression Type: Regex
Expression: dhcpd\:\s([\w\_]{1,15})
Format String: $1
Expression Type: Regex
Expression: unbound\:.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\s([\w\.\-]{1,180})\.\s([A-Z]{1,10})\s([A-Z]{1,10})
Format String: $3
Expression Type: Regex
Expression: dhclient(?:\[\d+\]|)\:\s(?:\w+\d\s|)(.*?)(?:\s(?:on|from)\s\w+|\:|\s\'|\s\(\w+\)|\(\)|\s\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\.$|$)
Format String: $1
Hostname:
Expression Type: Regex
Expression: dhcpd\:.*?\((.*?)\)
Capture Group: 1
Identity Host Name:
Expression Type: Regex
Expression: dhcpd\:.*?\((.*?)\)
Format String: $1
Identity IP:
Expression Type: Regex
Expression: dhcpd\:.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Format String: $1
Identity MAC
Expression Type: regex
Expression: (([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2}))
Format String: $1
IPv6 Destination:
Expression Type: Regex
Expression: filterlog\:\s.*?\,6\,.*?\,([0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45})\,([0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45})\,
Format String: $2
IPv6 Source:
Expression Type: Regex
Expression: filterlog\:\s.*?\,6\,.*?\,([0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45})\,([0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45})\,
Format String: $1
Log Source Time:
Expression Type: Regex
Expression: (\w+)\s+(\d+)\s+([\d:]+)\s
Format String: 2019-$1-$2 $3
Date Format: yyyy-MMM-dd hh:mm:ss
Protocol:
Expression Type: Regex
Expression: filterlog\:\s.*?\,4\,.*?\,([\d]{1,3})\,(\w{1,6})\,\d{1,3}\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,
Format String: $2
Expression Type: Regex
Expression: filterlog\:\s.*?\,.*?\,.*?\,6\,.*?\,.*?\,.*?\,(.*?)\,.*?\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,
Format String: $1
Source IP:
Expression Type: Regex
Expression: filterlog\:\s.*?\,(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\,(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\,
Format String: $1
Expression Type: Regex
Expression: unbound\:.*?(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Format String: $1
Source Port:
Expression Type: Regex
Expression: filterlog\:\s.*?\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\,(\d{1,5})\,(\d{1,5})\,
Capture Group: 1
Expression Type: Regex
Expression: filterlog\:\s.*?\,6\,.*?\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,[0-9a-f\:]{2,45}\:[0-9a-f\:]{2,45}\,([\d]{1,5})\,([\d]{1,5})\,
Capture Group: 1