-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathRegex Overrides.txt
57 lines (46 loc) · 1.45 KB
/
Regex Overrides.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
Authentication Method (Custom):
Expression Type: Regex
Expression: user\s'\w+'\sauthenticated\susing\s'(.*?)'
Format String: $1
Destination IP:
Expression Type: Regex
Expression: IPv4=(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})
Format String $1
Event Category:
Expression Type: Regex
Expression: (openvpn)(\:\s|\[\d+\]\:\s)
Format String: $1
Event ID:
Expression Type: Regex
Expression: (?:openvpn|openvpn\[\d+\])\:\s(?:(?:\w+\/|)(?:\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d+)(?:\s\[.*?\]|\sread|)\s|\S+\s'\w+'\s|)(.*?)(?:\s\(|\s\w+\s\[|\s\w+\s\'.*?\'|\,|\.\s|$|(?:|\:)\s\w+=|\.$)
Format String: $1
Log Source Time:
Expression Type: Regex
Expression: (\w+)\s+(\d+)\s+([\d:]+)\s
Format String: 2019-$1-$2 $3
Date Format: yyyy-MMM-dd hh:mm:ss
Peer Info (Custom):
Expression Type: Regex
Expression: peer\sinfo\:\s(\S+)
Format String: $1
Source IP:
Expression Type: Regex
Expression: [\s|\/|\:](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})[\s|\/|\:]
Format String: $1
Expression Type: Regex
Expression: [\s|\/|\:](\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})[\s|\/|\:]
Format String: $1
Source Port:
Expression Type: Regex
Expression: \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:(\d+)
Capture Group: 1
User:
Expression Type: Regex
Expression: openvpn\[\d+\]\:\s(\w+)\/
Format String: $1
Expression Type: Regex
Expression: openvpn\:\suser\s'(\w+)'
Format String: $1
Expression Type: Regex
Expression: openvpn\[\d+\]\:\s\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\s\[(\w+)\]
Format String: $1