Parser Content

{
Name = cisco-fp-kv-network-traffic-fail-313005
  ParserVersion = "v1.0.0"
  Vendor = Cisco
  Product = Cisco Firepower
  TimeFormat = "yyyy-MM-dd HH:mm:ss"
  Conditions = [ """-313005""", """%FTD-""", """error message:""" ]
  Fields = [
    """({host}[\w+\.-]+)\s+(\S*:\s*)?%FTD-\d+-\d+:""",
    """%FTD-({priority}\d+)-({event_code}\d+):\s*({event_name}.*?)\sfor\s*({protocol}\w+)\s""",
    """\ssrc\s*({src_interface}[\w-]+):(({src_ip}((([0-9a-fA-F.]{1,4}):{1,2}){7}([0-9a-fA-F]){1,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4})(:({src_port}\d+))?|([A-Fa-f0-9%.]*:[A-Fa-f0-9%.:]+(th0)?))|({src_host}[^\s]+?))(\(({domain}[^\\]+)\\({user}[^\\]+?)\))?""",
    """\sdst\s*({dest_interface}[\w-]+):(({dest_ip}((([0-9a-fA-F.]{1,4}):{1,2}){7}([0-9a-fA-F]){1,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4})(:({dest_port}\d+))?|([A-Fa-f0-9%.]*:[A-Fa-f0-9%.:]+(th0)?))|({dest_host}[^\s]+?)(\s|$))""",
  ]


}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pC_ciscofpkvnetworktrafficfail313005.md

pC_ciscofpkvnetworktrafficfail313005.md

Parser Content

Files

pC_ciscofpkvnetworktrafficfail313005.md

Latest commit

History

pC_ciscofpkvnetworktrafficfail313005.md

File metadata and controls

Parser Content