Skip to content

Latest commit

 

History

History
22 lines (20 loc) · 751 Bytes

pC_ciscofpstrnetworktrafficfail106023.md

File metadata and controls

22 lines (20 loc) · 751 Bytes

Parser Content

{
Name = cisco-fp-str-network-traffic-fail-106023
  ParserVersion = "v1.0.0"
  Vendor = Cisco
  Product = Cisco Firepower
  TimeFormat = "yyyy-MM-dd HH:mm:ss"
  Conditions = [ """%FTD-""", """-106023""", """Deny """, """ by access-group""" ]
  Fields = [
    """({time}[a-zA-Z]{3} \d\d \d\d\d\d \d\d:\d\d:\d\d)""",
    """:\d\d:\d\d\s+({host}[\w\.-]+)\s*:\s*%FTD-""",
    """%FTD-({priority}\d+)-({event_code}\d+)""",
    """({event_name}({action}Deny)\s+({protocol}\w+))""",
    """\ssrc\s+({src_interface}[^:]+?):({src_ip}\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\/({src_port}\d+))?""",
    """\sdst\s+({dest_interface}[^:]+?):({dest_ip}\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})(\/({dest_port}\d+))?""",
# acl is removed
  ]


}