Parser Content

{
Name = "leap-l-str-app-activity-success-leapshk"
Vendor = "LEAP"
Product = "LEAP"
TimeFormat = "yyyyMMdd:HH.mm.ss"
Conditions = [
"""|LEAPSHK|TUAUDIT|"""
]
Fields = [
"""\w+\s+\d+\s+\d+:\d+:\d+\s+({host}[\w\-.]+)\s"""
"""({location}\w+)\|({app_code}({app}LEAPS)[^\|]*)\|TUAUDIT\|({time}[^\|]+)\|({user}[\w\.\-\!\#\^\~]{1,40}\$?)\|[^\|]*\|\s*(?:|NULL|({dest_ip}((([0-9a-fA-F.]{0,4}):{1,2}){1,7}([0-9a-fA-F]){1,4})|(((25[0-5]|(2[0-4]|1\d|[0-9]|)\d)\.?\b){4}))(:({dest_port}\d+))?|({dest_host}.+?))\s*\|({object}[^\|]+)\|[^\|]*\|({operation}[^\|]+)\|([^\|]*\|){6}({additional_info}[^\|]+)\|({resource}[^\|\s]+)\s*"""
]
ParserVersion = "v1.0.0"


}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pC_leaplstrappactivitysuccessleapshk.md

pC_leaplstrappactivitysuccessleapshk.md

Parser Content

Files

pC_leaplstrappactivitysuccessleapshk.md

Latest commit

History

pC_leaplstrappactivitysuccessleapshk.md

File metadata and controls

Parser Content