(?P<event_message>An account was successfully logged on.)\s+Subject:\s+Security ID:\s+(?P<subject_security_id>.*?)\s+Account Name:\s+(?P<subject_account_name>.*?)\s+Account Domain:\s+(?P<subject_account_domain>.*?)\s+Logon ID:\s+(?P<subject_logon_id>.*?)\s+Logon Type:\s+(?P<logon_type>.*?)\s+(?:Impersonation Level:\s+(?P<impersonation_level>.*?)\s+)?New Logon:\s+Security ID:\s+(?P<security_id>.*?)\s+Account Name:\s+(?P<logon_account_name>.*?)\s+Account Domain:\s*(?P<logon_account_domain>.*?)\s+Logon ID:\s+(?P<session_id>.*?)\s+Logon GUID:\s+(?P<logon_guid>.*?)\s+Process Information:\s+Process ID:\s+(?P<process_id>.*?)\s+Process Name:\s+(?P<process_name>.*?)\s+Network Information:\s+Workstation Name:\s+(?P<workstation_name>.*?)\s*Source Network Address:\s+(?P<src_addr>\S+)\s+Source Port:\s+(?P<src_port>.*?)\s+Detailed Authentication Information:\s+Logon Process:\s+(?P<logon_process>.*?)\s+Authentication Package:\s+(?P<auth_package>\S+)\s+Transited Services:\s+(?P<trans_serv>.*?)\s+Package Name \S+\s+\S+\s+(?P<package_name>.*?)\s+Key Length:\s+(?P<key_length>.*?)\s+(?P<event_details>.*)