Regular Expressions 101

Community Patterns

fortigate syslog

0

Regular Expression
PCRE (PHP <7.3)

/
^(?<time>[^ ]* [^ ]* [^ ]*) (?<host>[^ ]*) date=(?<forti_date>[^ ]*) time=(?<forti_time>[^ ]*) devname=(?<dev_name>[^ ]*) device_id=(?<dev_id>[^ ]*) log_id=(?<log_id>[^ ]*) type=(?<type>[^ ]*) subtype=(?<subtype>[^ ]*) pri=(?<pri>[^ ]*) vd=(?<vd>[^ ]*) src=(?<src>[^ ]*) src_port=(?<src_port>[^ ]*) src_int="(?<src_int>[^ ]*)" dst=(?<dst>[^ ]*) dst_port=(?<dst_port>[^ ]*) dst_int="(?<dst_int>[^ ]*)" SN=(?<SN>[^ ]*) status=(?<status>[^ ]*) policyid=(?<policy_id>[^ ]*) dst_country="(?<dst_country>[^ ]*)" src_country="(?<src_country>[^ ]*)" service=(?<service>[^ ]*) proto=(?<proto>[^ ]*) duration=(?<duration>[^ ]*) sent=(?<sent>[^ ]*) rcvd=(?<rcvd>[^ ]*)$
/

Description

parse the log line generated from fortigate 60B

Submitted by ViKing - 8 years ago