Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 203

Table 84-1 Example of Messages
Destination Port
Protocol
User Name
Mac Address
Once the available data fields have been visually isolated, build individual regular
expressions capable of searching and parsing the specific event messages to
extract the necessary data field information. You can now use the regular
expression calculator to build these individual expressions.
To build individual expressions:
Open the regular expressions calculator.
Step 1
Paste the example of the Firewall Accept syslog message into the regular
Step 2
expression calculator's string or Sample text field.
Once the string field has been populated, create a regular expression search
Step 3
pattern for the event name field, which in this example is the text string pass. By
using the knowledge from the regular expression tutorials, you can create the
search pattern in an attempt to isolate the pass string.
\s(pass)\s
Note: The \s in the regular expression language detects white space while the
parentheses controls the exact data being returned in the search.
Copy this proposed search pattern for the event name into the Search Pattern field
Step 4
of the regular expression calculator.
Firewall Accept Record
6080
(not available)
John Doe
00:01:23:45:67:89
Configuring DSMs Guide
Universal DSM Example
Firewall Deny Record
1026
(not available)
(not available)
(not available)
197