The table below details the regular expression to successfully search and parse
the event message for the UNIX Firewall used in this example.
Table 84-2 Regular Expressions
Event Name
Source IP
Destination IP
Source Port
Destination Port
Protocol
User Name
Host Name
Source Mac Address 00:01:23:45:67:89 (not available)
<Destination Mac
Address>
<Netbios Name>
<Group Name>
<Severity>
<Device Time>
<Source IP Pre
NAT>
<Destination IP Pre
NAT>
<Source IP Post
NAT>
<Destination IP Post
NAT>
<Destination Port
Post NAT>
<Destination Port Pre
NAT>
<Source Port Pre
NAT>
<Source Port Post
NAT>
Configuring DSMs Guide
Firewall Accept
Firewall Deny
Record
Record
pass
block
172.16.11.240
172.16.165.146
172.16.11.240
172.16.169.126
1844
53
6080
1026
(not available)
(not available)
John Doe
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
Universal DSM Example
Regular Expressions
\s(pass)\s & \s(block)\s
\s(\d+\.\d+\.\d+\.\d+)\.
\>\s(\d+\.\d+\.\d+\.\d+)\.
\.(\d+)\s\>\s
\.(\d+)\:\s
user=\"([^\"]+)\"
(not available)
[0-9a-fA-F][0-9a-fA-F]
[:\-][0-9a-fA-F][0-9a-fA-F]
[:\-][0-9a-fA-F][0-9a-fA-F]
[:\-][0-9a-fA-F][0-9a-fA-F]
[:\-][0-9a-fA-F][0-9a-fA-F]
[:\-][0-9a-fA-F][0-9a-fA-F]
(not available)
(not available)
(not available)
(not available)
(\w{3} \d{2}
\d{1,2}\:\d{2}\:\d{2})\.\d+
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
(not available)
199