-
Notifications
You must be signed in to change notification settings - Fork 2
/
fortigate6.4_graylog4.json
1 lines (1 loc) · 85.2 KB
/
fortigate6.4_graylog4.json
1
{"id":"44bf13c6-a822-49e8-8618-88a8e6127a8f","rev":1,"v":"1","name":"Fortigate 6.4.4 Content Pack for graylog4","summary":"Create Fortigate env for graylog4","description":"Input - Fortigate input from port 1500 Raw/Plaintext UDP\nExtractors - All fields as outlined by Fortinet documentation have a corresponding regex extractor update graylog4\nStreams\nEvent- notification - warning security change\nDashboard ","vendor":"Nicolas tedesco","url":"","created_at":"2021-02-09T12:42:03.886Z","server_version":"4.0.2+1987d10","parameters":[{"name":"sender_email","title":"sender","description":"who send notification","type":"string","default_value":"[email protected]"}],"entities":[{"id":"5f3600d1-c4d2-46ee-aad9-a33f65a2fbb8","type":{"name":"dashboard","version":"2"},"v":"1","data":{"summary":{"@type":"string","@value":"Converted Dashboard"},"search":{"queries":[{"id":"7d156949-6355-44c3-85f3-faaa276ba6b5","timerange":{"type":"relative","range":300},"query":{"type":"elasticsearch","query_string":""},"search_types":[{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND subtype:\\\"webfilter\\\" AND eventtype:\\\"ftgd_blk\\\""},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"catdesc","limit":5}],"type":"pivot","id":"c15b75d7-4a77-4304-826a-5ccf5bede45b","column_groups":[],"sort":[{"type":"pivot","field":"catdesc","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 subtype:webfilter"},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"hostname","limit":5}],"type":"pivot","id":"f60e2d57-24a0-4341-82c6-f0a18baf9477","column_groups":[],"sort":[{"type":"pivot","field":"hostname","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic"},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"app","limit":5}],"type":"pivot","id":"90d6cbfa-f492-4330-88e1-27dd5467b171","column_groups":[],"sort":[{"type":"pivot","field":"app","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic subtype:forward"},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"dstcountry","limit":10}],"type":"pivot","id":"adb57c5a-c1d2-4801-bdf3-9549acfbfc83","column_groups":[],"sort":[{"type":"series","field":"count()","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 subtype:webfilter"},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"hostname","limit":50}],"type":"pivot","id":"b0910946-2e55-4292-9f3e-4e39eeb02e05","column_groups":[],"sort":[{"type":"series","field":"count()","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype: app-ctrl And action: block"},"name":"chart","timerange":{"type":"relative","range":0},"streams":[],"series":[{"type":"count","id":"count(action)","field":"action"}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"appcat","limit":15},{"type":"values","field":"app","limit":15}],"type":"pivot","id":"39668991-6116-4e42-8de6-dd6618e93116","column_groups":[],"sort":[{"type":"series","field":"count(action)","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic subtype:forward"},"name":"chart","timerange":{"type":"relative","range":86400},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"app","limit":50}],"type":"pivot","id":"410f38cf-2080-46b9-b41a-d5366b8a6a8f","column_groups":[],"sort":[{"type":"series","field":"count()","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 NOT action:client\\-rst AND NOT action:server\\-rst"},"name":"chart","timerange":{"type":"relative","range":0},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"action","limit":15}],"type":"pivot","id":"683e3e7e-77d5-4a38-b440-55ffc0724703","column_groups":[],"sort":[]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8"},"name":"chart","timerange":{"type":"relative","range":0},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"subtype","limit":15}],"type":"pivot","id":"dc4f8018-c8e3-47b3-be92-4b9edc9a903d","column_groups":[],"sort":[]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype: virus AND eventtype: infected OR eventtype: scanerror OR eventtype: botnet OR eventtype: malware-list"},"name":"chart","timerange":{"type":"relative","range":0},"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"eventtype","limit":15},{"type":"values","field":"msg","limit":15},{"type":"values","field":"virus","limit":15}],"type":"pivot","id":"3c891998-cfb7-4880-9687-39cafd555b1f","column_groups":[],"sort":[{"type":"series","field":"count()","direction":"Descending"}]},{"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype:webfilter AND eventtype: ftgd_blk"},"name":"chart","timerange":{"type":"relative","range":0},"streams":[],"series":[{"type":"count","id":"count(action)","field":"action"}],"filter":null,"rollup":true,"row_groups":[{"type":"values","field":"url","limit":15},{"type":"values","field":"catdesc","limit":15}],"type":"pivot","id":"65ad093d-b798-4768-b0c5-facecea04e53","column_groups":[],"sort":[{"type":"series","field":"count(action)","direction":"Descending"}]}]}],"parameters":[],"requires":{},"owner":"admin","created_at":"2021-02-09T09:53:06.520Z"},"created_at":"2021-02-06T11:10:21.451Z","requires":{},"state":{"7d156949-6355-44c3-85f3-faaa276ba6b5":{"selected_fields":null,"static_message_list_id":null,"titles":{"widget":{"68918bde-4e4d-46c6-8919-25754bf2ddb8":"Messages for action:block","37f77247-c117-4fa6-8a0d-030124c5d62a":"Total Received Bytes per Minute","a7012a3c-8f21-44e1-aa2a-f2a07890700b":"IPs Virus list","542acb05-5113-4d51-910c-0a2085f81dec":"Log Rate","7d175bcf-88b2-4834-87c4-ca7be1042754":"Top Applications","a779fc8f-5ddb-4efb-8e56-cc0e4909434b":"Top Destination Countries","542539b9-85fe-4a7f-81a5-1c1a2ce64b68":"Top Destination Countries","de03f468-b97f-4be7-a036-760240b064bc":"Top Web filter Block","d24599e1-78c1-43f9-a534-ce3cf8db4e7c":"Untitled Message Table (copy)","3a144b5e-64dd-4157-80a1-1ff8665e5b84":"Top App-control Block ","52112ae8-767e-424f-b06e-8265bf11a9a1":"Top Subtype","5b33000e-88ff-48b5-ac48-151101d78920":"Top Web Domains","4725de8d-c265-42f3-aed8-5c3ac2b9393b":"Messages for subtype:vpn","b0bb0b39-cbe3-4606-92fd-90317ba7950d":"CPU Usage","8884b426-2c6a-42f2-b64a-37d9b82cb356":"Top Denied Categories","477e0de9-3dfd-4e37-808a-1ac6c428dc45":"Top Denied Categories","d75b04fb-4490-4d13-af10-8bb086c4db95":"Top Web Domains","30c89fe6-2b0d-40d6-9992-42e261f54439":"Top Applications","45715a81-9683-4036-b44f-4eb8449d7807":"Total Sent Bytes per Minute","25b9395d-a5c3-4b5e-a1c1-223c0f557c77":"Messages for action:block","becc0965-e2b6-4702-ab0d-876f52ce79b6":"Action","bb3d7728-b773-49eb-aba7-b42a0c7ac1bd":"Virus count"},"tab":{"title":"Top"}},"widgets":[{"id":"8884b426-2c6a-42f2-b64a-37d9b82cb356","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND subtype:\\\"webfilter\\\" AND eventtype:\\\"ftgd_blk\\\""},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"catdesc","type":"values","config":{"limit":5}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"pivot","field":"catdesc","direction":"Descending"}]}},{"id":"7d175bcf-88b2-4834-87c4-ca7be1042754","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic"},"streams":[],"config":{"visualization":"pie","event_annotation":false,"row_pivots":[{"field":"app","type":"values","config":{"limit":5}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"pivot","field":"app","direction":"Descending"}]}},{"id":"a779fc8f-5ddb-4efb-8e56-cc0e4909434b","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic subtype:forward"},"streams":[],"config":{"visualization":"pie","event_annotation":false,"row_pivots":[{"field":"dstcountry","type":"values","config":{"limit":10}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count()","direction":"Descending"}]}},{"id":"52112ae8-767e-424f-b06e-8265bf11a9a1","type":"aggregation","filter":null,"timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"subtype","type":"values","config":{"limit":15}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[]}},{"id":"3a144b5e-64dd-4157-80a1-1ff8665e5b84","type":"aggregation","filter":null,"timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype: app-ctrl And action: block"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"appcat","type":"values","config":{"limit":15}},{"field":"app","type":"values","config":{"limit":15}}],"series":[{"config":{"name":null},"function":"count(action)"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count(action)","direction":"Descending"}]}},{"id":"becc0965-e2b6-4702-ab0d-876f52ce79b6","type":"aggregation","filter":null,"timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 NOT action:client\\-rst AND NOT action:server\\-rst"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"action","type":"values","config":{"limit":15}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[]}},{"id":"d75b04fb-4490-4d13-af10-8bb086c4db95","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 subtype:webfilter"},"streams":[],"config":{"visualization":"pie","event_annotation":false,"row_pivots":[{"field":"hostname","type":"values","config":{"limit":5}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"pivot","field":"hostname","direction":"Descending"}]}},{"id":"de03f468-b97f-4be7-a036-760240b064bc","type":"aggregation","filter":null,"timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype:webfilter AND eventtype: ftgd_blk"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"url","type":"values","config":{"limit":15}},{"field":"catdesc","type":"values","config":{"limit":15}}],"series":[{"config":{"name":null},"function":"count(action)"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count(action)","direction":"Descending"}]}},{"id":"bb3d7728-b773-49eb-aba7-b42a0c7ac1bd","type":"aggregation","filter":null,"timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: utm AND subtype: virus AND eventtype: infected OR eventtype: scanerror OR eventtype: botnet OR eventtype: malware-list"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"eventtype","type":"values","config":{"limit":15}},{"field":"msg","type":"values","config":{"limit":15}},{"field":"virus","type":"values","config":{"limit":15}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count()","direction":"Descending"}]}},{"id":"5b33000e-88ff-48b5-ac48-151101d78920","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 subtype:webfilter"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"hostname","type":"values","config":{"limit":50}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count()","direction":"Descending"}]}},{"id":"30c89fe6-2b0d-40d6-9992-42e261f54439","type":"aggregation","filter":null,"timerange":{"type":"relative","range":86400},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 type:traffic subtype:forward"},"streams":[],"config":{"visualization":"table","event_annotation":false,"row_pivots":[{"field":"app","type":"values","config":{"limit":50}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[{"type":"series","field":"count()","direction":"Descending"}]}}],"widget_mapping":{"7d175bcf-88b2-4834-87c4-ca7be1042754":["90d6cbfa-f492-4330-88e1-27dd5467b171"],"a779fc8f-5ddb-4efb-8e56-cc0e4909434b":["adb57c5a-c1d2-4801-bdf3-9549acfbfc83"],"de03f468-b97f-4be7-a036-760240b064bc":["65ad093d-b798-4768-b0c5-facecea04e53"],"3a144b5e-64dd-4157-80a1-1ff8665e5b84":["39668991-6116-4e42-8de6-dd6618e93116"],"52112ae8-767e-424f-b06e-8265bf11a9a1":["dc4f8018-c8e3-47b3-be92-4b9edc9a903d"],"5b33000e-88ff-48b5-ac48-151101d78920":["b0910946-2e55-4292-9f3e-4e39eeb02e05"],"8884b426-2c6a-42f2-b64a-37d9b82cb356":["c15b75d7-4a77-4304-826a-5ccf5bede45b"],"d75b04fb-4490-4d13-af10-8bb086c4db95":["f60e2d57-24a0-4341-82c6-f0a18baf9477"],"30c89fe6-2b0d-40d6-9992-42e261f54439":["410f38cf-2080-46b9-b41a-d5366b8a6a8f"],"becc0965-e2b6-4702-ab0d-876f52ce79b6":["683e3e7e-77d5-4a38-b440-55ffc0724703"],"bb3d7728-b773-49eb-aba7-b42a0c7ac1bd":["3c891998-cfb7-4880-9687-39cafd555b1f"]},"positions":{"7d175bcf-88b2-4834-87c4-ca7be1042754":{"col":10,"row":1,"height":4,"width":3},"a779fc8f-5ddb-4efb-8e56-cc0e4909434b":{"col":10,"row":9,"height":4,"width":3},"de03f468-b97f-4be7-a036-760240b064bc":{"col":1,"row":9,"height":4,"width":4},"3a144b5e-64dd-4157-80a1-1ff8665e5b84":{"col":1,"row":5,"height":4,"width":4},"52112ae8-767e-424f-b06e-8265bf11a9a1":{"col":5,"row":5,"height":4,"width":3},"5b33000e-88ff-48b5-ac48-151101d78920":{"col":5,"row":1,"height":4,"width":3},"8884b426-2c6a-42f2-b64a-37d9b82cb356":{"col":1,"row":13,"height":4,"width":"Infinity"},"d75b04fb-4490-4d13-af10-8bb086c4db95":{"col":10,"row":5,"height":4,"width":3},"30c89fe6-2b0d-40d6-9992-42e261f54439":{"col":5,"row":9,"height":4,"width":3},"becc0965-e2b6-4702-ab0d-876f52ce79b6":{"col":8,"row":1,"height":12,"width":2},"bb3d7728-b773-49eb-aba7-b42a0c7ac1bd":{"col":1,"row":1,"height":4,"width":4}},"formatting":{"highlighting":[]},"display_mode_settings":{"positions":{}}}},"properties":[],"owner":null,"title":{"@type":"string","@value":"Fortigate"},"type":"DASHBOARD","description":{"@type":"string","@value":"Firewall Dashboards"}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"f4d857a9-87e2-4a9a-9aa9-08731e447b78","type":{"name":"event_definition","version":"1"},"v":"1","data":{"field_spec":{},"config":{"type":"aggregation-v1","query":{"@type":"string","@value":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: event AND (subtype: system OR subtype: vpn) AND (logdesc: \"Configuration changed\" OR logdesc: \"Authentication error\" OR logdesc: \"Application crashed\")"},"streams":[],"group_by":[],"series":[],"conditions":{"expression":null},"search_within_ms":600000,"execute_every_ms":600000},"priority":{"@type":"integer","@value":3},"notifications":[{"notification_id":{"@type":"string","@value":"763bd2fb-a426-4378-b988-e4cb0c9adc3e"},"notification_parameters":null}],"notification_settings":{"grace_period_ms":0,"backlog_size":0},"title":{"@type":"string","@value":"Fortigate Security warning"},"is_scheduled":{"@type":"boolean","@value":true},"key_spec":[],"storage":[{"type":"persist-to-streams-v1","streams":["000000000000000000000002"]}],"alert":{"@type":"boolean","@value":true},"description":{"@type":"string","@value":""}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"71f2e143-0769-4904-b04c-6811bad99578","type":{"name":"input","version":"1"},"v":"1","data":{"title":{"@type":"string","@value":"FortiGate"},"configuration":{"recv_buffer_size":{"@type":"integer","@value":262144},"bind_address":{"@type":"string","@value":"0.0.0.0"},"port":{"@type":"integer","@value":1500},"number_worker_threads":{"@type":"integer","@value":6}},"static_fields":{},"type":{"@type":"string","@value":"org.graylog2.inputs.raw.udp.RawUDPInput"},"global":{"@type":"boolean","@value":false},"extractors":[{"target_field":{"@type":"string","@value":"radioband"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*radioband=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTradioband"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"countapp"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*countapp=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTcountapp"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"osversion"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*osversion=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTosversion"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"url"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*url=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTurl"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"channel"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*channel=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTchannel"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcserver"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*ssrcserver=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcserver"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"source"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*devname=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsource"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"setuprate"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.*setuprate=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsetuprate"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"app"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*app=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTapp"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"sessionid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*sessionid=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsessionid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcport"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*srcport=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcport"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"type"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* type=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"severity"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*severity=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTseverity"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"bandwidth_sent"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.*bandwidth=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTbandwidth_sent"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"bandwidth_recv"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.*bandwidth=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTbandwidth_received"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"srcname"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*srcname=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcname"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstname"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*dstname=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstname"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstintfrole"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*dstintfrole=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstintfrole"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"policymode"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*policymode=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTpolicymode"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"eventtime"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*eventtime=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTeventtime"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"poluuid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*poluuid=([A-Za-z0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTpoluuid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"utmref"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*utmref=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTutmref"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"date"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* date=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdate"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"time"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* time=([0-9]*:[0-9]*:[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtime"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"osname"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* osname=(\"(.*?)\")"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"---FGTosname"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"fazlograte"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* fazlograte=(\"(.*?)\")"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"---FGTfazlograte"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"applist"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* applist=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"---FGTapplist"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"appact"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* appact=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"---FGTappact"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"action"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* action=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTaction"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"appcat"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* appcat=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTappcat"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"attack"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* attack=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTattack"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstcountry"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* dstcountry=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstcountry"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dir"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* dir=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdir"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstintf"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* dstintf=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstintf"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* dstip=([0-9]*.[0-9]*.[0-9]*.[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dtype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* dtype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdtype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"dstport"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*dstport=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdstport"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"devid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* devid=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdevid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"duration"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* duration=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTduration"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"error_reason"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* error_reason=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTerror_reason"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"eventtype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* eventtype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTeventtype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"hostname"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* hostname=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGThostname"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"identidx"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* identidx=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTidentidx"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"init"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* init=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTinit"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"file"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* file=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTfile"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"locport"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* locport=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTlocport"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"group"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* group=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTgroup"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"locip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* locip=([0-9]*.[0-9]*.[0-9]*.[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTlocip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"mode"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* mode=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTmode"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"msg"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* msg=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTmsg"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"outintf"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^. outintf=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGToutintf"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"logid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* logid=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTlogid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"peer_notif"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* peer_notif=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTpeer_notif"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"policyid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* policyid=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTpolicyid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"profile"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* profile=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTprofile"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"ref"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* ref=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTref"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"proto"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* proto=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTproto"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"quarskip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* quarskip=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTquarskip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"remip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* remip=([0-9]*.[0-9]*.[0-9]*.[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTremip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"remport"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* remport=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTremport"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"profiletype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* profiletype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTprofiletype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"result"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* result=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTresult"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"role"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* role=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTrole"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"service"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* service=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTservice"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"service"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* service=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTservice"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcintf"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* srcintf=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcintf"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"status"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* status=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTstatus"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"status"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* status=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTstatus"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"stage"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* stage=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTstage"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srccountry"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* srccountry=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrccountry"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"subtype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* subtype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsubtype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"trandisp"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* trandisp=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtrandisp"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"utmaction"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* utmaction=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTutmaction"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"transport"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* transport=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtransport"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"virus"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* virus=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTvirus"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"utmevent"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* utmevent=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTutmevent"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"xauthuser"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* xauthuser=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTxauthuser"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"vpntunnel"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* vpntunnel=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTvpntunnel"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"xauthgroup"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* xauthgroup=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTxauthgroup"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"sentbyte"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* sentbyte=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsentbyte"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"rcvdbyte"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* rcvdbyte=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTrcvdbyte"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"transip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* transip=([0-9]*.[0-9]*.[0-9]*.[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtransip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"logdesc"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* logdesc=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTlogdesc"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"rcvdpkt"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* rcvdpkt=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTrcvdpkt"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"sentpkt"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.*sentpkt=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsentpkt"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"vd"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* vd=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTvd"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"user"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* user=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTuser"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"appid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* appid=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTappid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcssid"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* rcssid=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcssid"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"apsn"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* apsn=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTapsn"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"apprisk"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* apprisk=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTapprisk"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"devname"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* devname=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdevname"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"ap"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* ap=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTap"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"devtype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* devtype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdevtype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcip"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*srcip=([0-9]*.[0-9]*.[0-9]*.[0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcip"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcintfrole"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* srcintfrole=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcintfrole"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"policytype"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* policytype=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTpolicytype"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"fwlevel"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* level=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTlevel"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"mastersrcmac"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.*mastersrcmac=(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTmastersrcmac"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"srcmac"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* srcmac=(?:(?:[A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2})"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTsrcmac"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"catdesc"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* catdesc=\"(.*)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTcatdesc"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":"memory"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* mem=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTmemory"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"cpu"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* cpu=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTcpu"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"totalsession"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* totalsession=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTtotalsession"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"disklograte"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.* disklograte=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdisklograte"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"disk"},"condition_value":{"@type":"string","@value":"action=\"perf-stats\""},"order":{"@type":"integer","@value":0},"converters":[{"type":{"@type":"string","@value":"NUMERIC"},"configuration":{}}],"configuration":{"regex_value":{"@type":"string","@value":"^.*disk=([0-9]*)"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGTdisk"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"STRING"}},{"target_field":{"@type":"string","@value":"filename"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"regex_value":{"@type":"string","@value":"^.* filename=\"(.*?)\""}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"FGT-Filename"},"type":{"@type":"string","@value":"REGEX"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}}]},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"763bd2fb-a426-4378-b988-e4cb0c9adc3e","type":{"name":"notification","version":"1"},"v":"1","data":{"title":{"@type":"string","@value":"Fortigate Security warning"},"description":{"@type":"string","@value":""},"config":{"type":"email-notification-v1","sender":{"@type":"string","@value":"[email protected]"},"subject":{"@type":"string","@value":"Graylog event notification: ${event_definition_title}"},"body_template":{"@type":"string","@value":"--- [Event Definition] ---------------------------\nTitle: ${event_definition_title}\nDescription: ${event_definition_description}\nType: ${event_definition_type}\n--- [Event] --------------------------------------\nTimestamp: ${event.timestamp}\nMessage: ${event.message}\nSource: ${event.source}\nKey: ${event.key}\nPriority: ${event.priority}\nAlert: ${event.alert}\nTimestamp Processing: ${event.timestamp}\nTimerange Start: ${event.timerange_start}\nTimerange End: ${event.timerange_end}\nFields:\n${foreach event.fields field} ${field.key}: ${field.value}\n${end}\n${if backlog}\n--- [Backlog] ------------------------------------\nLast messages accounting for this alert:\n${foreach backlog message}\n${message}\n${end}\n${end}\n"},"email_recipients":["[email protected]"],"user_recipients":[]}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"0df26736-60d3-435f-bbe2-47556f5bb55e","type":{"name":"search","version":"1"},"v":"1","data":{"summary":{"@type":"string","@value":""},"search":{"queries":[{"id":"acf20b0f-2e01-4374-8c84-3c0d33880d04","timerange":{"type":"relative","range":0},"query":{"type":"elasticsearch","query_string":"gl2_source_input:601e791d92c03962c4dc36f8 AND type: event AND (subtype: system OR subtype: vpn) AND (logdesc: \"Configuration changed\" OR logdesc: \"Authentication error\" OR logdesc: \"Application crashed\") "},"search_types":[{"query":null,"name":"chart","timerange":null,"streams":[],"series":[{"type":"count","id":"count()","field":null}],"filter":null,"rollup":true,"row_groups":[{"type":"time","field":"timestamp","interval":{"type":"auto","scaling":1}}],"type":"pivot","id":"b86659cc-e8ad-471e-b5cb-bcecc76e05d5","column_groups":[],"sort":[]},{"query":null,"name":null,"timerange":null,"offset":0,"streams":[],"filter":null,"decorators":[],"type":"messages","id":"2ba70cc8-2756-4a3d-a721-4137d3aeee86","limit":150}]}],"parameters":[],"requires":{},"owner":"admin","created_at":"2021-02-09T10:44:25.110Z"},"created_at":"2021-02-09T10:30:19.624Z","requires":{},"state":{"acf20b0f-2e01-4374-8c84-3c0d33880d04":{"selected_fields":null,"static_message_list_id":null,"titles":{"widget":{"74a61029-5289-4fa8-a7b8-21345904294e":"Message Count","f190ebcb-dddb-4ae7-ab96-b0fc14181183":"All Messages"}},"widgets":[{"id":"74a61029-5289-4fa8-a7b8-21345904294e","type":"aggregation","filter":null,"timerange":null,"query":null,"streams":[],"config":{"visualization":"bar","event_annotation":false,"row_pivots":[{"field":"timestamp","type":"time","config":{"interval":{"type":"auto","scaling":null}}}],"series":[{"config":{"name":null},"function":"count()"}],"rollup":true,"column_pivots":[],"visualization_config":null,"formatting_settings":null,"sort":[]}},{"id":"f190ebcb-dddb-4ae7-ab96-b0fc14181183","type":"messages","filter":null,"timerange":null,"query":null,"streams":[],"config":{"fields":["timestamp","source"],"show_message_row":true,"decorators":[],"sort":[{"type":"pivot","field":"timestamp","direction":"Descending"}]}}],"widget_mapping":{"74a61029-5289-4fa8-a7b8-21345904294e":["b86659cc-e8ad-471e-b5cb-bcecc76e05d5"],"f190ebcb-dddb-4ae7-ab96-b0fc14181183":["2ba70cc8-2756-4a3d-a721-4137d3aeee86"]},"positions":{"74a61029-5289-4fa8-a7b8-21345904294e":{"col":1,"row":1,"height":2,"width":"Infinity"},"f190ebcb-dddb-4ae7-ab96-b0fc14181183":{"col":1,"row":3,"height":6,"width":"Infinity"}},"formatting":null,"display_mode_settings":{"positions":{}}}},"properties":[],"owner":"admin","title":{"@type":"string","@value":"Fortigate_warning"},"type":"SEARCH","description":{"@type":"string","@value":""}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"9fba84ef-6cdb-493f-983a-2415a203c2e3","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate Application Control Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"utm"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"app-ctrl"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"f7475c93-1caf-43f6-aafa-e0f82c0bdfd8","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate Traffic Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"traffic"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"893826f8-0dc2-42ed-b39e-749bcdc47870","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate System Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"system"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"event"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"7a009359-6a10-43d8-a2b3-940570114ead","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":false},"title":{"@type":"string","@value":"Fortigate security warning"},"stream_rules":[{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"logdesc"},"value":{"@type":"string","@value":"Configuration changed"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"logdesc"},"value":{"@type":"string","@value":"Authentication error"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"EXACT"},"field":{"@type":"string","@value":"logdesc"},"value":{"@type":"string","@value":"Application crashed"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Configuration changed, Auth error, app crash"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"5e3cc41c-ef0f-482f-b03c-75a244ed1c85","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate WAN Opt. & Cache"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"wad"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"event"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"f069ac00-c9a9-44fa-b9cd-e4cd1115a646","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate User Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"user"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"event"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"df6b8e08-3185-4f81-9ca3-f65042d20a9c","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate Web Filter Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"utm"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"webfilter"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]},{"id":"16f4b310-b05e-4368-bcd1-843d7c5014ca","type":{"name":"stream","version":"1"},"v":"1","data":{"alarm_callbacks":[],"outputs":[],"remove_matches":{"@type":"boolean","@value":true},"title":{"@type":"string","@value":"Fortigate VPN Logs"},"stream_rules":[{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"type"},"value":{"@type":"string","@value":"event"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"subtype"},"value":{"@type":"string","@value":"vpn"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}},{"type":{"@type":"string","@value":"REGEX"},"field":{"@type":"string","@value":"source"},"value":{"@type":"string","@value":"FW"},"inverted":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":""}}],"alert_conditions":[],"matching_type":{"@type":"string","@value":"AND"},"disabled":{"@type":"boolean","@value":false},"description":{"@type":"string","@value":"Fortigate only Messages"},"default_stream":{"@type":"boolean","@value":false}},"constraints":[{"type":"server-version","version":">=4.0.2+1987d10"}]}]}