trendimsva1.sdkrfilereader.properties

###############################################################################################################
#
# Trend Micro InterScan Messaging Security Virtual Appliance FlexConnector
#Parser Author: Essole
# 
# 
# SmartConnector Type: Regex File Connector
# Dependencies: Microfocus ArcSight SmartConnector Framework at least 8.1 (For automatic IPv6 Parsing)
#
# 
# 
#This parser mainly parse Trend Micro Message Tracking logs
#
# FlexAgent Regex Configuration File

#
trim.tokens=true


regex=(\\d{4}\\s\\S+\\s+\\d+ \\d\\d:\\d\\d:\\d\\d\\s[-+]\\d+:\\d+)\\#011(\\d{4}/\\d\\d/\\d\\d\\s\\d\\d:\\d\\d:\\d\\d\\s[-+]\\d+:\\d+)\\#011(\\d{4}\\s\\S+\\s+\\d+ \\d\\d:\\d\\d:\\d\\d\\s[-+]\\d+:\\d+)\\#011(\\S+)\\#011(\\S+)\\#011(\\S+)\\#011(\\d{1})\\#011(\\S+)\\#011(\\S+)\\#011([^\\#]+)\\#011(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\\#011(\\S+):(\\d+)\\#011(\\d{3})(\\s\\S+|\\s)([^\\#]+)\\#011(\\S+)\\#011(\\S+)\\#011(\\d{1})\\#011\\#011(\\d{4}\\s\\S+\\s+\\d+ \\d\\d:\\d\\d:\\d\\d\\s[-+]\\d+:\\d+)\\#011(\\d{4}\\s\\S+\\s+\\d+ \\d\\d:\\d\\d:\\d\\d\\s[-+]\\d+:\\d+)\\#011\\#011(\\d{1})\\#011(.*)



token.count=23


token[0].name=
token[1].name=
token[2].name=

token[3].name=
token[4].name=
token[5].name=
token[6].name=

token[7].name=Sender
token[7].type=String

token[8].name=Recipient
token[8].type=String

token[9].name=Subject
token[9].type=String

token[10].name=Sender SRV IP address
token[10].type=IPAddress

token[11].name=Recipient SRV IP address
token[11].type=String

token[12].name=Recipient SRV Port
token[12].type=Integer

token[13].name=


token[14].name=Transfert code
token[14].type=String

token[15].name=Transaction Summary
token[15].type=String

token[16].name=Action Details
token[16].type=String

token[17].name=
token[18].name=
token[19].name=
token[20].name=
token[21].name=

token[22].name=Attachements
token[22].type=String

# Vendor detailsc
event.deviceVendor=__getVendor("Trend Micro")
event.deviceProduct=__stringConstant("InterScan Messaging Security Virtual Appliance")
event.deviceTimeZone=__getTimeZone(__stringConstant("UTC+1"))



event.sourceUserName=Sender

event.destinationUserName=Recipient

event.deviceCustomString2=Subject
event.deviceCustomString2Label=__stringConstant("Subject")

event.sourceAddress=Sender SRV IP address

event.deviceCustomString3=Recipient SRV IP address
event.deviceCustomString3Label=__stringConstant("Recipient server address")

event.destinationPort=Recipient SRV Port

event.deviceAction=Action Details

event.fileName=Attachements

submessage.count=3
submessage.messageid.token=Transfert code
submessage.token=Transaction Summary

submessage[0].messageid=2.6.0
submessage[0].pattern.count=1
submessage[0].pattern[0].regex=\\S+\\s\\[\\S+\\=(\\d+)\\S+\\s\\S+\\=(\\S+)\\] (\\d+)\\s\\S+ \\S+\\s\\d+\\S+\\s\\S+\\s\\S+ (\\S+\\s\\S+\\s\\S+\\s\\S+)
submessage[0].pattern[0].fields=event.externalId,event.deviceHostName,event.bytesOut,event.eventOutcome

submessage[1].messageid=2.0.0
submessage[1].pattern.count=1
submessage[1].pattern[0].regex=(\\S+\\s\\S+\\s\\S+\\s\\S+)
submessage[1].pattern[0].fields=event.eventOutcome

submessage[2].pattern.count=1
submessage[2].pattern[0].regex=(\\S+\\s\\S+\\s\\S+)
submessage[2].pattern[0].fields=event.eventOutcome



#l10n.filename.prefix=