You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
87 lines
2.3 KiB
87 lines
2.3 KiB
[wineventlog_security_signature_id]
|
|
filename = wineventlog_security_signature_id.csv
|
|
|
|
[wineventlog_security_signature_sub_id]
|
|
filename = wineventlog_security_signature_sub_id.csv
|
|
|
|
[wineventlog_sourcetype_vendor_product]
|
|
filename = wineventlog_sourcetype_vendor_product.csv
|
|
|
|
[wineventlog_app]
|
|
filename = wineventlog_app.csv
|
|
|
|
[wineventlog_vendor_severity_id]
|
|
filename = wineventlog_vendor_severity_id.csv
|
|
|
|
[xmleventlog_updatelist]
|
|
REGEX = <updatelist xmlns='[^']+'>([^<]+)<\/updatelist>
|
|
FORMAT = updatelist::"$1"
|
|
|
|
[xmleventlog_signature_signature_id]
|
|
SOURCE_KEY = updatelist
|
|
REGEX = -\s(.*?\((KB\S+)\))
|
|
FORMAT = signature::"$1" signature_id::"$2"
|
|
MV_ADD = true
|
|
|
|
[windowsupdatelog_signature_message]
|
|
REGEX = (?:Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on .*?|Restart Required: To complete the installation of the following updates, the computer must be restarted. Until this computer has been restarted, Windows cannot search for or download new updates: .*?|Restart Required: To complete the installation of the following updates, the computer will be restarted within \d+ minutes:.*?)(-.*)
|
|
FORMAT = signature_message::"$1"
|
|
|
|
[windowsupdatelog_signature_signature_id]
|
|
SOURCE_KEY = signature_message
|
|
REGEX = -\s(.*?\((KB\S+)\))
|
|
FORMAT = signature::"$1" signature_id::"$2"
|
|
MV_ADD = true
|
|
|
|
[windowsupdatelog_status]
|
|
filename = windowsupdatelog_status.csv
|
|
|
|
[windows_msdhcp_id]
|
|
filename = windows_msdhcp_id.csv
|
|
|
|
[dhcpsrvlog_discard_headers]
|
|
REGEX = ^(ID|#)
|
|
DEST_KEY = queue
|
|
FORMAT = nullQueue
|
|
|
|
[dchpsrvlog_dest_nt_host_as_dest]
|
|
SOURCE_KEY = dest_nt_host
|
|
REGEX = (.+)
|
|
FORMAT = dest::"$1"
|
|
MV_ADD = true
|
|
|
|
[dchpsrvlog_dest_ip_as_dest]
|
|
SOURCE_KEY = dest_ip
|
|
REGEX = (.+)
|
|
FORMAT = dest::"$1"
|
|
MV_ADD = true
|
|
|
|
[dchpsrvlog_dest_mac_as_dest]
|
|
SOURCE_KEY = dest_mac
|
|
REGEX = (.+)
|
|
FORMAT = dest::"$1"
|
|
MV_ADD = true
|
|
|
|
[windows_object_category]
|
|
filename = windows_object_category.csv
|
|
|
|
[windows_status]
|
|
filename = windows_status.csv
|
|
default_match = failure
|
|
min_matches = 1
|
|
max_matches = 1
|
|
|
|
[windows_timesync_action]
|
|
filename = windows_timesync_action.csv
|
|
match_type = WILDCARD(last_sync_error)
|
|
max_matches = 1
|
|
|
|
[windows_vendor_action]
|
|
filename = windows_vendor_action.csv
|
|
|
|
[windows_service_startmode]
|
|
filename = windows_service_startmode.csv
|
|
|
|
[windows_service_status]
|
|
filename = windows_service_status.csv
|