Cisco-IronPort-Web-Generic <_mon:gPatMon>\s+<_day:gPatDay>\s+<_time:gPatTime>\s+(?:|\s+)?IronPort-Web:\s+Info:\s+<:gPatStr>\s+<:gPatInt>\s+\s+/\s+<:gPatInt>\s+\s+\s*<_body:gPatMesgBody>]]> \s+<:gPatStr>/<_destName:gPatStr>\s+<_httpContentType:gPatStr>(?:\s+\w+:\d+)*\s+\s+\<[^\>]*\>\s+<_body:gPatMesgBody>]]> [\\]"]]> [\\]]]> \s+"*<_day:gPatDay>/<_mon:gPatMon>/<_year:gPatYear>:<_time:gPatTime>\s+[+-]<:gPatInt>"*\s+\s+"*<_httpUserAgent:gPatMesgBody>"*]]> \s+"*<_httpUserAgent:patDoubleQuot>"*\s+\s+"*<:patDoubleQuot>"*\s+"*<_day:gPatDay>/<_mon:gPatMon>/<_year:gPatYear>:<_time:gPatTime>\s+[+-]<:gPatInt>"*(?:\s+\s+)?]]> toDateTime($_mon, $_day, $_year, $_time) $_httpContentType \s+x-webcat-code-full\s+""]]> $_httpUserAgent toDateTime($_mon, $_day, $_time) Cisco-IronPort-Web-Request-Denied 5 Cisco-IronPort-Web-Request-Success 1 Cisco-IronPort-Web-Request-Success 1 Cisco-IronPort-Web-Request-Redirect 1 5 Cisco-IronPort-Web-Client-Access-Denied Cisco-IronPort-Web-Forbidden-Access-Denied Cisco-IronPort-Web-Bad-Request Cisco-IronPort-Web-Length-Reqd-Access-Denied Cisco-IronPort-Web-Client-Error 1 Cisco-IronPort-Web-Server-Error 6 1 :$]]> extractHostFromURL($infoURL) ://<:patStrEndSlash>/<:patStrEndSlash>/<:patWebApp>://<_destName:patStrEndSlashOrColon><:patWebPort>?/]]> replaceStringByRegex($_destName, "^www\.", "")