Cisco-IronPort-Web-Generic
<_mon:gPatMon>\s+<_day:gPatDay>\s+<_time:gPatTime>\s+(?:|\s+)?IronPort-Web:\s+Info:\s+<:gPatStr>\s+<:gPatInt>\s+\s+/\s+<:gPatInt>\s+\s+\s*<_body:gPatMesgBody>]]>
\s+<:gPatStr>/<_destName:gPatStr>\s+<_httpContentType:gPatStr>(?:\s+\w+:\d+)*\s+\s+\<[^\>]*\>\s+<_body:gPatMesgBody>]]>
[\\]"]]>
[\\]]]>
\s+"*<_day:gPatDay>/<_mon:gPatMon>/<_year:gPatYear>:<_time:gPatTime>\s+[+-]<:gPatInt>"*\s+\s+"*<_httpUserAgent:gPatMesgBody>"*]]>
\s+"*<_httpUserAgent:patDoubleQuot>"*\s+\s+"*<:patDoubleQuot>"*\s+"*<_day:gPatDay>/<_mon:gPatMon>/<_year:gPatYear>:<_time:gPatTime>\s+[+-]<:gPatInt>"*(?:\s+\s+)?]]>
toDateTime($_mon, $_day, $_year, $_time)
$_httpContentType
\s+x-webcat-code-full\s+""]]>
$_httpUserAgent
toDateTime($_mon, $_day, $_time)
Cisco-IronPort-Web-Request-Denied
5
Cisco-IronPort-Web-Request-Success
1
Cisco-IronPort-Web-Request-Success
1
Cisco-IronPort-Web-Request-Redirect
1
5
Cisco-IronPort-Web-Client-Access-Denied
Cisco-IronPort-Web-Forbidden-Access-Denied
Cisco-IronPort-Web-Bad-Request
Cisco-IronPort-Web-Length-Reqd-Access-Denied
Cisco-IronPort-Web-Client-Error
1
Cisco-IronPort-Web-Server-Error
6
1
:$]]>
extractHostFromURL($infoURL)
://<:patStrEndSlash>/<:patStrEndSlash>/<:patWebApp>://<_destName:patStrEndSlashOrColon><:patWebPort>?/]]>
replaceStringByRegex($_destName, "^www\.", "")