?device=\s+severity=<_eventSeverity:gPatStr>\s+from=\s+trigger=<:gPatStr>\s+log="<_body:gPatMesgBody>"]]> ?<_body:gPatMesgBody>]]> -<_mon:gPatMonNum>-<_day:gPatDay>]]> \)]]> UTC toDateTime($_mon, $_day, $_year, $_time, $_tz) FortiWeb-Generic $]]> combineMsgId("FortiWeb-", $_logId) link <_status:gPatWord>]]> combineMsgId($eventType, "-", $_status) \(<_util:gPatInt>\))?]]> combineMsgId($eventType, "-high") .*?<_util:gPatInt>)?]]> combineMsgId($eventType, "-low") $_util $_util combineMsgId($eventType, "-download-log") combineMsgId($eventType, "-download-cert") combineMsgId($eventType, "-", $status) combineMsgId($eventType, "-virus-database") combineMsgId($eventType, "-extended-virus-database") combineMsgId($eventType, "-virus-engine") combineMsgId($eventType, "-", $_action) 1 0 1 combineMsgId($eventType, "-SYN-Flood-Stopped") combineMsgId($eventType, "-SYN-Flood-Start") convertStrToIntIpProto($_proto) $_user add($sentBytes64, $recvBytes64) 9 7 5 3 extractHostFromURL($infoURL)