{
"extractors": [
{
"title": "Event-Source",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "EventSource",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Event-Source"
},
{
"title": "Acct-Session-Id",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "AcctSessionId",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Acct-Session-Id"
},
{
"title": "Acct-Multi-Session-Id",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "AcctMultiSessionId",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Acct-Multi-Session-Id"
},
{
"title": "Called-Station-Id",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "CalledStationId",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Called-Station-Id"
},
{
"title": "Class",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "Class",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Class"
},
{
"title": "NP-Policy-Name",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "NPPolicyName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "NP-Policy-Name"
},
{
"title": "Connect-Info",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ConnectInfo",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Connect-Info"
},
{
"title": "Calling-Station-Id",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "CallingStationId",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Calling-Station-Id"
},
{
"title": "NAS-IP-Address",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "NASIPAddress",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "NAS-IP-Address"
},
{
"title": "Proxy-Policy-Name",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ProxyPolicyName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Proxy-Policy-Name"
},
{
"title": "Client-IP-Address",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ClientIPAddress",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Client-IP-Address"
},
{
"title": "Client-Friendly-Name",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ClientFriendlyName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Client-Friendly-Name"
},
{
"title": "Framed-MTU",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "FramedMTU",
"extractor_config": {
"regex_value": "(\\d*)"
},
"condition_type": "string",
"condition_value": "Framed-MTU"
},
{
"title": "Quarantine-Update-Non-Compliant",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Boolean"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "QuarantineUpdateNonCompliant",
"extractor_config": {
"regex_value": "([01])"
},
"condition_type": "string",
"condition_value": "Quarantine-Update-Non-Compliant"
},
{
"title": "Client-Vendor",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Vendor"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ClientVendor",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Client-Vendor"
},
{
"title": "Provider-Type",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Provider-Type"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ProviderType",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Provider-Type"
},
{
"title": "Authentication-Type",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Authentication-Type"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "AuthenticationType",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Authentication-Type"
},
{
"title": "Packet-Type",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Packet-Type"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "PacketType",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Packet-Type"
},
{
"title": "Reason-Code",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Reason-Code"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ReasonCode",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Reason-Code"
},
{
"title": "NAS-Port-Type",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "NAS-Port-Type"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "NASPortType",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "NAS-Port-Type"
},
{
"title": "Service-Type",
"extractor_type": "regex",
"converters": [
{
"type": "lookup_table",
"config": {
"lookup_table_name": "Service-Type"
}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ServiceType",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Service-Type"
},
{
"title": "Session-Timeout",
"extractor_type": "regex",
"converters": [
{
"type": "numeric",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "SessionTimeout",
"extractor_config": {
"regex_value": "(\\d+)"
},
"condition_type": "string",
"condition_value": "Session-Timeout"
},
{
"title": "Connect-Info",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ConnectInfo",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Connect-Info"
},
{
"title": "Framed-IP-Address",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "FramedIPAddress",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Framed-IP-Address"
},
{
"title": "NAS-IPv6-Address",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "NASIPv6Address",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "NAS-IPv6-Address"
},
{
"title": "NPS Timestamp",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "nps_timestamp",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Timestamp data_type"
},
{
"title": "EAP-Friendly-Name",
"extractor_type": "regex",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "EAPFriendlyName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "EAP-Friendly-Name"
},
{
"title": "SAM-Account-Name",
"extractor_type": "regex",
"converters": [
{
"type": "lowercase",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "SAMAccountName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "SAM-Account-Name"
},
{
"title": "User-Name",
"extractor_type": "regex",
"converters": [
{
"type": "lowercase",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "UserName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "User-Name"
},
{
"title": "Computer-Name",
"extractor_type": "regex",
"converters": [
{
"type": "lowercase",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "ComputerName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Computer-Name"
},
{
"title": "Connect String Parser",
"extractor_type": "grok",
"converters": [],
"order": 0,
"cursor_strategy": "copy",
"source_field": "ConnectInfo",
"target_field": "",
"extractor_config": {
"grok_pattern": "CONNECT %{DATA:DataRate} / %{DATA:IEEEStandard} / RSSI: %{INT:RSSI} / Channel: %{INT:Channel}",
"named_captures_only": true
},
"condition_type": "string",
"condition_value": "CONNECT"
},
{
"title": "Fully-Qualifed-User-Name",
"extractor_type": "regex",
"converters": [
{
"type": "lowercase",
"config": {}
}
],
"order": 0,
"cursor_strategy": "copy",
"source_field": "message",
"target_field": "FullyQualifedUserName",
"extractor_config": {
"regex_value": "(.*)"
},
"condition_type": "string",
"condition_value": "Fully-Qualifed-User-Name"
}
],
"version": "5.2.5"
}