elastic · adriansr · Dec 28, 2020 · Dec 23, 2020 · Dec 23, 2020
diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc
@@ -356,6 +356,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d
 - Fix bad `network.direction` values in Fortinet/firewall fileset. {pull}23072[23072]
 - Add support for organization and custom prefix in AWS/CloudTrail fileset. {issue}23109[23109] {pull}23126[23126]
 - Simplify regex for organization custom prefix in AWS/CloudTrail fileset. {issue}23203[23203] {pull}23204[23204]
+- Fix syslog header parsing in infoblox module. {issue}23272[23272] {pull}23273[23273]
 
 *Heartbeat*
 

diff --git a/x-pack/filebeat/module/infoblox/README.md b/x-pack/filebeat/module/infoblox/README.md
@@ -3,5 +3,5 @@
 This is a module for Infoblox NIOS logs.
 
 Autogenerated from RSA NetWitness log parser 2.0 XML infobloxnios version 134
-at 2020-07-13 17:55:37.264156 +0000 UTC.
+at 2020-12-23 15:19:50.215335 +0000 UTC.
 
diff --git a/x-pack/filebeat/module/infoblox/nios/config/pipeline.js b/x-pack/filebeat/module/infoblox/nios/config/pipeline.js
@@ -15,7 +15,7 @@ function DeviceProcessor() {
 	}
 }
 
-var dup1 = match("HEADER#0:006/0", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{p0}");
+var dup1 = match("HEADER#1:006/0", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{p0}");
 
 var dup2 = setc("eventcategory","1401070000");
 
@@ -236,16 +236,20 @@ var dup77 = match_copy("MESSAGE#225:syslog", "nwparser.payload", "event_descript
 	dup62,
 ]));
 
-var part1 = match("HEADER#0:006/1_0", "nwparser.p0", "%{hhostip} %{messageid}[%{data}]: %{p0}");
+var hdr1 = match("HEADER#0:001", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{messageid}[%{data}]: %{payload}", processor_chain([
+	setc("header_id","001"),
+]));
 
-var part2 = match("HEADER#0:006/1_1", "nwparser.p0", "%{hhostip} %{messageid}: %{p0}");
+var part1 = match("HEADER#1:006/1_0", "nwparser.p0", "%{hhostip} %{messageid}[%{data}]: %{p0}");
+
+var part2 = match("HEADER#1:006/1_1", "nwparser.p0", "%{hhostip} %{messageid}: %{p0}");
 
 var select1 = linear_select([
 	part1,
 	part2,
 ]);
 
-var part3 = match_copy("HEADER#0:006/2", "nwparser.p0", "payload");
+var part3 = match_copy("HEADER#1:006/2", "nwparser.p0", "payload");
 
 var all1 = all_match({
 	processors: [
@@ -258,10 +262,6 @@ var all1 = all_match({
 	]),
 });
 
-var hdr1 = match("HEADER#1:001", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{messageid}[%{data}]: %{payload}", processor_chain([
-	setc("header_id","001"),
-]));
-
 var hdr2 = match("HEADER#2:005", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{hdata}: %{messageid->} %{payload}", processor_chain([
 	setc("header_id","005"),
 ]));
@@ -301,8 +301,8 @@ var hdr5 = match("HEADER#6:0005", "message", "%{month->} %{day->} %{time->} %{hh
 ]));
 
 var select3 = linear_select([
-	all1,
 	hdr1,
+	all1,
 	hdr2,
 	all2,
 	hdr3,
@@ -3565,7 +3565,7 @@ var chain1 = processor_chain([
 	}),
 ]);
 
-var hdr6 = match("HEADER#0:006/0", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{p0}");
+var hdr6 = match("HEADER#1:006/0", "message", "%{month->} %{day->} %{time->} %{hhostname->} %{p0}");
 
 var part324 = match("MESSAGE#19:dhcpd:18/0", "nwparser.payload", "%{} %{p0}");
 

diff --git a/x-pack/filebeat/module/infoblox/nios/manifest.yml b/x-pack/filebeat/module/infoblox/nios/manifest.yml
@@ -7,7 +7,7 @@ var:
   - name: syslog_host
     default: localhost
   - name: syslog_port
-    default: 9532
+    default: 9512
   - name: input
     default: udp
   - name: community_id

diff --git a/x-pack/filebeat/module/infoblox/nios/test/generated.log b/x-pack/filebeat/module/infoblox/nios/test/generated.log
@@ -1,100 +1,100 @@
-January 29 06:09:59 volup208.invalid eosquir: openvpn-master OpenVPN 1.5191 [igmp] [nulapari] mwritten
-Feb 12 13:12:33 com1060.api.example 10.14.94.160 cloud_api[tur]: proxying request to atio5608.www5.localhost(10.202.204.154) eFini https://www.example.org/exe/iatu.jpg?orsitame=reprehe#rsitam ggp issusci
-Feb 26 20:15:08 ptass3168.www5.example 10.62.40.126 netauto_core[taliqu]: ommod: Attempting CLI on devicescivelwith interface not in table, ip10.13.70.213
-March 12 03:17:42 estqui6557.www.localhost -:syslog-ng equuntu
-March 26 10:20:16 mcolabor1656.www5.corp 10.56.250.70 acpid[veleumi]: tia
-Apr 9 17:22:51 tempo7542.api.host :debug tempor
-April 24 00:25:25 Cice513.api.local 10.143.220.51 openvpn-member: read igmp [occ] ect (code=reetdolo)
-May 8 07:27:59 obeataev7086.mail.invalid autfu: speedstep_control natura
-May 22 14:30:33 nibusBon7400.localhost isiu: ErrorMsg success
-June 5 21:33:08 iat1852.api.localdomain 10.64.155.245 ntpd_initres: ntpd exiting on signal 15
-June 20 04:35:42 mquisnos5771.example ntpdate[etconsec]: adjust time server 10.104.111.129 offset 61.614000 sec
-July 4 11:38:16 ite996.host kernel[umdo]: Linux version 1.3162 (umdolore) (eniam) reetdolo
-July 18 18:40:50 enim2780.www.lan rc6[eriame]: lorema
-August 2 01:43:25 atuse2703.localhost -:INFOBLOX-Grid Upgrade Complete
-Aug 16 08:45:59 llumquid3933.internal.corp :ErrorMsg failure
-August 30 15:48:33 emporinc5075.internal.host watchdog[atcu]: oremagna could not be opened, errno = ationu
-September 13 22:51:07 strude910.internal.local 10.27.72.147 shutdown: shutting down for system reboot
-September 28 05:53:42 fugit7668.www5.invalid -:ntpd_initres ntpd exiting on signal 15
-October 12 12:56:16 lpa4844.www.home :ipmievd rudexerc
-October 26 19:58:50 itaut7095.invalid 10.103.107.47 rc: executing ritatis start
-November 10 03:01:24 icab4668.local :syslog-ng isaute
-November 24 10:03:59 colabor1552.www5.local untut: phonehome lorumw
-December 8 17:06:33 inima5444.www5.lan validate_dhcpd[nihi]: Lor
-December 23 00:09:07 erc3217.internal.lan debug_mount[olupt]: mount modoco
-January 6 07:11:41 giatquov383.domain :rcsysinit riat
-January 20 14:14:16 uames499.internal.host isnostru: named accept on IPv4 interface lo1132, 10.45.25.68#1463
-February 3 21:16:50 iineavo951.internal.test 10.25.192.202 rcsysinit[intoccae]: fsck from 1.2299
-February 18 04:19:24 Loremip6417.mail.test emoeni: syslog oenimips
-March 4 11:21:59 mnisist2347.mail.host 10.142.139.20 sSMTP[temveleu]: Sent mail for colabo (eme) 
-March 18 18:24:33 reetd6051.www.example -:db_jnld Resolved conflict for replicated delete of CNAME "maccusa" in zone "uptat"
-April 2 01:27:07 xerci0.mail.example :init olorema
-April 16 08:29:41 datatn5076.internal.example 10.122.46.71 snmptrapd: NET-SNMP version 1.2807 ihilm
-April 30 15:32:16 ercit2385.internal.home rsyncd[run]: building file list
-May 14 22:34:50 quisnos4590.mail.domain nnum: httpd eritqu
-May 29 05:37:24 wri2784.api.domain hitect: restarting dol
-June 12 12:39:58 asun1250.api.localdomain rc3[oluptate]: onseq
-June 26 19:42:33 emoe6540.www.domain -:diskcheck itanimi
-July 11 02:45:07 intoc2428.domain scheduled_backups[dantiumt]: Backup to luptasn was successful - Backup file equat
-July 25 09:47:41 ento4488.www5.localhost eriamea: rc6 amre
-August 8 16:50:15 boris5916.www5.example 10.2.53.125 controld[uioffi]: Distribution Complete
-August 22 23:52:50 temqu3331.api.host ipi: phonehome reseos
-September 6 06:55:24 iutali2138.www.localdomain db_jnld[liquide]: Resolved conflict for replicated delete of CNAME "etdol" in zone "uela"
-September 20 13:57:58 radi1512.mail.example 10.101.74.101 openvpn-member: read rdp [ris] uamqu (code=lor)
-October 4 21:00:32 quaturve2798.internal.localdomain :scheduled_backups Backup to sin was successful - Backup file rvel
-October 19 04:03:07 onsecte7184.mail.domain uptasn: syslog-ng reme
-November 2 11:05:41 eveli265.www5.localdomain nse: ipmievd non
-Nov 16 18:08:15 derit4688.mail.localhost 10.57.42.152 cloud_api[didunt]: proxying request to uptatema6843.www.host(10.74.104.215) xeacomm https://internal.example.net/nofdeFin/sequam.txt?idex=mfugiat#nisiuta tcp rroquis
-December 1 01:10:49 llumdolo4824.internal.lan -:shutdown shutting down for system reboot
-December 15 08:13:24 evolup4403.local 10.121.203.60 INFOBLOX-Grid[smo]: Upgrade to etcons
-December 29 15:15:58 tur90.www.home :rsyncd connect from ariatu4198.example (10.81.202.38)
-January 12 22:18:32 nonn839.api.corp 10.35.99.92 smart_check_io: temquiav
-January 27 05:21:06 adm7744.mail.domain 10.26.87.161 rcsysinit: isc
-February 10 12:23:41 ios6980.example 10.246.64.161 watchdog: deny, pid = 845
-February 24 19:26:15 osquira6030.internal.corp diskcheck[com]: tnulapa
-March 11 02:28:49 squirati63.mail.lan watchdog[nbyCic]: utlabor
-March 25 09:31:24 lup2134.www.localhost rc[upida]: executing tvolupt start
-April 8 16:33:58 umdo4017.www.local snmptrapd[ati]: uine
-April 22 23:36:32 loreme853.www5.localdomain ven: snmptrapd con
-May 7 06:39:06 orumSe728.internal.test 10.157.18.252 openvpn-master[itess]: read icmp [evit]: runtm (code=molli)
-May 21 13:41:41 oremi7400.www.local 10.219.233.80 acpid[ineavo]: pexe
-June 4 20:44:15 ess651.test 10.95.66.217 in.tftpd[reprehen]: connection refused from 10.143.187.97
-June 19 03:46:49 epre6970.www.example 10.53.43.139 serial_console[atatn]: RADIUS authentication succeeded for user temUt
-July 3 10:49:23 tali7803.www.localdomain its: httpd ender
-July 17 17:51:58 orumSe1495.www5.local :init dutp
-August 1 00:54:32 veli2530.www.host -:init eumiure
-August 15 07:57:06 uradi6198.test tiaec: ntpd frequency initialized success from psum
-August 29 14:59:40 umSe1918.local itau: ntpd ntpd exiting on signal 2836
-September 12 22:02:15 nBCSedut1502.www5.example :dhcpd received shutdown -/-/ failure
-September 27 05:04:49 odoconse228.mail.localdomain veli: syslog-ng tenim
-October 11 12:07:23 miurerep1152.internal.domain -:pidof can't read sid from utlab
-October 25 19:09:57 cteturad4074.mail.host nreprehe: validate_dhcpd tetu
-November 9 02:12:32 itation6137.home osqui: debug_mount mount sequat
-sshd: Sleep 60 seconds for slowing down ssh login
-December 7 16:17:40 dun1276.api.localdomain inimveni: ntpd time slew failure
-December 21 23:20:14 iquidexe304.mail.test 10.195.64.5 smart_check_io: oreetd
-January 5 06:22:49 moenimi2558.mail.domain :radiusd gna
-Jan 19 13:25:23 preh2690.api.localdomain captured_dns_uploader[mac]: qui
-February 2 20:27:57 rem3032.mail.domain 10.203.65.161 kernel: Linux version 1.7214 (ica) (lillum) remips
-February 17 03:30:32 tetur2694.mail.local ipi: openvpn-member OpenVPN 1.7727 [ipv6-icmp] [uaeab] itinv
-March 3 10:33:06 utaliqu6138.mail.localhost nvolupt: pidof can't read sid from oremi
-March 17 17:35:40 niamqui7678.invalid -:scheduled_scp_backups Scheduled backup to the pid was successful - Backup file rExc
-April 1 00:38:14 tame4953.mail.localhost prehen: restarting ntutlabo
-April 15 07:40:49 loi7596.www5.home 10.31.177.226 scheduled_backups[deserun]: Backup to esseq was successful - Backup file adminima
-Apr 29 14:43:23 mmodoc4947.internal.test ErrorMsg[atu]: unknown
-May 13 21:45:57 olorem2760.www5.test quunt: ntpd_initres ntpd exiting on signal 15
-May 28 04:48:31 dol3346.www.lan scheduled_ftp_backups[olorese]: Scheduled backup to the ori failed - unknown.
-June 11 11:51:06 ercit6496.api.local ugiatn: scheduled_scp_backups Scheduled backup to the midestl was successful - Backup file dictasun
-June 25 18:53:40 ectiono2241.lan -:rcsysinit fsck from 1.1674
-Jul 10 01:56:14 alorum4439.corp :captured_dns_uploader atDu
-July 24 08:58:48 agnaaliq1829.mail.test :ntpd_initres ntpd exiting on signal 15
-August 7 16:01:23 col3570.www.invalid tinvolup: sSMTP Sent mail for tsed (inv) uid=rroq username=rcit outbytes=2807
-August 21 23:03:57 mipsamvo4282.api.home reetdo: init oreveri
-September 5 06:06:31 Except6889.www.corp -:rc3 umetMal
-Sep 19 13:09:05 umq1309.api.test uae: debug mve
-October 3 20:11:40 ugit5828.www5.test rc[asnu]: executing hitec start
-October 18 03:14:14 ntexplic4824.internal.localhost :ntpd_initres ntpd exiting on signal 15
-November 1 10:16:48 archite1843.mail.home isqua: radiusd uta
-November 15 17:19:22 derit5270.mail.local 10.105.52.140 rcsysinit: ntexpl
-November 30 00:21:57 itanim4024.api.example 10.180.101.232 ntpdate: adjust time server 10.156.34.19 offset 98.036000 sec
-sshd[saquaea]: Did not receive identification string from 10.222.251.114
+January 29 06:09:59 doeiu3942.localdomain -:rc executing eporr start
+February 12 13:12:33 tia7019.www.invalid :diskcheck quis
+February 26 20:15:08 dolo1720.api.example 10.250.162.122 logger: com
+March 12 03:17:42 ratio1111.localdomain -:diskcheck atio
+March 26 10:20:16 tconsec5932.mail.domain shutdown[uam]: shutting down for system reboot
+April 9 17:22:51 llu4762.mail.localdomain snmptrapd[scivel]: NET-SNMP version 1.5695 aperi
+April 24 00:25:25 estqui6557.www.localhost -:syslog-ng equuntu
+May 08 07:27:59 mcolabor1656.www5.corp netauto_discovery[giatq]: quid:fug(uatDuis)10.68.114.91/veri: SNMP Credentials: Failed to authenticate
+May 22 14:30:33 exercit4665.internal.domain -:scheduled_ftp_backups Scheduled backup to the eetd was successful - Backup file eip
+June 5 21:33:08 iutal13.api.localdomain python[eacomm]: Utenimad: nibusBon.ehend [ueipsaqu]: Populated uidolore niamqu222.localdomain DnsView=tevelit
+June 20 04:35:42 boree6686.www5.host ntpd[iinea]: ipit
+July 4 11:38:16 itlabori2344.mail.invalid -:openvpn-member OpenVPN 1.4105 [icmp] [aper] essequ
+July 18 18:40:50 tessec3539.home nsect: rc6 ntutl
+August 2 01:43:25 siuta2896.www.localhost -:ntpd ntpd exiting on signal 2946
+August 16 08:45:59 strude910.internal.local pidof[ittenbyC]: can't read sid from aperi
+August 30 15:48:33 lores1409.www.home :sSMTP etc
+September 13 22:51:07 nimadmin1493.www5.example rc3[lpa]: entsu
+September 28 05:53:42 mqui4683.www.localhost tasuntex: kernel sunt
+October 12 12:56:16 incidi2966.www.test controld[olupt]: Distribution Complete
+October 26 19:58:50 ugiatnu5252.internal.localdomain -:syslog erc
+November 10 03:01:24 aperia4409.www5.invalid :controld Distribution Started
+November 24 10:03:59 emagnama4259.example 10.206.136.206 dhcpd: Average suntinc dynamic DNS update latency: success micro seconds
+December 8 17:06:33 isno2228.home nnu: smart_check_io dolo
+December 23 00:09:07 amvolup7700.www5.corp 10.19.194.101 rsyncd: rsync on orinrepr from conse2991.internal.lan (10.116.104.101)
+January 6 07:11:41 tat7551.internal.local rc6[itinvo]: mdolore
+January 20 14:14:16 siarchi2289.mail.lan debug_mount[olupta]: mount mipsumd
+February 3 21:16:50 remi2114.local ionevo: ntpd ntpd exiting on signal 3219
+February 18 04:19:24 dolor2707.api.localhost httpd[commod]: 2017-2-18 4:19:24.adol [doloremi]: Login_Denied - - to=luptasn ip=10.153.111.103 info=itquiin
+March 4 11:21:59 que651.www5.host init[etconse]: tincu
+Mar 18 18:24:33 asun1250.api.localdomain DIS[oluptate]: onseq:serunt: Deviceaquaeabi/10.171.157.74login failurefailure
+April 2 01:27:07 ento4488.www5.localhost :rc6 eriamea
+April 16 08:29:41 pisciv7108.lan 10.140.136.44 named: client 10.31.14.36#2285/key dhcp_updater_default: signer "vitaedi" approved
+April 30 15:32:16 veniamq1608.www.localdomain colab: diskcheck ommodico
+May 14 22:34:50 tin183.api.corp netauto_discovery[sperna]: eabilloi:estia(tper)10.163.5.243/osqui: SNMP Credentials: Failed to authenticate
+May 29 05:37:24 fdeFi1123.api.domain INFOBLOX-Grid[etdol]: Started distribution on member with IP address 10.177.36.38
+June 12 12:39:58 aevit37.www5.test ati: kernel Linux version 1.6668 (gel) (lorsitam) mpo
+June 26 19:42:33 aliquam1364.api.corp -:syslog eratv
+July 11 02:45:07 uir1374.mail.domain -:smart_check_io quiratio
+July 25 09:47:41 nse2256.www.localdomain equat: db_jnld Resolved conflict for replicated delete of TXT "derit" in zone "dexea"
+August 8 16:50:15 lapar1024.www5.local intocc: sSMTP Unable to locate liqu2936.api.localdomain.
+August 22 23:52:50 tDuisaut3296.www.invalid scheduled_ftp_backups[imvenia]: Scheduled backup to the spi was successful - Backup file stquido
+September 6 06:55:24 upta3300.www.home 10.233.48.103 diskcheck: leumiur
+September 20 13:57:58 vita2681.www5.local tobea: controld Distribution Complete
+October 4 21:00:32 ersp3536.www5.lan 10.93.90.240 rsyncd: sent 1792 bytes received 7387 bytes total size tes
+Oct 19 04:03:07 tnulapa7592.www.local DIS[eriti]: litessec: itas: Attempting discover-now for 10.251.106.205 on mporin, using session ID
+November 2 11:05:41 roid6604.www.test -:syslog Nemoenim
+November 16 18:08:15 nihil657.domain validate_dhcpd[rsitv]: iciade
+December 1 01:10:49 ven660.api.lan amnih: watchdog cancel, pid = 3981
+December 15 08:13:24 atatn7364.internal.localdomain debug_mount[ofdeFin]: mount essequam
+December 29 15:15:58 umqu301.internal.home init[inesci]: isnisi
+January 12 22:18:32 riamea1540.www.host -:ntpd_initres ntpd exiting on signal 15
+January 27 05:21:06 siut5663.local piscinge: rcsysinit fsck from 1.271
+February 10 12:23:41 cinge7339.api.corp -:diskcheck vitaedi
+February 24 19:26:15 dolore7072.www5.localhost ect: logger modocons
+March 11 02:28:49 odoconse228.mail.localdomain -:syslog-ng veli
+March 25 09:31:24 labo267.internal.localhost httpd[etdo]: 2018-3-25 9:31:24.par [lorin]: Login_Denied - - to=pitl ip=10.204.128.215 info=ama
+Apr 8 16:33:58 roidents6540.internal.corp -:debug tametcon
+April 22 23:36:32 miurerep1152.internal.domain pidof[utlab]: can't read sid from emUteni
+May 07 06:39:06 inimve2352.lan :captured_dns_uploader mco
+May 21 13:41:41 amcorp1275.www5.host netauto_core[liqua]: netautoctl:olo
+Jun 04 20:44:15 fdeF593.internal.lan DIS[niamq]: lapariat: remagn: Attempting discover-now for 10.238.140.186 on tiaec, using session ID
+June 19 03:46:49 upt4986.mail.corp ntpdate[idunt]: luptat
+July 3 10:49:23 lillum7809.mail.local taedicta: logger ritt
+July 17 17:51:58 tetur2694.mail.local ipi: openvpn-member OpenVPN 1.7727 [ipv6-icmp] [uaeab] itinv
+August 1 00:54:32 utaliqu6138.mail.localhost nvolupt: pidof can't read sid from oremi
+August 15 07:57:06 atcupi2332.mail.localdomain -:INFOBLOX-Grid Upgrade to ore
+August 29 14:59:40 luptatem6874.mail.test purge_scheduled_tasks[dat]: Scheduled tasks have been purged
+September 12 22:02:15 tame4953.mail.localhost prehen: restarting ntutlabo
+September 27 05:04:49 sequa1715.www5.domain sshd[eirure]: Accepted password for root from 10.210.113.252 port 4184 udp
+October 11 12:07:23 tconsec5315.internal.example :kernel Linux version 1.341 (fugi) (labo) nostrud
+October 25 19:09:57 cupi1867.www5.test :rcsysinit orroq
+November 9 02:12:32 rcit2043.api.home 10.107.45.175 smart_check_io: ssecil
+November 23 09:15:06 mes4801.internal.test 10.243.121.97 python: cancel: FQDN='illu4875.api.host', View='tatevel'
+December 7 16:17:40 its7867.internal.invalid 10.44.115.94 debug_mount: mount isn
+Dec 21 23:20:14 equ4808.www.localhost DIS[siuta]: urmagn:dquia: Devicetemporin/10.46.166.75login failuresuccess
+Jan 05 06:22:49 idi7668.www5.test rum: captured_dns_uploader eataevi
+January 19 13:25:23 iqu4614.www5.example 10.60.211.199 init: modocon
+February 2 20:27:57 agnaaliq1829.mail.test :ntpd_initres ntpd exiting on signal 15
+February 17 03:30:32 col3570.www.invalid tinvolup: sSMTP Sent mail for tsed (inv) uid=rroq username=rcit outbytes=2807
+March 3 10:33:06 mipsamvo4282.api.home reetdo: init oreveri
+March 17 17:35:40 Except6889.www.corp -:rc3 umetMal
+Apr 1 00:38:14 umq1309.api.test uae: debug mve
+April 15 07:40:49 tatem4180.www.home 10.102.166.19 python: deny: FQDN='eritatis6343.api.local', View='mquisn'
+April 29 14:43:23 quir7168.api.localdomain labore: syslog uela
+May 13 21:45:57 iuntNequ7202.api.domain -:controld Distribution Complete
+May 28 04:48:31 veniamq1236.invalid emo: radiusd itq
+June 11 11:51:06 nderiti409.api.domain -:syslog Cic
+June 25 18:53:40 tatem6156.www.local :dhcpd received shutdown -/-/ success
+July 10 01:56:14 uamnihil6127.api.domain 10.29.119.245 python: accept: 'olli3116.internal.example' in view 'rsp'.
+Jul 24 08:58:48 roquisqu1205.api.domain netauto_core[nim]: utaliqu: Attempting CLI on devicersiwith interface not in table, ip10.118.155.14
+August 7 16:01:23 suntex5169.www.example phonehome[esci]: uov
+August 21 23:03:57 fici5161.www5.example olup: debug_mount mount aco
+September 5 06:06:31 orsi7617.www5.corp lorsita: shutdown shutting down for system reboot
+September 19 13:09:05 osamnis4912.mail.host npr: radiusd etconsec
+Oct 03 20:11:40 urExcept6809.www5.corp captured_dns_uploader[atcupida]: tessequa
+Oct 18 03:14:14 icab3519.localdomain dhcpdv6[plicaboN]: Encapsulated Renew message from 2001:db8::b1f51444:f88dd359 port 2496 from client DUID acommo, transaction ID isi
+November 1 10:16:48 abor4353.www5.host ame: python tesseq
+November 15 17:19:22 olorem290.api.lan sshd[culpaqui]: deny: logout() unknown
+November 30 00:21:57 ventore3612.www.home purge_scheduled_tasks[emp]: Scheduled tasks have been purged
+Dec 14 07:24:31 uptatem4483.localhost tacacs_acct[inrepr]: mol: Server 10.111.52.69 port 6073: asperna