syslog ^.*\/box_Firewall_Activity cgfw-firewall-activity type=([\w\s]+) Type cgfw-firewall-activity proto=([\w\s]+) L4Protocol cgfw-firewall-activity srcIF=([\w\s]+) SourceInterface cgfw-firewall-activity srcIP=([\d\.]+) srcip cgfw-firewall-activity srcPort=([\d\s]+) srcport cgfw-firewall-activity srcMAC=([\w\d:]+) SourceMAC cgfw-firewall-activity dstIP=([\d\.]+) dstip cgfw-firewall-activity dstPort=([\w\s]+) dstport cgfw-firewall-activity dstService=([\w\s]+) DestinationService cgfw-firewall-activity dstIF=([\w\s]+) DestinationInterface cgfw-firewall-activity rule=([\w\s\-]+) FirewallRule cgfw-firewall-activity info=([\w\s]+) Info cgfw-firewall-activity srcNAT=([\d\.]+) SourceNAT cgfw-firewall-activity dstNAT=([\d\.]+) DestinationNAT cgfw-firewall-activity duration=([\d]+) Duration cgfw-firewall-activity count=([\d]+) Count cgfw-firewall-activity receivedBytes=([\d]+) ReceivedBytes cgfw-firewall-activity sentBytes=([\d]+) SentBytes cgfw-firewall-activity receivedPackets=([\d]+) ReceivedPackets cgfw-firewall-activity sentPackets=([\d]+) SentPackets cgfw-firewall-activity user=([\w\s]+) User cgfw-firewall-activity protocol=([\w\s]+) L7Protocol cgfw-firewall-activity application=([\w\s]+) Application cgfw-firewall-activity target=([\w\s]+) Target cgfw-firewall-activity content=([\w\s]+) Content cgfw-firewall-activity urlcat=([\w\s]+) URLCategory